Merge branch '330671-restrict-write-access-to-container-scanning-images' into 'master'

Use new location for container-scanning analyzer

See merge request gitlab-org/gitlab!62358

doc/user/application_security/index.md

@@ -92,7 +92,9 @@ For more details about each of the security scanning tools, see their respective
 
 By default, GitLab security scanners use `registry.gitlab.com/gitlab-org/security-products/analyzers` as the
 base address for Docker images. You can override this globally by setting the CI/CD variable
-`SECURE_ANALYZERS_PREFIX` to another location. Note that this affects all scanners at once.
+`SECURE_ANALYZERS_PREFIX` to another location. Note that this affects all scanners at once, except
+the container-scanning analyzer which uses
+`registry.gitlab.com/security-products/container-scanning` as its registry.
 
 ### Use security scanning tools with Pipelines for Merge Requests
 

lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml

@@ -58,7 +58,7 @@ container_scanning:
 container_scanning_new:
   extends: .cs_common
   variables:
-    CS_PROJECT: 'container-scanning'
+    CS_ANALYZER_IMAGE: registry.gitlab.com/security-products/container-scanning:4
   script:
     - gtcs scan
   artifacts: