Container Scanning questions

We are an enterprise customer and are evaluating using container scanning in our MR’s. I have the container scanning stage working, but I don’t see the results of it in the merge request at all (even though the docs say we should). Also, even if i allow_failure:false, the stage still passes. We want MR’s to be blocked on a failed scan.

Any ideas?

Did you do it manually like or the Auto container scanning? Can you show your gitlab ci file?

Soo… I had to sign up for the forums with another account as for some reason my account was locked? I’ve only posted the message above, so I’d love to know why that came to be…

Anyway, in reply to your question, this is the container scanning stage:

  stage: container_scan
  image: docker:stable
  allow_failure: false
    ## Define two new variables based on GitLab's CI/CD predefined variables
    CLAIR_LOCAL_SCAN_VERSION: v2.0.8_fe9b059d930314b54c78f75afe265955faf4fdc1
    - docker:stable-dind
    - docker run -d --name db arminc/clair-db:latest
    - docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:${CLAIR_LOCAL_SCAN_VERSION}
    - apk add -U wget ca-certificates
    - docker login -u gitlab-ci-token -p $GL_TOKEN gitlabserver:4567
    - wget
    - mv clair-scanner_linux_amd64 clair-scanner
    - chmod +x clair-scanner
    - touch clair-whitelist.yml
    - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
    - retries=0
    - echo "Waiting for clair daemon to start"
    - while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
    - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} || true
      container_scanning: gl-container-scanning-report.json
    - merge_requests

ok, as long as you indeed run Gitlab enterprise 11.5 or later, I do not see a problem. (sorry I’m a bit late, I was on holidays).
Sorry, no clue here