GitLab

This template is ONLY used for reporting bugs. New feature request or pipeline enhancement issues should use the other template options for issue submission.

Current Behavior

For new projects, a hardening_manifest.yaml file is expected to be created, but maintainers should not create a greylist file. In our implementation of backwards compatibility for the greylist, we load the greylist file for source and base images to gather the name and version, which allows us to query the VAT for cves and approval status. This causes the lint stage (and presumably the justifier and check-cves) stages to fail for new projects because they attempt to load a greylist that doesn't exist, and should not be created.

Live Example

https://repo1.dso.mil/dsop/ivx/yet-another-cloudwatch-exporter/-/jobs/1326921

Expected Behavior

The greylist file should only be used for name and version for a source or parent image if no hardening_manifest.yaml exists.

Possible Solution

Only load the greylist if the hardening_manifest doesn't exist

Relevant MR: !330 (merged)