From 1be8459c055928dfe7f7f1e4570eb7682fb14962 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Olivier=20Dupr=C3=A9?= Date: Fri, 26 Sep 2025 10:55:18 +0200 Subject: [PATCH] Fix inconsistency in variable names for seucirty scanners, leading to unexpected behavior. --- .../ci/templates/Jobs/Container-Scanning.gitlab-ci.yml | 8 ++++++-- .../Jobs/Container-Scanning.latest.gitlab-ci.yml | 8 +++++--- .../Security/DAST-Runner-Validation.gitlab-ci.yml | 9 +++++++-- 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml index ae33d94b8e895d..764b556416b458 100644 --- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml @@ -20,9 +20,13 @@ # # Configure container scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/). # List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables - variables: - CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:8" + # Setting this variable affects all Security templates + # (SAST, Dependency Scanning, ...) + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" + + CS_ANALYZER_IMAGE_TAG: '8' + CS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/container-scanning:$CS_ANALYZER_IMAGE_TAG" CS_SCHEMA_MODEL: 15 container_scanning: diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml index 124dfdd660ab77..6b882422d4860e 100644 --- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml @@ -26,11 +26,13 @@ # List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables variables: - # Setting this variable affects all Security templates + # Setting these variables affects all Security templates # (SAST, Dependency Scanning, ...) AST_ENABLE_MR_PIPELINES: "true" - # - CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:8" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" + + CS_ANALYZER_IMAGE_TAG: '8' + CS_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/container-scanning:$CS_ANALYZER_IMAGE_TAG" CS_SCHEMA_MODEL: 15 # Provide a base job for extensibility until delivery of https://gitlab.com/gitlab-org/gitlab/-/issues/215470 diff --git a/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml index b9bf335c6b45c9..5214e45ce26ce3 100644 --- a/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml @@ -13,12 +13,17 @@ stages: - dast variables: - DAST_RUNNER_VALIDATION_VERSION: 1 + # Setting this variable affects all Security templates + # (SAST, Dependency Scanning, ...) + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" + + DAST_RUNNER_VALIDATION_VERSION: "1" + DAST_RUNNER_VALIDATION_IMAGE: "$SECURE_ANALYZERS_PREFIX/dast-runner-validation:$DAST_RUNNER_VALIDATION_VERSION$DAST_IMAGE_SUFFIX" validation: stage: dast image: - name: "$CI_TEMPLATE_REGISTRY_HOST/security-products/dast-runner-validation:$DAST_RUNNER_VALIDATION_VERSION$DAST_IMAGE_SUFFIX" + name: "$DAST_RUNNER_VALIDATION_IMAGE" variables: GIT_STRATEGY: none allow_failure: false -- GitLab