Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Skip generating cs report

Review changes
Download
Patches
Plain diff

Aditya Tiwari requested to merge skip-security-report into master May 02, 2024

Overview 4
Commits 3
Pipelines 4
Changes 12

What does this MR do?

Skip generating cs report when scan is triggered from registry.

This is done to prevent ingesting vulnerabilities identified by security report in database on rails monolith side. When the env variable REGISTRY_TRIGGERED is set, we will only generate and ingest SBOM report from CS. This is a temporary change and we will remove this once gitlab-org/gitlab#459966 is resolved. Currently, we set REGISTRY_TRIGGERED when the CS job is triggered on registry push event.

What are the relevant issue numbers?

gitlab-org/gitlab#460855 (closed)

Steps to test

Run cs job with REGISTRY_TRIGGERED=true. Only sbom report should be generated.

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated for GitLab EE, if necessary
Documentation created/updated for this project, if necessary
Documentation reviewed by technical writer or follow-up review issue created
Tests added for this feature/bug
Job definition updated, if necessary
Conforms to the code review guidelines
Conforms to the Go guidelines
Security reports checked/validated by reviewer

Edited May 08, 2024 by Aditya Tiwari

Merge request reports

Assignee

Reviewers

Request review from

Time tracking