Use security policy bot for Container scanning for registry job (!167602) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Use security policy bot for Container scanning for registry job.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

How to set up and validate locally

Enable container scanning for registry feature from security settings.
Push a container image with latest tag.
After a minute, a pipeline will start.
Pipeline should be started as bot user.

Alternative way to test:

Run following code in console

 AppSec::ContainerScanning::ScanImageService.new(
   image: 'registry.gitlab.com/atiwari71/container-scanning-test/alpine1-main:07ed52de64553270a76a364d0ce15b3e89988901',
   project_id: Project.last.id
 ).execute

https://gitlab.com/gitlab-org/gitlab/-/issues/481959

Edited Oct 30, 2024 by Aditya Tiwari

Use security policy bot for Container scanning for registry job

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Alternative way to test:

Merge request reports