Commit eb204bde authored by Philippe Lafoucrière's avatar Philippe Lafoucrière

Merge branch '5017_rename_sast_container_to_container_scanning' into 'master'

5017 rename sast container to container scanning

See merge request gitlab-org/gitlab-ee!5275
parents eddaeba1 3199ecba
......@@ -7,10 +7,10 @@ for Vulnerability Static Analysis for containers.
All you need is a GitLab Runner with the Docker executor (the shared Runners on
GitLab.com will work fine). You can then add a new job to `.gitlab-ci.yml`,
called `sast:container`:
called `container_scanning`:
```yaml
sast:container:
container_scanning:
image: docker:stable
variables:
DOCKER_DRIVER: overlay2
......@@ -35,7 +35,7 @@ sast:container:
paths: [gl-sast-container-report.json]
```
The above example will create a `sast:container` job in your CI/CD pipeline, pull
The above example will create a `container_scanning` job in your CI/CD pipeline, pull
the image from the [Container Registry](../../user/project/container_registry.md)
(whose name is defined from the two `CI_APPLICATION_` variables) and scan it
for possible vulnerabilities. The report will be saved as an artifact that you
......@@ -48,7 +48,7 @@ in our case its named `clair-whitelist.yml`.
TIP: **Tip:**
Starting with [GitLab Ultimate][ee] 10.4, this information will
be automatically extracted and shown right in the merge request widget. To do
so, the CI/CD job must be named `sast:container` and the artifact path must be
so, the CI/CD job must be named `container_scanning` and the artifact path must be
`gl-sast-container-report.json`.
[Learn more on container scanning results shown in merge requests](https://docs.gitlab.com/ee/user/project/merge_requests/container_scanning.html).
......
......@@ -25,12 +25,18 @@ to perform audits for your Docker-based apps.
## How it works
>**Note:**
In [GitLab Ultimate][ee] 10.7, another job name has been introduced: `container_scanning`.
This new job name will replace `sast:container` which is scheduled to be removed in
GitLab 11.0. You are advised to update your current `.gitlab-ci.yml` configuration
to reflect that change.
In order for the report to show in the merge request, you need to specify a
`sast:container` job (exact name) that will analyze the code and upload the
`container_scanning` job (exact name) that will analyze the code and upload the
resulting `gl-sast-container-report.json` file as an artifact (exact filename).
GitLab will then check this file and show the information inside the merge request.
For more information on how the `sast:container` job should look like, check the
For more information on how the `container_scanning` job should look like, check the
example on [analyzing a Docker image for vulnerabilities][cc-docs].
[ee-3672]: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3672
......
......@@ -19,7 +19,7 @@ module EE
scope :performance, -> { where(name: %w[performance deploy]) }
scope :sast, -> { where(name: 'sast') }
scope :dependency_scanning, -> { where(name: 'dependency_scanning') }
scope :sast_container, -> { where(name: 'sast:container') }
scope :sast_container, -> { where(name: %w[container_scanning sast:container]) }
scope :dast, -> { where(name: 'dast') }
after_save :stick_build_if_status_changed
......
---
title: Rename SAST:container to Container Scannning
merge_request:
author:
type: deprecated
......@@ -22,7 +22,7 @@ describe Ci::Pipeline do
performance_artifact: [Ci::Build::PERFORMANCE_FILE, 'performance'],
sast_artifact: [Ci::Build::SAST_FILE, 'sast'],
dependency_scanning_artifact: [Ci::Build::DEPENDENCY_SCANNING_FILE, 'dependency_scanning'],
sast_container_artifact: [Ci::Build::SAST_CONTAINER_FILE, 'sast:container'],
sast_container_artifact: [Ci::Build::SAST_CONTAINER_FILE, 'container_scanning'],
dast_artifact: [Ci::Build::DAST_FILE, 'dast']
}.freeze
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment