Container scanning with nexus registry

Hi All,

I’m using this template in gitlab,

  - template: Jobs/Container-Scanning.gitlab-ci.yml

to scan for image vulnerabilities with nexus-sonatype 3.66, only works fine if anonymous is enabled.

I will have this error if anonymous is disabled in nexus-sonatype,

[ERROR] [2024-04-14 00:41:08 +0000] [container-scanning]  >  Scanner has not created a file with results (tmp.json)
[INFO] [2024-04-14 00:41:08 +0000] [container-scanning]  >  Scan failed. Use `SECURE_LOG_LEVEL=debug` to see more details.
[ERROR] [2024-04-14 00:41:08 +0000] [container-scanning]  >  2024-04-14T00:41:08.455Z	INFO	Vulnerability scanning is enabled
2024-04-14T00:41:08.470Z	FATAL	image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: 4 errors occurred:
	* docker error: unable to inspect the image (nexus-server:5000/ubi-carvel:3778): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
	* containerd error: containerd socket not found: /run/containerd/containerd.sock
	* podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* remote error: GET https://nexus-server:5000/v2/token?scope=repository%3Aubi-carvel%3Apull&service=https%3A%2F%2Fnexus-server%3A5000%2Fv2%2Ftoken: UNAUTHORIZED: access to the requested resource is not authorized

Either I use openshift buildconfigs or use buildah to build the image and both have almost the same errors on the container_scanning stage.

Please help!

You need to add the credential of Nexus,


On buildah, there’s warning (probably it could be fixed, didn’t try) but using Openshift buildconfig, all fine.

1 Like