Rename report type Running Container Scanning to Cluster Image Scanning

app/models/plan_limits.rb

 # frozen_string_literal: true
 
 class PlanLimits < ApplicationRecord
+  include IgnorableColumns
+
+  ignore_column :ci_max_artifact_size_running_container_scanning, remove_with: '14.3', remove_after: '2021-08-22'
+
   LimitUndefinedError = Class.new(StandardError)
 
   belongs_to :plan

db/migrate/20210627204936_add_plan_limits_max_size_cluster_image_scanning_column.rb

+# frozen_string_literal: true
+
+class AddPlanLimitsMaxSizeClusterImageScanningColumn < ActiveRecord::Migration[6.0]
+  def change
+    add_column :plan_limits, :ci_max_artifact_size_cluster_image_scanning, :integer, null: false, default: 0
+  end
+end

db/schema_migrations/20210627204936

+b37bf7db9c00c8f54c0ccca2d418f1279e12ff7e5b71347966494dc5645eb648
\ No newline at end of file

db/structure.sql

@@ -16277,7 +16277,8 @@ CREATE TABLE plan_limits (
     ci_registered_project_runners integer DEFAULT 1000 NOT NULL,
     web_hook_calls integer DEFAULT 0 NOT NULL,
     ci_daily_pipeline_schedule_triggers integer DEFAULT 0 NOT NULL,
-    ci_max_artifact_size_running_container_scanning integer DEFAULT 0 NOT NULL
+    ci_max_artifact_size_running_container_scanning integer DEFAULT 0 NOT NULL,
+    ci_max_artifact_size_cluster_image_scanning integer DEFAULT 0 NOT NULL
 );
 
 CREATE SEQUENCE plan_limits_id_seq

doc/administration/instance_limits.md

@@ -426,6 +426,7 @@ setting is used:
 | `ci_max_artifact_size_archive`                    | 0             |
 | `ci_max_artifact_size_browser_performance`        | 0             |
 | `ci_max_artifact_size_cluster_applications`       | 0             |
+| `ci_max_artifact_size_cluster_image_scanning`     | 0             |
 | `ci_max_artifact_size_cobertura`                  | 0             |
 | `ci_max_artifact_size_codequality`                | 0             |
 | `ci_max_artifact_size_container_scanning`         | 0             |
@@ -444,7 +445,6 @@ setting is used:
 | `ci_max_artifact_size_network_referee`            | 0             |
 | `ci_max_artifact_size_performance`                | 0             |
 | `ci_max_artifact_size_requirements`               | 0             |
-| `ci_max_artifact_size_running_container_scanning` | 0             |
 | `ci_max_artifact_size_sast`                       | 0             |
 | `ci_max_artifact_size_secret_detection`           | 0             |
 | `ci_max_artifact_size_terraform`                  | 5 MB ([introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37018) in GitLab 13.3) |

doc/api/graphql/reference/index.md

@@ -12617,11 +12617,11 @@ Represents summary of a security report.
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="securityreportsummaryapifuzzing"></a>`apiFuzzing` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `api_fuzzing` scan. |
+| <a id="securityreportsummaryclusterimagescanning"></a>`clusterImageScanning` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `cluster_image_scanning` scan. |
 | <a id="securityreportsummarycontainerscanning"></a>`containerScanning` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `container_scanning` scan. |
 | <a id="securityreportsummarycoveragefuzzing"></a>`coverageFuzzing` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `coverage_fuzzing` scan. |
 | <a id="securityreportsummarydast"></a>`dast` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `dast` scan. |
 | <a id="securityreportsummarydependencyscanning"></a>`dependencyScanning` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `dependency_scanning` scan. |
-| <a id="securityreportsummaryrunningcontainerscanning"></a>`runningContainerScanning` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `running_container_scanning` scan. |
 | <a id="securityreportsummarysast"></a>`sast` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `sast` scan. |
 | <a id="securityreportsummarysecretdetection"></a>`secretDetection` | [`SecurityReportSummarySection`](#securityreportsummarysection) | Aggregated counts for the `secret_detection` scan. |
 
