Update the CS vendored template to use the CS tool
Problem to solve
The Container Scanning uses obsolete script that invokes the clair-scanner
and its dependencies directly. But a new Container Scanning tool has been released in #9244 (closed) and it should be used by GitLab's Container Scanning vendored template.
Intended users
Further details
Depends on https://gitlab.com/gitlab-org/gitlab-ee/issues/10915: a working test project for the Container Scanning tool should be created and verified to ensure that new product won't cause problems on customers' GitLab installations.
Proposal
Update the Container Scanning vendored template to invoke the Container Scanning tool Docker image directly, also providing environment variables for configuration.
Permissions and Security
No special permissions
Documentation
Must update the CI example documentation for Container Scanning (add post-11.10 manual job definition but keep the old ones) according to our practice on %12.0 breaking changes.
Testing
The test project for the Container Scanning tool is required.
What does success look like, and how can we measure that?
The Container Scanning vendored template is updated to invoke the Container Scanning tool Docker image.
What is the type of buyer?
GitLab Ultimate users