Use a feature flag to toggle security notifications

config.py

@@ -280,9 +280,10 @@ class DefaultConfig(object):
 
   # Security scanner
   FEATURE_SECURITY_SCANNER = False
+  FEATURE_SECURITY_NOTIFICATIONS = False
   SECURITY_SCANNER = {
     'ENDPOINT': 'http://192.168.99.101:6060',
-    'ENGINE_VERSION_TARGET': 1,
+    'ENGINE_VERSION_TARGET': 2,
     'API_VERSION': 'v1',
     'API_TIMEOUT_SECONDS': 10,
   }

util/secscan/analyzer.py

@@ -1,6 +1,8 @@
 import logging
 import logging.config
 
+import features
+
 from collections import defaultdict
 
 from endpoints.notificationhelper import spawn_notification
@@ -90,7 +92,7 @@ class LayerAnalyzer(object):
 
     # If we are the one who've done the job successfully first, get the vulnerabilities and
     # send notifications to the repos that have a tag on that layer.
-    if set_status:
+    if features.SECURITY_NOTIFICATIONS and set_status:
       # Get the tags of the layer we analyzed.
       repository_map = defaultdict(list)
       event = ExternalNotificationEvent.get(name='vulnerability_found')

workers/security_notification_worker.py

@@ -43,7 +43,7 @@ class SecurityNotificationWorker(QueueWorker):
 
 
 if __name__ == '__main__':
-  if not features.SECURITY_SCANNER:
+  if not features.SECURITY_SCANNER or not features.SECURITY_NOTIFICATIONS:
     logger.debug('Security scanner disabled; skipping SecurityNotificationWorker')
     while True:
       time.sleep(100000)