Scan-logic | Update scan-logic stage

Currently, some code is stubbed out in scan_logic_jobs.py to check/set FORCE_SCAN and RESCAN_REQUIRED env vars. Need to finish the implementation for this logic by doing the following:

• Scan logic should set multiple variables:

  • FORCE_SCAN_NEW_IMAGE - unconditionally use the rebuilt image
  • SCAN_NEW_IMAGE - scan logic determined that the old image should be rescanned
  • OLD_DIGEST sha256:aaaaa - old digest to be rescanned by scanners if SCAN_NEW_IMAGE is false.
  • OLD_BUILD_TIMESTAMP - extracted from image labels, timestamp of old build

• Implement the conditional logic or function to determine which image to scan:

  • IMAGE_TO_SCAN - maybe? Decide if you want conditional logic for scanners in the scan stages, or the scan logic stage.
    • Or write a python function that returns the image path, and reuse this function between the scanners

Note:

During development, set FORCE_SCAN_NEW_IMAGE=true at the dsop/ group level. This allows us to incrementally merge code into ironbank-pipeline without breaking the pipeline or requiring one very large MR.

Unit test effort tracked in separate ticket #652 (closed)