change to container security scanning
Problem to solve
Currently working with security on how to scan our containers and working to use gitlab to fulfill this need. The use of a 3rd party to do the clair scanning is causing worry.
Further details
Right now the docker scanning uses a 3rd party clair repository and it is of some concern to my customers.
Proposal
Move to a gitlab managed version of the solution. Setup a workflow that maintains the containers same as the arminc repos but have all it hosted at gitlab.com
What does success look like, and how can we measure that?
see above.