Merge branch 'document-container-scanning-docker-image-variable' into 'master'

Add documentation for the container scanning docker image variable See merge request gitlab-org/gitlab!46929

Merge branch 'document-container-scanning-docker-image-variable' into 'master'
Add documentation for the container scanning docker image variable See merge request gitlab-org/gitlab!46929
926cb40c · Nick Gaskill · 54ef620c · 6326f714 · 926cb40c · 926cb40c
Commit 926cb40c authored Nov 13, 2020 by Nick Gaskill
Showing with 4 additions and 1 deletion

doc/development/integrations/secure.md doc/development/integrations/secure.md +3 -1

doc/user/application_security/container_scanning/index.md doc/user/application_security/container_scanning/index.md +1 -0

No files found.
--- a/doc/development/integrations/secure.md
+++ b/doc/development/integrations/secure.md
@@ -181,7 +181,9 @@ SAST and Dependency Scanning scanners must scan the files in the project directo

 In order to be consistent with the official Container Scanning for GitLab,
 scanners must scan the Docker image whose name and tag are given by
-`CI_APPLICATION_REPOSITORY` and `CI_APPLICATION_TAG`, respectively.
+`CI_APPLICATION_REPOSITORY` and `CI_APPLICATION_TAG`, respectively. If the `DOCKER_IMAGE`
+variable is provided, then the `CI_APPLICATION_REPOSITORY` and `CI_APPLICATION_TAG` variables
+are ignored, and the image specified in the `DOCKER_IMAGE` variable is scanned instead.

 If not provided, `CI_APPLICATION_REPOSITORY` should default to
 `$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG`, which is a combination of predefined CI variables.

--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -186,6 +186,7 @@ scanning by using the following environment variables:
 | `CI_APPLICATION_REPOSITORY`    | `$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG` | Docker repository URL for the image to be scanned. |
 | `CI_APPLICATION_TAG`           | `$CI_COMMIT_SHA` | Docker repository tag for the image to be scanned. |
 | `CS_MAJOR_VERSION`             | `3` | The major version of the Docker image tag. |
+| `DOCKER_IMAGE`                 | `$CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG` | The Docker image to be scanned. If set, this variable overrides the `$CI_APPLICATION_REPOSITORY` and `$CI_APPLICATION_TAG` variables. |
 | `DOCKER_INSECURE`              | `"false"`     | Allow [Klar](https://github.com/optiopay/klar) to access secure Docker registries using HTTPS with bad (or self-signed) SSL certificates. |
 | `DOCKER_PASSWORD`              | `$CI_REGISTRY_PASSWORD` | Password for accessing a Docker registry requiring authentication. |
 | `DOCKER_USER`                  | `$CI_REGISTRY_USER` | Username for accessing a Docker registry requiring authentication. |