use more of latest gitlab configuration

author: dakkar <dakkar@thenautilus.net> 2026-01-03 20:05:18 +0000
committer: dakkar <dakkar@thenautilus.net> 2026-01-03 20:05:18 +0000
commit: 902eb8cd8e3ddc1b04f79912ec63b19760098d82 (patch)
tree: 438bf5e2671f588e8ab083751fe529a784ce5049 /.gitlab/ci_templates/container_scanning.yml
parent: use latest gitlab-ci configuration (diff)
download: sharkey-902eb8cd8e3ddc1b04f79912ec63b19760098d82.tar.gz
sharkey-902eb8cd8e3ddc1b04f79912ec63b19760098d82.tar.bz2
sharkey-902eb8cd8e3ddc1b04f79912ec63b19760098d82.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/.gitlab/ci_templates/container_scanning.yml b/.gitlab/ci_templates/container_scanning.yml
new file mode 100644
index 0000000000..19231ba4dc
--- /dev/null
+++ b/.gitlab/ci_templates/container_scanning.yml
@@ -0,0 +1,20 @@
+# https://docs.gitlab.com/user/application_security/sast/
+include:
+  - template: Jobs/Container-Scanning.latest.gitlab-ci.yml
+
+# https://docs.gitlab.com/user/application_security/container_scanning/#scanning-archives-built-in-a-previous-job
+# https://docs.gitlab.com/user/application_security/detect/security_configuration/#error-chosen-stage-test-does-not-exist
+container_scanning:
+  stage: deploy
+
+  # SAST tools only support x64
+  tags:
+    - amd64
+
+  variables:
+    AST_ENABLE_MR_PIPELINES: 'false'
+    CS_IMAGE: "${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG}"
+
+  needs:
+    - job: merge_image_manifests
+      artifacts: true
author	dakkar <dakkar@thenautilus.net>	2026-01-03 20:05:18 +0000
committer	dakkar <dakkar@thenautilus.net>	2026-01-03 20:05:18 +0000
commit	902eb8cd8e3ddc1b04f79912ec63b19760098d82 (patch)
tree	438bf5e2671f588e8ab083751fe529a784ce5049 /.gitlab/ci_templates/container_scanning.yml
parent	use latest gitlab-ci configuration (diff)
download	sharkey-902eb8cd8e3ddc1b04f79912ec63b19760098d82.tar.gz sharkey-902eb8cd8e3ddc1b04f79912ec63b19760098d82.tar.bz2 sharkey-902eb8cd8e3ddc1b04f79912ec63b19760098d82.zip