diff options
author | Achilleas Pipinellis <axil@gitlab.com> | 2019-08-13 16:54:17 +0300 |
---|---|---|
committer | Achilleas Pipinellis <axil@gitlab.com> | 2019-08-26 22:39:49 +0200 |
commit | 0a56332388bb08f11e2995d80946ed611e5da6de (patch) | |
tree | b40a0cbe619cf27b3421456130235989d824407d | |
parent | 9e85bd62364e3d408a2b4e9bbcdf32f8ba9cbaf2 (diff) | |
download | gitlab-ce-docs/container-scanning-variables.tar.gz |
Document available env variables for Container Scanningdocs/container-scanning-variables
-rw-r--r-- | doc/user/application_security/container_scanning/index.md | 48 |
1 files changed, 46 insertions, 2 deletions
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index 7b631a5a1cd..57300ba938e 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -94,9 +94,53 @@ If you want to whitelist some specific vulnerabilities, you can do so by definin them in a YAML file named `clair-whitelist.yml`. Read more in the [Clair documentation](https://github.com/arminc/clair-scanner/blob/master/README.md#example-whitelist-yaml-file). +### Customizing the Container Scanning settings + +The Container Scanning settings can be changed through [environment variables](#available-variables) by using the +[`variables`](../../../ci/yaml/README.md#variables) parameter in `.gitlab-ci.yml`. + +For example: + +```yaml +include: + template: Container-Scanning.gitlab-ci.yml + +variables: + CLAIR_SCAN_LOCAL_VERSION: "2.0.5" +``` + +Because template is [evaluated before](../../../ci/yaml/README.md#include) the pipeline +configuration, the last mention of the variable will take precedence. + +### Overriding the Container Scanning template + +If you want to override the job definition (for example, change properties like +`variables` or `dependencies`), you need to declare a `Container_scanning` job +after the template inclusion and specify any additional keys under it. For example: + +```yaml +include: + template: Container-Scanning.gitlab-ci.yml + +container_scanning: + variables: + CLAIR_SCAN_LOCAL_VERSION: "2.0.5" +``` + +### Available variables + +Container Scanning can be [configured](#customizing-the-container-scanning-settings) +using environment variables. + +| Environment variable | Function | +|-------------------------------- |----------| +| `CLAIR_SCAN_LOCAL_VERSION` | Select a custom version (actually, a Docker tag) of [clair-local-scan](https://github.com/arminc/clair-local-scan) to use. | +| `CLAIR_EXECUTABLE_VERSION` | Select a custom version of [clair-scanner](https://github.com/arminc/clair-scanner) binary to use. | + ## Example -The following is a sample `.gitlab-ci.yml` that will build your Docker Image, push it to the container registry and run Container Scanning. +The following is a sample `.gitlab-ci.yml` that will build your Docker image, +push it to the Container Registry and run Container Scanning: ```yaml variables: @@ -155,4 +199,4 @@ docker: Error response from daemon: failed to copy xattrs: failed to set xattr " This is a result of a bug in Docker which is now [fixed](https://github.com/containerd/continuity/pull/138 "fs: add WithAllowXAttrErrors CopyOpt"). To prevent the error, ensure the Docker version that the Runner is using is `18.09.03` or higher. For more information, see -[issue #10241](https://gitlab.com/gitlab-org/gitlab-ee/issues/10241 "Investigate why Container Scanning is not working with NFS mounts").
\ No newline at end of file +[issue #10241](https://gitlab.com/gitlab-org/gitlab-ee/issues/10241 "Investigate why Container Scanning is not working with NFS mounts"). |