If you received inactive project deletion emails on 4/30/25, you can ignore them. The projects named in those emails will NOT be deleted on 7/30/25. Some type of inactive project deletion will be implemented later this year, but you'll receive further communications before any deletions are scheduled.
@@ -62,12 +62,12 @@ scanning system, through a Gitlab CI/CD job: `image_scan`. This job is built upo
To enable container image scanning, you need to first check following criteria:
* A Gitlab API Personal Access Token is valid and stored as `CI_TOKEN` in **Settings -> CI/CD -> Environemnt Variables**, if not, you need to generate one, following the instruction [here](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html);
* A Gitlab API Project Access Token for checkQualys tool is valid and stored as `CI_TOKEN` in **Settings -> CI/CD -> Environemnt Variables**, if not, you need to generate one in checkQualys repository under **Settings -> Access Token**, following the instruction [here](https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html);
* A Gitlab runner in **Settings -> CI/CD -> Runners** with **qualys** tag is enabled.
Notes:
*Using a Gitlab API Personal Access Token is the only way for now to access the Gitlab API that allows the checkQualys tool to post issues back to the project that is being scanned.
*A Gitlab API Project Access Token specify for checkQualys is necessary and can be found in checkQualys repository that allows the checkQualys tool to post issues back to the project that is being scanned.
* A manual `qualys_scan` job at post stage will be created when including job template from checkQualys, and cannot be removed, but it can be ignored.
* This scan job will report all vulnerabilities in the Gitlab issue once occur, if there are a particular vulnerability that does not impact this deployment, a `.cveignore` file with certain CVE ID can be added at the root level to ignore/silence it.
