相关文章推荐
玩足球的馒头  ·  Outlook OAuth2 SMTP ...·  10 月前    · 
会搭讪的蚂蚁  ·  C++ Web 编程 | 菜鸟教程·  1 年前    · 
Scan an image in a remote registry
  • Dependency list
  • Report language-specific findings
  • Available CI/CD variables
  • Supported distributions
  • Enable Container Scanning through an automatic merge request
  • Overriding the container scanning template
  • Change scanners
  • Setting the default branch image
  • Using a custom SSL CA certificate authority
  • Vulnerability allowlisting
  • Running container scanning in an offline environment
  • Running the standalone container scanning tool
  • Reports JSON format
  • Security Dashboard
  • Vulnerabilities database
  • Interacting with the vulnerabilities
  • Solutions for vulnerabilities (auto-remediation)
  • Troubleshooting
  • Changes
  • Container Scanning

    Version history
  • Improved support for FIPS introduced in GitLab 13.6 by upgrading CS_MAJOR_VERSION from 2 to 3 .
  • Integration with Trivy introduced in GitLab 13.9 by upgrading CS_MAJOR_VERSION from 3 to 4 .
  • Integration with Clair deprecated in GitLab 13.9.
  • Default container scanning with Trivy introduced in GitLab 14.0.
  • Integration with Grype as an alternative scanner introduced in GitLab 14.0.
  • Changed the major analyzer version from 4 to 5 in GitLab 15.0.
  • Moved from GitLab Ultimate to GitLab Free in 15.0.
  • Container Scanning variables that reference Docker renamed in GitLab 15.4.
  • Container Scanning template moved from Security/Container-Scanning.gitlab-ci.yml to Jobs/Container-Scanning.gitlab-ci.yml in GitLab 15.6.
  • Your application’s Docker image may itself be based on Docker images that contain known vulnerabilities. By including an extra Container Scanning job in your pipeline that scans for those vulnerabilities and displays them in a merge request, you can use GitLab to audit your Docker-based apps.