Integrate Container Scanning into GitLab Container Registry
Problem to solve
Container Scanning scans Docker images when they are created during the pipeline. Images are then stored in the GitLab Container Registry, and can be reused by other pipelines and deployment processes as stable images that will land in production.
Security status can change at any time even if there are no code changes, for example if an unknown vulnerability is disclosed to the public.
In order to know which is the current security status of the images stored in the GitLab Container Registry, we should run Container Scanning on them on a regular basis, with a process unrelated to project pipelines.
Status can be shown as described in https://gitlab.com/gitlab-org/gitlab-ee/issues/4521.
Implement a process to run Container Scanning results as part of the GitLab Container Registry flow, unrelated to project pipelines.
Report the status in the UI.
What does success look like, and how can we measure that?
We can count the number of projects that will access the security status page for the GitLab Container Registry.