@@ -13476,7 +13476,7 @@ Represents a vulnerability.
 | <a id="vulnerabilitynotes"></a>`notes` | [`NoteConnection!`](#noteconnection) | All notes on this noteable. (see [Connections](#connections)) |
 | <a id="vulnerabilityprimaryidentifier"></a>`primaryIdentifier` | [`VulnerabilityIdentifier`](#vulnerabilityidentifier) | Primary identifier of the vulnerability. |
 | <a id="vulnerabilityproject"></a>`project` | [`Project`](#project) | The project on which the vulnerability was found. |
-| <a id="vulnerabilityreporttype"></a>`reportType` | [`VulnerabilityReportType`](#vulnerabilityreporttype) | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION, COVERAGE_FUZZING, API_FUZZING, RUNNING_CONTAINER_SCANNING). `Scan Type` in the UI. |
+| <a id="vulnerabilityreporttype"></a>`reportType` | [`VulnerabilityReportType`](#vulnerabilityreporttype) | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION, COVERAGE_FUZZING, API_FUZZING, CLUSTER_IMAGE_SCANNING). `Scan Type` in the UI. |
 | <a id="vulnerabilityresolvedat"></a>`resolvedAt` | [`Time`](#time) | Timestamp of when the vulnerability state was changed to resolved. |
 | <a id="vulnerabilityresolvedby"></a>`resolvedBy` | [`UserCore`](#usercore) | The user that resolved the vulnerability. |
 | <a id="vulnerabilityresolvedondefaultbranch"></a>`resolvedOnDefaultBranch` | [`Boolean!`](#boolean) | Indicates whether the vulnerability is fixed on the default branch or not. |
@@ -15144,11 +15144,11 @@ The type of the security scan that found the vulnerability.
 | Value | Description |
 | ----- | ----------- |
 | <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` |  |
+| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` |  |
 | <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` |  |
 | <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` |  |
 | <a id="vulnerabilityreporttypedast"></a>`DAST` |  |
 | <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` |  |
-| <a id="vulnerabilityreporttyperunning_container_scanning"></a>`RUNNING_CONTAINER_SCANNING` |  |
 | <a id="vulnerabilityreporttypesast"></a>`SAST` |  |
 | <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` |  |
 

ee/app/models/concerns/ee/enums/vulnerability.rb

@@ -11,7 +11,7 @@ module EE
         dast: 3,
         coverage_fuzzing: 5,
         api_fuzzing: 6,
-        running_container_scanning: 7
+        cluster_image_scanning: 7
       }.freeze
 
       class_methods do

ee/app/models/security/scan.rb

@@ -24,7 +24,7 @@ module Security
       secret_detection: 5,
       coverage_fuzzing: 6,
       api_fuzzing: 7,
-      running_container_scanning: 8
+      cluster_image_scanning: 8
     }
 
     scope :by_scan_types, -> (scan_types) { where(scan_type: scan_types) }

ee/config/metrics/counts_all/20210618124854_running_container_scanning_scans.yml → ee/config/metrics/counts_28d/20210618101233_cluster_image_scanning_scans.yml

 ---
-key_path: usage_activity_by_stage.secure.running_container_scanning_scans
-description: 'Counts running container scanning jobs'
+key_path: usage_activity_by_stage_monthly.secure.cluster_image_scanning_scans
+description: 'Counts cluster image scanning jobs'
 product_section: sec
 product_stage: protect
 product_group: group::container security
 product_category: container_scanning
 value_type: number
-status: data_available
+status: implemented
 time_frame: all
 data_source: database
 data_category: Optional

ee/config/metrics/counts_28d/20210618125224_running_container_scanning_pipeline.yml → ee/config/metrics/counts_28d/20210618125224_cluster_image_scanning_pipeline.yml

 
 ---
-key_path: usage_activity_by_stage_monthly.secure.running_container_scanning_pipeline
-description: Pipelines containing a Running Container Scanning job
+key_path: usage_activity_by_stage_monthly.secure.cluster_image_scanning_pipeline
+description: Pipelines containing a Cluster Image Scanning job
 product_section: sec
 product_stage: protect
 product_group: group::container security
 product_category: container_scanning
 value_type: number
-status: data_available
+status: implemented
 time_frame: 28d
 data_source: database
 data_category: Optional

ee/config/metrics/counts_28d/20210618101233_running_container_scanning_scans.yml → ee/config/metrics/counts_all/20210618124854_cluster_image_scanning_scans.yml

 ---
-key_path: usage_activity_by_stage_monthly.secure.running_container_scanning_scans
-description: 'Counts running container scanning jobs'
+key_path: usage_activity_by_stage.secure.cluster_image_scanning_scans
+description: 'Counts cluster image scanning jobs'
 product_section: sec
 product_stage: protect
 product_group: group::container security
 product_category: container_scanning
 value_type: number
-status: data_available
+status: implemented
 time_frame: all
 data_source: database
 data_category: Optional

ee/lib/gitlab/ci/parsers/security/validators/schemas/running_container_scanning.json → ee/lib/gitlab/ci/parsers/security/validators/schemas/cluster_image_scanning.json

