Add documentation for UBI images for container scanning

497f7cf3 · Sashi Kumar Kumaresan · Nick Gaskill · b587e0d5 · 497f7cf3
Commit 497f7cf3 authored Jul 09, 2021 by Sashi Kumar Kumaresan Committed by Nick Gaskill Jul 09, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 0 deletions

doc/user/application_security/container_scanning/index.md doc/user/application_security/container_scanning/index.md +13 -0

No files found.
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -172,6 +172,19 @@ Support depends on the scanner:
 - [Grype](https://github.com/anchore/grype#grype)
 - [Trivy](https://aquasecurity.github.io/trivy/latest/vuln-detection/os/) (Default).

+#### UBI-based images
+
+GitLab also offers [Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image)
+versions of the container-scanning images. You can therefore replace standard images with UBI-based
+images. To configure the images, set the `CS_ANALYZER_IMAGE` variable to the standard tag plus the
+`-ubi` extension.
+
+| Scanner name    | `CS_ANALYZER_IMAGE` |
+| --------------- | ------------------- |
+| Default (Trivy) | `registry.gitlab.com/security-products/container-scanning:4-ubi` |
+| Grype           | `registry.gitlab.com/security-products/container-scanning/grype:4-ubi` |
+| Trivy           | `registry.gitlab.com/security-products/container-scanning/trivy:4-ubi` |
+
 ### Overriding the container scanning template

 If you want to override the job definition (for example, to change properties like `variables`), you