Remove improved_container_scan_matching feature flag

config/feature_flags/development/improved_container_scan_matching.yml

----
-name: improved_container_scan_matching
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/73486
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/344534
-milestone: '14.6'
-type: development
-group: group::container security
-default_enabled: true

ee/lib/gitlab/ci/parsers/security/container_scanning.rb

@@ -13,22 +13,15 @@ module Gitlab
               operating_system: location_data['operating_system'],
               package_name: location_data.dig('dependency', 'package', 'name'),
               package_version: location_data.dig('dependency', 'version'),
-              default_branch_image: default_branch_image(location_data),
-              improved_container_scan_matching_enabled: improved_container_scan_matching_enabled?
+              default_branch_image: default_branch_image(location_data)
             )
           end
 
           def default_branch_image(location_data)
-            return unless improved_container_scan_matching_enabled?
-
             return if @report.pipeline.default_branch?
 
             location_data['default_branch_image']
           end
-
-          def improved_container_scan_matching_enabled?
-            Feature.enabled?(:improved_container_scan_matching, @report.pipeline.project, default_enabled: :yaml)
-          end
         end
       end
     end

ee/lib/gitlab/ci/reports/security/locations/container_scanning.rb

@@ -17,38 +17,26 @@ module Gitlab
               operating_system:,
               package_name: nil,
               package_version: nil,
-              default_branch_image: nil,
-              improved_container_scan_matching_enabled: false
+              default_branch_image: nil
             )
               @image = image
               @operating_system = operating_system
               @package_name = package_name
               @package_version = package_version
               @default_branch_image = default_branch_image
-              @improved_container_scan_matching_enabled = improved_container_scan_matching_enabled
             end
 
             def fingerprint_data
               "#{docker_image_name_without_tag}:#{package_name}"
             end
 
-            def improved_container_scan_matching_enabled?
-              @improved_container_scan_matching_enabled
-            end
-
             private
 
             def docker_image_name_without_tag
-              if improved_container_scan_matching_enabled?
-                image_name = default_branch_image.presence || image
-                base_name, _, version = image_name.rpartition(':')
+              image_name = default_branch_image.presence || image
+              base_name, _, version = image_name.rpartition(':')
 
-                return image_name if version_semver_like?(version)
-              else
-                base_name, version = image.split(':')
-
-                return image if version_semver_like?(version)
-              end
+              return image_name if version_semver_like?(version)
 
               base_name
             end

ee/spec/lib/gitlab/ci/parsers/security/container_scanning_spec.rb

@@ -42,63 +42,35 @@ RSpec.describe Gitlab::Ci::Parsers::Security::ContainerScanning do
   end
 
   describe '#parse!' do
-    context 'when improved_container_scan_matching is disabled' do
-      before do
-        stub_feature_flags(improved_container_scan_matching: false)
-        artifact.each_blob { |blob| described_class.parse!(blob, report) }
-      end
-
-      it_behaves_like 'report'
-
-      context 'when not on default branch' do
-        let(:current_branch) { 'not-default' }
-
-        it 'does not include default_branch_image' do
-          location = report.findings.first.location
-
-          expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
-          expect(location).to have_attributes(
-            default_branch_image: nil,
-            improved_container_scan_matching_enabled?: false
-          )
-        end
-      end
+    before do
+      artifact.each_blob { |blob| described_class.parse!(blob, report) }
     end
 
-    context 'when improved_container_scan_matching is enabled' do
-      before do
-        stub_feature_flags(improved_container_scan_matching: true)
-        artifact.each_blob { |blob| described_class.parse!(blob, report) }
-      end
-
-      it_behaves_like 'report'
+    it_behaves_like 'report'
 
-      context 'when on default branch' do
-        let(:current_branch) { project.default_branch }
+    context 'when on default branch' do
+      let(:current_branch) { project.default_branch }
 
-        it 'does not include default_branch_image in location' do
-          location = report.findings.first.location
+      it 'does not include default_branch_image in location' do
+        location = report.findings.first.location
 
-          expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
-          expect(location).to have_attributes(
-            default_branch_image: nil,
-            improved_container_scan_matching_enabled?: true
-          )
-        end
+        expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
+        expect(location).to have_attributes(
+          default_branch_image: nil
+        )
       end
+    end
 
-      context 'when not on default branch' do
-        let(:current_branch) { 'not-default' }
+    context 'when not on default branch' do
+      let(:current_branch) { 'not-default' }
 
-        it 'includes default_branch_image in location' do
-          location = report.findings.first.location
+      it 'includes default_branch_image in location' do
+        location = report.findings.first.location
 
-          expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
-          expect(location).to have_attributes(
-            default_branch_image: default_branch_image,
-            improved_container_scan_matching_enabled?: true
-          )
-        end
+        expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::ContainerScanning)
+        expect(location).to have_attributes(
+          default_branch_image: default_branch_image
+        )
       end
     end
   end

ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb

@@ -23,102 +23,57 @@ RSpec.describe Gitlab::Ci::Reports::Security::Locations::ContainerScanning do
   describe 'fingerprint' do
     sha1_of = -> (input) { Digest::SHA1.hexdigest(input) }
 
