Fix VAT query/push image_name differences

This template is ONLY used for reporting bugs. New feature request or pipeline enhancement issues should use the other template options for issue submission.

Current Behavior

When querying the VAT, the pipeline is using the image_name which is pulled from the hardening_manifest.yaml, but when the pipeline is inserting/updating in the VAT db, the predefined CI variables CI_PROJECT_PATH is used. This causes the pipeline to fail when attempting to query the approval status of a container on master branches, because the query doesn't match any records in the VAT. After doing some investigation, we've discovered that for 55 projects, the project name and the image name in the hardening manifest do not match. mismatching_names.json

Live Example

https://repo1.dso.mil/dsop/cloudfit/cloudfit/cloudfit-cfs-exchangewebservices/-/jobs/2052884#L32

Expected Behavior

When inserting/updating the VAT db, we should be using the image_name pulled from the hardening_manifest.

Possible Solution

This is the solution we proposed to the VAT team.

Short Term: Check if manifest image_name and project_path match before querying. If yes use hm image_name, if no use project path.
Long Term: Revert short term solution and use hardening_manifest.yaml image_name for the vat import. Work with Irma and other VAT team members to ensure the data is migrated before this change is merged so no approvals are lost when changing the name for an image in VAT.

Short Term Checklist

Update check-cves and csv-output to check if project path and hm image name match
- if yes, query the vat
- if no, fail the pipeline and log error message Long Term Checklist
Revert changes from short term plan
Update vat-import stage to use hardening_manifest name
Work with VAT on migrating the data in the VAT db

Edited Mar 02, 2021 by David Freeman