 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "Report format for GitLab Running Container Scanning",
-  "description": "This schema provides the the report format for Running Container Scanning (https://docs.gitlab.com/ee/user/application_security/running_container_scanning).",
+  "title": "Report format for GitLab Cluster Image Scanning",
+  "description": "This schema provides the the report format for Cluster Image Scanning.",
   "definitions": {
     "detail_type": {
       "oneOf": [

ee/spec/graphql/resolvers/security_report_summary_resolver_spec.rb

@@ -18,7 +18,7 @@ RSpec.describe Resolvers::SecurityReportSummaryResolver do
           dast: [:scanned_resources_count, :vulnerabilities_count, :scans],
           sast: [:scanned_resources_count, :vulnerabilities_count],
           container_scanning: [:scanned_resources_count, :vulnerabilities_count],
-          running_container_scanning: [:scanned_resources_count, :vulnerabilities_count],
+          cluster_image_scanning: [:scanned_resources_count, :vulnerabilities_count],
           dependency_scanning: [:scanned_resources_count, :vulnerabilities_count],
           coverage_fuzzing: [:scanned_resources_count, :vulnerabilities_count]
         }

ee/spec/graphql/types/security_report_summary_type_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe GitlabSchema.types['SecurityReportSummary'] do
   specify { expect(described_class.graphql_name).to eq('SecurityReportSummary') }
 
   it 'has specific fields' do
-    expected_fields = %w[dast sast containerScanning dependencyScanning runningContainerScanning]
+    expected_fields = %w[dast sast containerScanning dependencyScanning clusterImageScanning]
 
     expect(described_class).to include_graphql_fields(*expected_fields)
   end

ee/spec/graphql/types/vulnerability_report_type_enum_spec.rb

@@ -4,6 +4,6 @@ require 'spec_helper'
 
 RSpec.describe GitlabSchema.types['VulnerabilityReportType'] do
   it 'exposes all vulnerability report types' do
-    expect(described_class.values.keys).to match_array(%w[SAST SECRET_DETECTION DAST RUNNING_CONTAINER_SCANNING CONTAINER_SCANNING DEPENDENCY_SCANNING COVERAGE_FUZZING API_FUZZING])
+    expect(described_class.values.keys).to match_array(%w[SAST SECRET_DETECTION DAST CLUSTER_IMAGE_SCANNING CONTAINER_SCANNING DEPENDENCY_SCANNING COVERAGE_FUZZING API_FUZZING])
   end
 end

ee/spec/lib/gitlab/ci/parsers/security/validators/schema_validator_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Validators::SchemaValidator do
   using RSpec::Parameterized::TableSyntax
 
   where(:report_type, :expected_errors, :valid_data) do
-    :running_container_scanning | ['root is missing required keys: vulnerabilities']                   | { 'version' => '10.0.0', 'vulnerabilities' => [] }
+    :cluster_image_scanning     | ['root is missing required keys: vulnerabilities']                   | { 'version' => '10.0.0', 'vulnerabilities' => [] }
     :container_scanning         | ['root is missing required keys: vulnerabilities']                   | { 'version' => '10.0.0', 'vulnerabilities' => [] }
     :coverage_fuzzing           | ['root is missing required keys: vulnerabilities']                   | { 'version' => '10.0.0', 'vulnerabilities' => [] }
     :dast                       | ['root is missing required keys: vulnerabilities']                   | { 'version' => '10.0.0', 'vulnerabilities' => [] }

ee/spec/models/ee/vulnerability_spec.rb

@@ -18,7 +18,7 @@ RSpec.describe Vulnerability do
       secret_detection: 4,
       coverage_fuzzing: 5,
       api_fuzzing: 6,
-      running_container_scanning: 7 }
+      cluster_image_scanning: 7 }
   end
 
   let_it_be(:project) { create(:project) }

spec/models/plan_limits_spec.rb

@@ -185,7 +185,7 @@ RSpec.describe PlanLimits do
         ci_max_artifact_size_junit
         ci_max_artifact_size_sast
         ci_max_artifact_size_dast
-        ci_max_artifact_size_running_container_scanning
+        ci_max_artifact_size_cluster_image_scanning
         ci_max_artifact_size_codequality
         ci_max_artifact_size_license_management
         ci_max_artifact_size_performance