-    context 'with feature enabled' do
-      where(:image, :default_branch_image, :expected_fingerprint_input) do
+    where(:image, :default_branch_image, :expected_fingerprint_input) do
+      [
+        ['alpine:3.7.3', nil, 'alpine:3.7.3:glibc'],
+        ['alpine:3.7', nil, 'alpine:3.7:glibc'],
+        ['alpine:8101518288111119448185914762536722131810', nil, 'alpine:glibc'],
+        ['alpine:1.0.0-beta', nil, 'alpine:1.0.0-beta:glibc'],
         [
-          ['alpine:3.7.3', nil, 'alpine:3.7.3:glibc'],
-          ['alpine:3.7', nil, 'alpine:3.7:glibc'],
-          ['alpine:8101518288111119448185914762536722131810', nil, 'alpine:glibc'],
-          ['alpine:1.0.0-beta', nil, 'alpine:1.0.0-beta:glibc'],
-          [
-            'gdk.local:5000/group/project/branch:307e0a35643f63652a713d0820db7c388012f724',
-            nil,
-            'gdk.local:5000/group/project/branch:glibc'
-          ],
-          [
-            'registry.gitlab.com/group/project/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0',
-            nil,
-            'registry.gitlab.com/group/project/tmp:glibc'
-          ],
-          [
-            'registry.gitlab.com/group/project/feature:5b1a4a921d7a50c3757aae3f7df2221878775af4',
-            'registry.gitlab.com/group/project/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3',
-            'registry.gitlab.com/group/project/master:glibc'
-          ],
-          [
-            'registry.gitlab.com/group/project/feature:d6704dc0b8e33fb550a86f7847d6a3036d4f8bd5',
-            'registry.gitlab.com/group/project:latest',
-            'registry.gitlab.com/group/project:glibc'
-          ],
-          [
-            'registry.gitlab.com/group/project@sha256:a418bbb80b9411f9a08025baa4681e192aaafd16505039bdcb113ccdb90a88fd',
-            'registry.gitlab.com/group/project:latest',
-            'registry.gitlab.com/group/project:glibc'
-          ],
-          [
-            'registry.gitlab.com/group/project/feature:latest',
-            'registry.gitlab.com/group/project:1.0.0',
-            'registry.gitlab.com/group/project:1.0.0:glibc'
-          ]
+          'gdk.local:5000/group/project/branch:307e0a35643f63652a713d0820db7c388012f724',
+          nil,
+          'gdk.local:5000/group/project/branch:glibc'
+        ],
+        [
+          'registry.gitlab.com/group/project/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0',
+          nil,
+          'registry.gitlab.com/group/project/tmp:glibc'
+        ],
+        [
+          'registry.gitlab.com/group/project/feature:5b1a4a921d7a50c3757aae3f7df2221878775af4',
+          'registry.gitlab.com/group/project/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3',
+          'registry.gitlab.com/group/project/master:glibc'
+        ],
+        [
+          'registry.gitlab.com/group/project/feature:d6704dc0b8e33fb550a86f7847d6a3036d4f8bd5',
+          'registry.gitlab.com/group/project:latest',
+          'registry.gitlab.com/group/project:glibc'
+        ],
+        [
+          'registry.gitlab.com/group/project@sha256:a418bbb80b9411f9a08025baa4681e192aaafd16505039bdcb113ccdb90a88fd',
+          'registry.gitlab.com/group/project:latest',
+          'registry.gitlab.com/group/project:glibc'
+        ],
+        [
+          'registry.gitlab.com/group/project/feature:latest',
+          'registry.gitlab.com/group/project:1.0.0',
+          'registry.gitlab.com/group/project:1.0.0:glibc'
         ]
-      end
-
-      with_them do
-        let(:params) do
-          {
-            image: image,
-            default_branch_image: default_branch_image,
-            operating_system: 'debian:9',
-            package_name: 'glibc',
-            package_version: '1.2.3',
-            improved_container_scan_matching_enabled: true
-          }
-        end
-
-        specify { expect(subject.fingerprint).to eq(sha1_of.call(expected_fingerprint_input)) }
-      end
+      ]
     end
 
-    context 'with feature disabled' do
+    with_them do
       let(:params) do
         {
-          image: 'registry.gitlab.com/group/project/feature:ec301f43f14a2b477806875e49cfc4d3fa0d22c3',
-          default_branch_image: 'registry.gitlab.com/group/project/master:ec301f43f14a2b477806875e49cfc4d3fa0d22c3',
+          image: image,
+          default_branch_image: default_branch_image,
           operating_system: 'debian:9',
           package_name: 'glibc',
           package_version: '1.2.3'
         }
       end
 
-      it 'ignores default_branch_image' do
-        expect(subject.fingerprint).to eq(sha1_of.call('registry.gitlab.com/group/project/feature:glibc'))
-      end
-
-      where(:image, :expected_fingerprint_input) do
-        [
-          ['alpine:3.7.3', 'alpine:3.7.3:glibc'],
-          ['alpine:3.7', 'alpine:3.7:glibc'],
-          ['alpine:8101518288111119448185914762536722131810', 'alpine:glibc'],
-          ['alpine:1.0.0-beta', 'alpine:1.0.0-beta:glibc'],
-          [
-            'registry.gitlab.com/group/project/tmp:af864bd61230d3d694eb01d6205b268b4ad63ac0',
-            'registry.gitlab.com/group/project/tmp:glibc'
-          ]
-        ]
-      end
-
-      with_them do
-        let(:params) do
-          {
-            image: image,
-            operating_system: 'debian:9',
-            package_name: 'glibc',
-            package_version: '1.2.3'
-          }
-        end
-
-        specify { expect(subject.fingerprint).to eq(sha1_of.call(expected_fingerprint_input)) }
-      end
+      specify { expect(subject.fingerprint).to eq(sha1_of.call(expected_fingerprint_input)) }
     end
   end
 end