Add Clsuter Image Scanning filter and configuration

app/assets/javascripts/security_configuration/components/configuration_table.vue

@@ -8,6 +8,7 @@ import {
   REPORT_TYPE_DAST_PROFILES,
   REPORT_TYPE_DEPENDENCY_SCANNING,
   REPORT_TYPE_CONTAINER_SCANNING,
+  REPORT_TYPE_CLUSTER_IMAGE_SCANNING,
   REPORT_TYPE_COVERAGE_FUZZING,
   REPORT_TYPE_API_FUZZING,
   REPORT_TYPE_LICENSE_COMPLIANCE,
@@ -46,6 +47,7 @@ export default {
         [REPORT_TYPE_DAST_PROFILES]: Upgrade,
         [REPORT_TYPE_DEPENDENCY_SCANNING]: Upgrade,
         [REPORT_TYPE_CONTAINER_SCANNING]: Upgrade,
+        [REPORT_TYPE_CLUSTER_IMAGE_SCANNING]: Upgrade,
         [REPORT_TYPE_COVERAGE_FUZZING]: Upgrade,
         [REPORT_TYPE_API_FUZZING]: Upgrade,
         [REPORT_TYPE_LICENSE_COMPLIANCE]: Upgrade,

app/assets/javascripts/security_configuration/components/constants.js

@@ -9,6 +9,7 @@ import {
   REPORT_TYPE_SECRET_DETECTION,
   REPORT_TYPE_DEPENDENCY_SCANNING,
   REPORT_TYPE_CONTAINER_SCANNING,
+  REPORT_TYPE_CLUSTER_IMAGE_SCANNING,
   REPORT_TYPE_COVERAGE_FUZZING,
   REPORT_TYPE_API_FUZZING,
   REPORT_TYPE_LICENSE_COMPLIANCE,
@@ -76,6 +77,18 @@ export const CONTAINER_SCANNING_CONFIG_HELP_PATH = helpPagePath(
   { anchor: 'configuration' },
 );
 
+export const CLUSTER_IMAGE_SCANNING_NAME = __('ciReport|Cluster Image Scanning');
+export const CLUSTER_IMAGE_SCANNING_DESCRIPTION = __(
+  'Check your Kubernetes cluster images for known vulnerabilities.',
+);
+export const CLUSTER_IMAGE_SCANNING_HELP_PATH = helpPagePath(
+  'user/application_security/cluster_image_scanning/index',
+);
+export const CLUSTER_IMAGE_SCANNING_CONFIG_HELP_PATH = helpPagePath(
+  'user/application_security/cluster_image_scanning/index',
+  { anchor: 'configuration' },
+);
+
 export const COVERAGE_FUZZING_NAME = __('Coverage Fuzzing');
 export const COVERAGE_FUZZING_DESCRIPTION = __(
   'Find bugs in your code with coverage-guided fuzzing.',
@@ -131,6 +144,12 @@ export const scanners = [
     helpPath: CONTAINER_SCANNING_HELP_PATH,
     type: REPORT_TYPE_CONTAINER_SCANNING,
   },
+  {
+    name: CLUSTER_IMAGE_SCANNING_NAME,
+    description: CLUSTER_IMAGE_SCANNING_DESCRIPTION,
+    helpPath: CLUSTER_IMAGE_SCANNING_HELP_PATH,
+    type: REPORT_TYPE_CLUSTER_IMAGE_SCANNING,
+  },
   {
     name: SECRET_DETECTION_NAME,
     description: SECRET_DETECTION_DESCRIPTION,
@@ -203,6 +222,13 @@ export const securityFeatures = [
     configurationHelpPath: CONTAINER_SCANNING_CONFIG_HELP_PATH,
     type: REPORT_TYPE_CONTAINER_SCANNING,
   },
+  {
+    name: CLUSTER_IMAGE_SCANNING_NAME,
+    description: CLUSTER_IMAGE_SCANNING_DESCRIPTION,
+    helpPath: CLUSTER_IMAGE_SCANNING_HELP_PATH,
+    configurationHelpPath: CLUSTER_IMAGE_SCANNING_CONFIG_HELP_PATH,
+    type: REPORT_TYPE_CLUSTER_IMAGE_SCANNING,
+  },
   {
     name: SECRET_DETECTION_NAME,
     description: SECRET_DETECTION_DESCRIPTION,

