Draft: Split into CE/EE image versions (!2750) · Merge requests · GitLab.org / security-products / analyzers / container-scanning

Dominic Bauer requested to merge ce-ee-flavours into master May 11, 2022

Why is this change being made?

We need to build CE/EE flavours of the image so that we can ship differing Trivy databases within them.

This MR:

introduces the :5-ee and :5-fips-ee tags (as 5 is the current major version)
exposes $EE=true within the container and within the script/setup.sh build script

The $EE environment variable gets used to switch on the license type: !2720 (905d5d49)

How to test and validate

:5:

docker run --rm registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp/trivy:b88b07e575153b6d9cba6ec939486b39d1bb588b sh -c 'echo $EE'

:5-ee:

docker run --rm registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp/trivy:b88b07e575153b6d9cba6ec939486b39d1bb588b-ee sh -c 'echo $EE'
true

:5-fips:

docker run --rm registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp/trivy:b88b07e575153b6d9cba6ec939486b39d1bb588b-fips sh -c 'echo $EE'

:5-fips-ee:

docker run --rm registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp/trivy:b88b07e575153b6d9cba6ec939486b39d1bb588b-fips-ee sh -c 'echo $EE'
true

Same goes for Grype, e.g.:

CE:

docker run --rm registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp/grype:b88b07e575153b6d9cba6ec939486b39d1bb588b-ee sh -c 'echo $EE'
true

Edited May 12, 2022 by Dominic Bauer

Draft: Split into CE/EE image versions

Why is this change being made?

How to test and validate

Merge request reports