Skip to content

[bug] The image version in Security/Secure-Binaries.gitlab-ci.yml is inconsistent with the one defined in Jobs/SAST.gitlab-ci.yml

https://gitlab.com/gitlab-org/gitlab/-/issues/572441

GitLab provides a vendored template to ease this process for loading Docker images onto your offline host

   include:
  - template: Security/Secure-Binaries.gitlab-ci.yml

But the image version in Security/Secure-Binaries.gitlab-ci.yml is inconsistent with the one defined in Jobs/SAST.gitlab-ci.yml!

For example, the version of the image semgrep is 5 in Security/Secure-Binaries.gitlab-ci.yml:156

image.png

The SAST: Make GitLab SAST analyzer images available inside your Docker registry document, also suggests that you should load the semgrep:5 image:

registry.gitlab.com/security-products/gitlab-advanced-sast:1
registry.gitlab.com/security-products/kubesec:5
registry.gitlab.com/security-products/pmd-apex:5
registry.gitlab.com/security-products/semgrep:5
registry.gitlab.com/security-products/sobelow:5
registry.gitlab.com/security-products/spotbugs:5

BUT it is 6 in Jobs/SAST.gitlab-ci.yml:222

image.png

That causes pipeline errors as follows:

image.png