app/assets/javascripts/vue_shared/security_reports/constants.js

@@ -22,6 +22,7 @@ export const REPORT_TYPE_DAST_PROFILES = 'dast_profiles';
 export const REPORT_TYPE_SECRET_DETECTION = 'secret_detection';
 export const REPORT_TYPE_DEPENDENCY_SCANNING = 'dependency_scanning';
 export const REPORT_TYPE_CONTAINER_SCANNING = 'container_scanning';
+export const REPORT_TYPE_CLUSTER_IMAGE_SCANNING = 'cluster_image_scanning';
 export const REPORT_TYPE_COVERAGE_FUZZING = 'coverage_fuzzing';
 export const REPORT_TYPE_LICENSE_COMPLIANCE = 'license_scanning';
 export const REPORT_TYPE_API_FUZZING = 'api_fuzzing';

ee/app/assets/javascripts/security_dashboard/components/project/project_vulnerabilities.vue

@@ -163,6 +163,7 @@ export default {
   i18n: {
     API_FUZZING: __('API Fuzzing'),
     CONTAINER_SCANNING: __('Container Scanning'),
+    CLUSTER_IMAGE_SCANNING: __('ciReport|Cluster Image Scanning'),
     COVERAGE_FUZZING: __('Coverage Fuzzing'),
     SECRET_DETECTION: __('Secret Detection'),
     DEPENDENCY_SCANNING: __('Dependency Scanning'),

ee/app/assets/javascripts/security_dashboard/store/constants.js

@@ -13,6 +13,7 @@ export const SEVERITY_LEVELS = {
 
 export const REPORT_TYPES = {
   container_scanning: s__('ciReport|Container Scanning'),
+  cluster_image_scanning: s__('ciReport|Cluster Image Scanning'),
   dast: s__('ciReport|DAST'),
   dependency_scanning: s__('ciReport|Dependency Scanning'),
   sast: s__('ciReport|SAST'),

ee/spec/frontend/security_dashboard/components/shared/filters/scanner_filter_spec.js

@@ -26,13 +26,14 @@ const defaultScanners = [
   createScannerConfig(DEFAULT_SCANNER, 'CONTAINER_SCANNING', 6),
   createScannerConfig(DEFAULT_SCANNER, 'DAST', 7),
   createScannerConfig(DEFAULT_SCANNER, 'DAST', 8),
+  createScannerConfig(DEFAULT_SCANNER, 'CLUSTER_IMAGE_SCANNING', 9),
 ];
 
 const customScanners = [
   ...defaultScanners,
-  createScannerConfig('Custom', 'SAST', 9),
   createScannerConfig('Custom', 'SAST', 10),
-  createScannerConfig('Custom', 'DAST', 11),
+  createScannerConfig('Custom', 'SAST', 11),
+  createScannerConfig('Custom', 'DAST', 12),
 ];
 
 describe('Scanner Filter component', () => {

locale/gitlab.pot

@@ -6330,6 +6330,9 @@ msgstr ""
 msgid "Check your Docker images for known vulnerabilities."
 msgstr ""
 
+msgid "Check your Kubernetes cluster images for known vulnerabilities."
+msgstr ""
+
 msgid "Check your source instance permissions."
 msgstr ""
 
@@ -38305,6 +38308,9 @@ msgstr ""
 msgid "ciReport|Checks"
 msgstr ""
 
+msgid "ciReport|Cluster Image Scanning"
+msgstr ""
+
 msgid "ciReport|Code quality"
 msgstr ""