Commit 77082eb6 authored by Nick Gaskill's avatar Nick Gaskill

Merge branch 'doc/container-scanning-dependency-list' into 'master'

Container scanning example for dependency list report

See merge request gitlab-org/gitlab!75820
parents dd0d1cb0 9ab3ef30
...@@ -71,7 +71,9 @@ The included template: ...@@ -71,7 +71,9 @@ The included template:
GitLab saves the results as a GitLab saves the results as a
[Container Scanning report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportscontainer_scanning) [Container Scanning report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportscontainer_scanning)
that you can download and analyze later. When downloading, you always receive the most-recent that you can download and analyze later. When downloading, you always receive the most-recent
artifact. artifact. If [dependency scan is enabled](#enable-dependency-scan),
a [Dependency Scanning report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportsdependency_scanning)
is also created.
The following is a sample `.gitlab-ci.yml` that builds your Docker image, pushes it to the container The following is a sample `.gitlab-ci.yml` that builds your Docker image, pushes it to the container
registry, and scans the image: registry, and scans the image:
...@@ -146,6 +148,25 @@ include: ...@@ -146,6 +148,25 @@ include:
DOCKER_PASSWORD: "$AWS_ECR_PASSWORD" DOCKER_PASSWORD: "$AWS_ECR_PASSWORD"
``` ```
#### Enable dependency scan
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345434) in GitLab 14.6.
The `CS_DISABLE_DEPENDENCY_SCAN` CI/CD variable controls whether the scan creates a [Dependency List](../dependency_list/)
report. For the scan to create this report, you must set this variable to `false` (the default value
is `true`).
For example:
```yaml
include:
- template: Security/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
CS_DISABLE_DEPENDENCY_SCAN: "false"
```
#### Available CI/CD variables #### Available CI/CD variables
You can [configure](#customizing-the-container-scanning-settings) analyzers by using the following CI/CD variables: You can [configure](#customizing-the-container-scanning-settings) analyzers by using the following CI/CD variables:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment