在 .gitlab-ci.yml 中配置容器扫描，如果该文件不存在则创建该文件

.gitlab-ci.yml

@@ -1,23 +1,36 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
+
+# container_scanning:
+#   variables:
+#     DOCKER_IMAGE: ...
+#     DOCKER_USER: ...
+#     DOCKER_PASSWORD: ...
 stages:
-  - release
+- release
-
 variables:
-  TAGS: ""
+  TAGS: ''
-
 release-image:
   image: docker:24.0.6
   stage: release
   rules:
-    - if: '$TAGS'
+  - if: "$TAGS"
   before_script:
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   script:
-    - if [ -z "$TAGS" ]; then export TAGS=$(cat tags.txt); fi
+  - if [ -z "$TAGS" ]; then export TAGS=$(cat tags.txt); fi
-    - |
+  - |-
-      for tag in $TAGS; do
+    for tag in $TAGS; do
-        export IMAGE_TAG=$CI_REGISTRY_IMAGE:$tag
+      export IMAGE_TAG=$CI_REGISTRY_IMAGE:$tag
-        echo $IMAGE_TAG
+      echo $IMAGE_TAG
-        sed "s/latest/$tag/g" Dockerfile > Dockerfile.tmp
+      sed "s/latest/$tag/g" Dockerfile > Dockerfile.tmp
-        docker build . --pull -f Dockerfile.tmp -t $IMAGE_TAG
+      docker build . --pull -f Dockerfile.tmp -t $IMAGE_TAG
-        docker push $IMAGE_TAG
+      docker push $IMAGE_TAG
-      done
+    done
+include:
+- template: Jobs/Container-Scanning.gitlab-ci.yml