Remove container-image: from location on the Dependency List (!79767) · Merge requests · GitLab.org / GitLab

Alan (Maciej) Paruszewski requested to merge 349002-remove-container-image-from-dep-list into master Feb 02, 2022

What does this MR do and why?

This MR removes container-image: prefix from dependency location on the Dependency List when dependencies were found in container image (using container-scanning analyzer).

Screenshots or screen recordings

Before

After

How to set up and validate locally

Create new project.
Configure Container-Scanning in .gitlab-ci.yml file:

variables:
    DOCKER_IMAGE: alpine:3.12.0

include:
    - template: Security/Container-Scanning.gitlab-ci.yml

Run the pipeline
Go to Security & Compliance -> Dependency list
Take a look at the location field.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #349002 (closed)

Edited Feb 03, 2022 by Alan (Maciej) Paruszewski

Remove container-image: from location on the Dependency List