debian-mirror-gitlab/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml

# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/container_scanning/

container_scanning:
  stage: test
  image:
    name: registry.gitlab.com/gitlab-org/security-products/analyzers/klar:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable
    entrypoint: []
  variables:
    # By default, use the latest clair vulnerabilities database, however, allow it to be overridden here
    # with a specific version to provide consistency for integration testing purposes
    CLAIR_DB_IMAGE_TAG: latest
    # Override this variable in your `.gitlab-ci.yml` file and set it to `fetch` if you want to provide a `clair-whitelist.yaml` file.
    # See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
    # for details
    GIT_STRATEGY: none
  allow_failure: true
  services:
    - name: arminc/clair-db:$CLAIR_DB_IMAGE_TAG
      alias: clair-vulnerabilities-db
  script:
    # the kubernetes executor currently ignores the Docker image entrypoint value, so the start.sh script must
    # be explicitly executed here in order for this to work with both the kubernetes and docker executors
    # see this issue for more details https://gitlab.com/gitlab-org/gitlab-runner/issues/4125
    - /container-scanner/start.sh
  artifacts:
    reports:
      container_scanning: gl-container-scanning-report.json
  dependencies: []
  only:
    refs:
      - branches
    variables:
      - $GITLAB_FEATURES =~ /\bcontainer_scanning\b/
  except:
    variables:
      - $CONTAINER_SCANNING_DISABLED
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/container_scanning/`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30
			`container_scanning:`
			`stage: test`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`image:`
			`name: registry.gitlab.com/gitlab-org/security-products/analyzers/klar:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable`
			`entrypoint: []`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`variables:`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# By default, use the latest clair vulnerabilities database, however, allow it to be overridden here`
			`# with a specific version to provide consistency for integration testing purposes`
			`CLAIR_DB_IMAGE_TAG: latest`
			# Override this variable in your `.gitlab-ci.yml` file and set it to `fetch` if you want to provide a `clair-whitelist.yaml` file.
			`# See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template`
			`# for details`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`GIT_STRATEGY: none`
			`allow_failure: true`
			`services:`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`- name: arminc/clair-db:$CLAIR_DB_IMAGE_TAG`
			`alias: clair-vulnerabilities-db`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`script:`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# the kubernetes executor currently ignores the Docker image entrypoint value, so the start.sh script must`
			`# be explicitly executed here in order for this to work with both the kubernetes and docker executors`
			`# see this issue for more details https://gitlab.com/gitlab-org/gitlab-runner/issues/4125`
			`- /container-scanner/start.sh`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`artifacts:`
			`reports:`
			`container_scanning: gl-container-scanning-report.json`
			`dependencies: []`
			`only:`
			`refs:`
			`- branches`
			`variables:`
			`- $GITLAB_FEATURES =~ /\bcontainer_scanning\b/`
			`except:`
			`variables:`
			`- $CONTAINER_SCANNING_DISABLED`