Container Scanning Disable Dependency List Not Working

We have just recently become an ultimate customer and started using container scanning. We have noticed that the container dependency scan report is an exact duplicate of the normal container vulnerability report. We wanted to disable the dependency scanning section to reduce clutter in our merge request and found that the variable listed in the documentation for this does not work. I thought about making an issue on the GitLab project but the template for bugs linked here, and making a post here seemed easier. Here are some screenshots, one is the results in our merge request, one is the merged yaml that was run to generate those results, and one is the output from the container scanning job showing the variable was set correctly.



Thank you for your question. It indeed seems like a bug with duplicated vulnerabilities reported on MR widget. We have created an issue about it. Please subscribe for updates about our progress.