Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3199ecba
Commit
3199ecba
authored
Apr 06, 2018
by
Olivier Gonzalez
Committed by
Philippe Lafoucrière
Apr 06, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
5017 rename sast container to container scanning
parent
eddaeba1
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
19 additions
and
8 deletions
+19
-8
doc/ci/examples/container_scanning.md
doc/ci/examples/container_scanning.md
+4
-4
doc/user/project/merge_requests/container_scanning.md
doc/user/project/merge_requests/container_scanning.md
+8
-2
ee/app/models/ee/ci/build.rb
ee/app/models/ee/ci/build.rb
+1
-1
ee/changelogs/unreleased/5017_rename_sast_container_to_container_scanning.yml
...ased/5017_rename_sast_container_to_container_scanning.yml
+5
-0
ee/spec/models/ci/pipeline_spec.rb
ee/spec/models/ci/pipeline_spec.rb
+1
-1
No files found.
doc/ci/examples/container_scanning.md
View file @
3199ecba
...
...
@@ -7,10 +7,10 @@ for Vulnerability Static Analysis for containers.
All you need is a GitLab Runner with the Docker executor (the shared Runners on
GitLab.com will work fine). You can then add a new job to
`.gitlab-ci.yml`
,
called
`
sast:container
`
:
called
`
container_scanning
`
:
```
yaml
sast:container
:
container_scanning
:
image
:
docker:stable
variables
:
DOCKER_DRIVER
:
overlay2
...
...
@@ -35,7 +35,7 @@ sast:container:
paths
:
[
gl-sast-container-report.json
]
```
The above example will create a
`
sast:container
`
job in your CI/CD pipeline, pull
The above example will create a
`
container_scanning
`
job in your CI/CD pipeline, pull
the image from the
[
Container Registry
](
../../user/project/container_registry.md
)
(whose name is defined from the two
`CI_APPLICATION_`
variables) and scan it
for possible vulnerabilities. The report will be saved as an artifact that you
...
...
@@ -48,7 +48,7 @@ in our case its named `clair-whitelist.yml`.
TIP:
**Tip:**
Starting with
[
GitLab Ultimate
][
ee
]
10.4, this information will
be automatically extracted and shown right in the merge request widget. To do
so, the CI/CD job must be named
`
sast:container
`
and the artifact path must be
so, the CI/CD job must be named
`
container_scanning
`
and the artifact path must be
`gl-sast-container-report.json`
.
[
Learn more on container scanning results shown in merge requests
](
https://docs.gitlab.com/ee/user/project/merge_requests/container_scanning.html
)
.
...
...
doc/user/project/merge_requests/container_scanning.md
View file @
3199ecba
...
...
@@ -25,12 +25,18 @@ to perform audits for your Docker-based apps.
## How it works
>**Note:**
In
[
GitLab Ultimate
][
ee
]
10.7, another job name has been introduced:
`container_scanning`
.
This new job name will replace
`sast:container`
which is scheduled to be removed in
GitLab 11.0. You are advised to update your current
`.gitlab-ci.yml`
configuration
to reflect that change.
In order for the report to show in the merge request, you need to specify a
`
sast:container
`
job (exact name) that will analyze the code and upload the
`
container_scanning
`
job (exact name) that will analyze the code and upload the
resulting
`gl-sast-container-report.json`
file as an artifact (exact filename).
GitLab will then check this file and show the information inside the merge request.
For more information on how the
`
sast:container
`
job should look like, check the
For more information on how the
`
container_scanning
`
job should look like, check the
example on
[
analyzing a Docker image for vulnerabilities
][
cc-docs
]
.
[
ee-3672
]:
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3672
...
...
ee/app/models/ee/ci/build.rb
View file @
3199ecba
...
...
@@ -19,7 +19,7 @@ module EE
scope
:performance
,
->
{
where
(
name:
%w[performance deploy]
)
}
scope
:sast
,
->
{
where
(
name:
'sast'
)
}
scope
:dependency_scanning
,
->
{
where
(
name:
'dependency_scanning'
)
}
scope
:sast_container
,
->
{
where
(
name:
'sast:container'
)
}
scope
:sast_container
,
->
{
where
(
name:
%w[container_scanning sast:container]
)
}
scope
:dast
,
->
{
where
(
name:
'dast'
)
}
after_save
:stick_build_if_status_changed
...
...
ee/changelogs/unreleased/5017_rename_sast_container_to_container_scanning.yml
0 → 100644
View file @
3199ecba
---
title
:
Rename SAST:container to Container Scannning
merge_request
:
author
:
type
:
deprecated
ee/spec/models/ci/pipeline_spec.rb
View file @
3199ecba
...
...
@@ -22,7 +22,7 @@ describe Ci::Pipeline do
performance_artifact:
[
Ci
::
Build
::
PERFORMANCE_FILE
,
'performance'
],
sast_artifact:
[
Ci
::
Build
::
SAST_FILE
,
'sast'
],
dependency_scanning_artifact:
[
Ci
::
Build
::
DEPENDENCY_SCANNING_FILE
,
'dependency_scanning'
],
sast_container_artifact:
[
Ci
::
Build
::
SAST_CONTAINER_FILE
,
'
sast:container
'
],
sast_container_artifact:
[
Ci
::
Build
::
SAST_CONTAINER_FILE
,
'
container_scanning
'
],
dast_artifact:
[
Ci
::
Build
::
DAST_FILE
,
'dast'
]
}.
freeze
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment