Commit 31758637 authored by Seth Berger's avatar Seth Berger Committed by Achilleas Pipinellis

Updated container scanning

Updated container scanning docs with a sample config
parent 840540e3
...@@ -94,6 +94,36 @@ If you want to whitelist some specific vulnerabilities, you can do so by definin ...@@ -94,6 +94,36 @@ If you want to whitelist some specific vulnerabilities, you can do so by definin
them in a YAML file named `clair-whitelist.yml`. Read more in the them in a YAML file named `clair-whitelist.yml`. Read more in the
[Clair documentation](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file). [Clair documentation](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file).
## Example
The following is a sample `.gitlab-ci.yml` that will build your Docker Image, push it to the container registry and run Container Scanning.
```yaml
variables:
DOCKER_DRIVER: overlay2
services:
- docker:stable-dind
stages:
- build
- test
include:
- template: Container-Scanning.gitlab-ci.yml
build:
image: docker:stable
stage: build
variables:
IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
script:
- docker info
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build -t $IMAGE .
- docker push $IMAGE
```
## Security Dashboard ## Security Dashboard
The Security Dashboard is a good place to get an overview of all the security The Security Dashboard is a good place to get an overview of all the security
...@@ -125,4 +155,4 @@ docker: Error response from daemon: failed to copy xattrs: failed to set xattr " ...@@ -125,4 +155,4 @@ docker: Error response from daemon: failed to copy xattrs: failed to set xattr "
This is a result of a bug in Docker which is now [fixed](https://github.com/containerd/continuity/pull/138 "fs: add WithAllowXAttrErrors CopyOpt"). This is a result of a bug in Docker which is now [fixed](https://github.com/containerd/continuity/pull/138 "fs: add WithAllowXAttrErrors CopyOpt").
To prevent the error, ensure the Docker version that the Runner is using is To prevent the error, ensure the Docker version that the Runner is using is
`18.09.03` or higher. For more information, see `18.09.03` or higher. For more information, see
[issue #10241](https://gitlab.com/gitlab-org/gitlab-ee/issues/10241 "Investigate why Container Scanning is not working with NFS mounts"). [issue #10241](https://gitlab.com/gitlab-org/gitlab-ee/issues/10241 "Investigate why Container Scanning is not working with NFS mounts").
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment