Commit 3f4156f8 authored by Nick Gaskill's avatar Nick Gaskill

Merge branch 'caneldem-master-patch-57315' into 'master'

Use allowlist instead of whitelist

See merge request gitlab-org/gitlab!35602
parents 77a6dbfe 5a4ac44e
...@@ -196,15 +196,15 @@ GitLab 13.0 and later doesn't support [`only` and `except`](../../../ci/yaml/REA ...@@ -196,15 +196,15 @@ GitLab 13.0 and later doesn't support [`only` and `except`](../../../ci/yaml/REA
When overriding the template, you must use [`rules`](../../../ci/yaml/README.md#rules) When overriding the template, you must use [`rules`](../../../ci/yaml/README.md#rules)
instead. instead.
### Vulnerability whitelisting ### Vulnerability allowlisting
To whitelist specific vulnerabilities, follow these steps: To allowlist specific vulnerabilities, follow these steps:
1. Set `GIT_STRATEGY: fetch` in your `.gitlab-ci.yml` file by following the instructions in 1. Set `GIT_STRATEGY: fetch` in your `.gitlab-ci.yml` file by following the instructions in
[overriding the Container Scanning template](#overriding-the-container-scanning-template). [overriding the Container Scanning template](#overriding-the-container-scanning-template).
1. Define the whitelisted vulnerabilities in a YAML file named `clair-whitelist.yml`. This must use 1. Define the allowlisted vulnerabilities in a YAML file named `vulnerability-allowlist.yml`. This must use
the format described in the [whitelist example file](https://github.com/arminc/clair-scanner/blob/v12/example-whitelist.yaml). the format described in the [allowlist example file](https://gitlab.com/gitlab-org/security-products/analyzers/klar/-/raw/master/testdata/vulnerability-allowlist.yml).
1. Add the `clair-whitelist.yml` file to your project's Git repository. 1. Add the `vulnerability-allowlist.yml` file to your project's Git repository.
### Running Container Scanning in an offline environment ### Running Container Scanning in an offline environment
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment