Scan-logic | Update scanning stage
Need to update scan job to allow for the rescan old images.
Original scans are registry1.dso.mil/ironbank-staging/*, the rescan will use registry1.dso.mil/ironbank/*. However, the digest won't change. Hopefully the scanners detect this as a "rescan" and will find the old scan data for the same digest.
The scanners will need pull permissions to registry1.dso.mil/ironbank/* and any associated configuration changes.
Assume that the old image no longer exists in registry1.dso.mil/ironbank-staging/* (assume staging GC). The scanners can use a system robot account with pull permissions to both ironbank/ and ironbank-staging/.
-
Add scan-logic as stage dependency to access env file -
Update anchore -
Update openscap -
Update twistlock -
Update unit tests as necessary
Note:
Throughout the later stages, make sure the correct (old or new) digest is used when appropriate. Also, any timestamps: use the original build timestamp when appropriate.