debian-mirror-gitlab/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml

37 lines
1.6 KiB
YAML
Raw Normal View History

2019-12-04 20:38:33 +05:30
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/container_scanning/
2019-07-07 11:18:12 +05:30
container_scanning:
stage: test
2019-12-04 20:38:33 +05:30
image:
name: registry.gitlab.com/gitlab-org/security-products/analyzers/klar:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable
entrypoint: []
2019-07-07 11:18:12 +05:30
variables:
2019-12-04 20:38:33 +05:30
# By default, use the latest clair vulnerabilities database, however, allow it to be overridden here
# with a specific version to provide consistency for integration testing purposes
CLAIR_DB_IMAGE_TAG: latest
# Override this variable in your `.gitlab-ci.yml` file and set it to `fetch` if you want to provide a `clair-whitelist.yaml` file.
# See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
# for details
2019-07-07 11:18:12 +05:30
GIT_STRATEGY: none
allow_failure: true
services:
2019-12-04 20:38:33 +05:30
- name: arminc/clair-db:$CLAIR_DB_IMAGE_TAG
alias: clair-vulnerabilities-db
2019-07-07 11:18:12 +05:30
script:
2019-12-04 20:38:33 +05:30
# the kubernetes executor currently ignores the Docker image entrypoint value, so the start.sh script must
# be explicitly executed here in order for this to work with both the kubernetes and docker executors
# see this issue for more details https://gitlab.com/gitlab-org/gitlab-runner/issues/4125
- /container-scanner/start.sh
2019-07-07 11:18:12 +05:30
artifacts:
reports:
container_scanning: gl-container-scanning-report.json
dependencies: []
only:
refs:
- branches
variables:
- $GITLAB_FEATURES =~ /\bcontainer_scanning\b/
except:
variables:
- $CONTAINER_SCANNING_DISABLED