Skip to content

container scanning-INPLATFORM-306

Nicole Lu requested to merge container_scanning-INPLATFORM-306 into master

Ticket description

The goal is to set up Qualys container scanning for IICS secure agent docker image, scan on a regular basis, and notify Teams if any vulnerabilities occur.

Change made

I have added check-qualys job at post stage by including the template in check-qualys repo and two variable to pull the docker image: CI_TOKEN, DOCKER_IMAGE.

previously questions (solved):

  • to build at post or build stage, change the original manual job to: when:always / - only: a pipeline scheduled or on a merge_request
  • don't know how to remove the original job in the template while still extends based on that
  • post stage job set to be allow failure by default
  • And currently no vulnerabilities found so I didn't include a .cveignore file.
Edited by Nicole Lu

Merge request reports

Loading