Integration Configuration

This section provides documentation on configuring container scanning integrations in CI/CD environments.

Overview

Proper configuration is essential for successful container scanning in CI/CD pipelines. This section covers various configuration aspects, including:

• Environment Variables: Managing configuration parameters across different environments
• Secrets Management: Securely handling sensitive information in CI/CD pipelines
• Thresholds Integration: Implementing compliance thresholds for automated quality gates
• Reporting Configuration: Generating and distributing scan results in various formats

Key Configuration Considerations

When configuring container scanning in CI/CD pipelines, consider the following factors:

1. Security: Ensure credentials and sensitive information are properly secured
2. Flexibility: Allow configuration to adapt to different environments (dev, staging, prod)
3. Maintainability: Use consistent naming conventions and documented parameters
4. Reproducibility: Ensure configuration produces consistent results across runs
5. Integration: Enable interoperability with existing security tools and processes

Common Configuration Patterns

The following patterns are commonly used when configuring container scanning:

Environment-Based Configuration

Configure different scanning parameters based on the target environment:

variables:
  # Base settings
  SCANNER_LOG_LEVEL: info
  RESULTS_DIR: ./scan-results

  # Environment-specific thresholds
  THRESHOLD_DEVELOP: 50
  THRESHOLD_STAGING: 70
  THRESHOLD_PRODUCTION: 90

Dynamic Configuration

Adapt scanning behavior based on build parameters:

# Determine threshold based on branch
if [ "$CI_COMMIT_BRANCH" == "main" ]; then
  THRESHOLD=$THRESHOLD_PRODUCTION
elif [ "$CI_COMMIT_BRANCH" == "staging" ]; then
  THRESHOLD=$THRESHOLD_STAGING
else
  THRESHOLD=$THRESHOLD_DEVELOP
fi

Component-Specific Configuration

Apply different scanning configurations based on component type:

# For API containers
if [[ "$CONTAINER_TYPE" == "api" ]]; then
  PROFILE="api-security-profile"
  THRESHOLD=90
# For database containers
elif [[ "$CONTAINER_TYPE" == "db" ]]; then
  PROFILE="database-security-profile"
  THRESHOLD=95
# Default configuration
else
  PROFILE="default-security-profile"
  THRESHOLD=80
fi

Getting Started

To get started with container scanning configuration, review the following pages:

• Environment Variables - Learn how to configure scanner parameters
• Secrets Management - Securely manage sensitive information
• Thresholds Integration - Configure compliance thresholds
• Reporting Configuration - Set up results visualization and reporting

Related Resources

• GitHub Actions Integration
• GitLab CI/CD Integration
• Standard Container Workflow
• Distroless Container Workflow
• Sidecar Container Workflow