Allow users to initiate container security scans and policies when manually pushing Docker images to container registries

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Proposal

Summary

There should be functionality that allows for users to monitor manual docker push events to container registries on a more granular basis and trigger container scans from those manual pushes. Out of the box, Container registry notifications seems to report all manual docker push events in a single group, but doesn't allow for one to kick off container scans given that manual docker push

Problem

Although we can get notifications via webhook with the registry['notifications'] setting in the gitlab.rb file based on the documentation, it looks like we have to manually create a python application (or similar application) that listens on a webhook, filter that notification request JSON based on the project name and use python-gitlab to kick off a container scan on that project where the manual push was targeted.

Proposed Solution

• Include a separate listener on container registries that listens for manual docker push events that we can also use to configure a corresponding container scan.

Benefits

• Gets rid of the need to configure a custom webhook application to parse notification JSON
• Add wider functionality to scan containers that are manually pushed to the container registry
• Improves efficiency by getting rid of the need to manually scan a container that has been manually pushed to a container registry