Problem to solve
I would like to add security scans for the Dockerfile in my project. So that I can get information about vulnerabilities in the base image I’m using. Something like Docker Scout shows me in the Docker desktop application.
It is not clear to me, if I should use Infrastructure as Code Scanning or Container Scanning for this. Both seem to work with a Dockerfile. Maybe I should use both?
Any advice would be appreciated. Thanks.
Versions
- Self-managed
-
GitLab.com SaaS(Free Plan) - Dedicated
- Self-hosted Runners