Hi All,
I’m using this template in gitlab,
include:
- template: Jobs/Container-Scanning.gitlab-ci.yml
to scan for image vulnerabilities with nexus-sonatype 3.66, only works fine if anonymous is enabled.
I will have this error if anonymous is disabled in nexus-sonatype,
[ERROR] [2024-04-14 00:41:08 +0000] [container-scanning] > Scanner has not created a file with results (tmp.json)
[INFO] [2024-04-14 00:41:08 +0000] [container-scanning] > Scan failed. Use `SECURE_LOG_LEVEL=debug` to see more details.
[ERROR] [2024-04-14 00:41:08 +0000] [container-scanning] > 2024-04-14T00:41:08.455Z INFO Vulnerability scanning is enabled
2024-04-14T00:41:08.470Z FATAL image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: 4 errors occurred:
* docker error: unable to inspect the image (nexus-server:5000/ubi-carvel:3778): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* containerd error: containerd socket not found: /run/containerd/containerd.sock
* podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* remote error: GET https://nexus-server:5000/v2/token?scope=repository%3Aubi-carvel%3Apull&service=https%3A%2F%2Fnexus-server%3A5000%2Fv2%2Ftoken: UNAUTHORIZED: access to the requested resource is not authorized
Either I use openshift buildconfigs or use buildah to build the image and both have almost the same errors on the container_scanning stage.
Please help!
Thanks,
Vener