Use CS_ANALYZER_IMAGE in CS template

ad828646 · Adam Cohen · Shinya Maeda · f923cc7a · ad828646 · ad828646
Commit ad828646 authored Nov 18, 2020 by Adam Cohen Committed by Shinya Maeda Nov 18, 2020
2 changed files
--- a/changelogs/unreleased/reference-cs-image-in-template.yml
+++ b/changelogs/unreleased/reference-cs-image-in-template.yml
+---
+title: Use CS_ANALYZER_IMAGE in CS template
+merge_request: 47856
+author:
+type: added
--- a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
@@ -8,7 +8,7 @@ variables:

 container_scanning:
  stage: test
-  image: $SECURE_ANALYZERS_PREFIX/klar:$CS_MAJOR_VERSION
+  image: "$CS_ANALYZER_IMAGE"
  variables:
    # By default, use the latest clair vulnerabilities database, however, allow it to be overridden here with a specific image
    # to enable container scanning to run offline, or to provide a consistent list of vulnerabilities for integration testing purposes
@@ -18,6 +18,7 @@ container_scanning:
    # file. See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
    # for details
    GIT_STRATEGY: none
+    CS_ANALYZER_IMAGE: $SECURE_ANALYZERS_PREFIX/klar:$CS_MAJOR_VERSION
  allow_failure: true
  services:
    - name: $CLAIR_DB_IMAGE