summaryrefslogtreecommitdiff
path: root/.gitlab/ci_templates/container_scanning.yml
diff options
context:
space:
mode:
Diffstat (limited to '.gitlab/ci_templates/container_scanning.yml')
-rw-r--r--.gitlab/ci_templates/container_scanning.yml20
1 files changed, 20 insertions, 0 deletions
diff --git a/.gitlab/ci_templates/container_scanning.yml b/.gitlab/ci_templates/container_scanning.yml
new file mode 100644
index 0000000000..19231ba4dc
--- /dev/null
+++ b/.gitlab/ci_templates/container_scanning.yml
@@ -0,0 +1,20 @@
+# https://docs.gitlab.com/user/application_security/sast/
+include:
+ - template: Jobs/Container-Scanning.latest.gitlab-ci.yml
+
+# https://docs.gitlab.com/user/application_security/container_scanning/#scanning-archives-built-in-a-previous-job
+# https://docs.gitlab.com/user/application_security/detect/security_configuration/#error-chosen-stage-test-does-not-exist
+container_scanning:
+ stage: deploy
+
+ # SAST tools only support x64
+ tags:
+ - amd64
+
+ variables:
+ AST_ENABLE_MR_PIPELINES: 'false'
+ CS_IMAGE: "${CI_REGISTRY_IMAGE}:${REGISTRY_PUSH_TAG}"
+
+ needs:
+ - job: merge_image_manifests
+ artifacts: true
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-03 00:48:24 +0000