I have enabled the templated container scanning job to one of my projects as documented at Container Scanning | GitLab.
The relevant parts of my .gitlab-ci.yml
are as follows:
include:
- template: Security/Container-Scanning.gitlab-ci.yml
container_scanning:
variables:
CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHA
DOCKER_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHA
SECURE_LOG_LEVEL: debug
GIT_STRATEGY: fetch
The job executes and successfully on the public GitLab.com SaaS CI runners, finding my container image and starts to scan it.
However, it fails with the following error message in the logs:
2022-01-15T17:42:16.321Z DEBUG OS is not detected and vulnerabilities in OS packages are not detected.
2022-01-15T17:42:16.322Z DEBUG Detected OS: unknown
2022-01-15T17:42:16.322Z INFO Number of language-specific files: 0
[ERROR] [2022-01-15 17:42:16 +0000] [] ▶ private method `select' called for nil:NilClass
Uploading artifacts for failed job
00:02
Uploading artifacts...
gl-container-scanning-report.json: found 1 matching files and directories
Uploading artifacts as "container_scanning" to coordinator... ok id=1978977545 responseStatus=201 Created token=yrdMjm-Q
Uploading artifacts...
WARNING: gl-dependency-scanning-report.json: no matching files
ERROR: No files to upload
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: exit code 1
A full copy of the log is here: https://pastebin.com/raw/tgqhhQgK or (for those able to see the private job), here: https://gitlab.com/nicolaw/trinitycore/-/jobs/1978977545
I’m fairly confident that I’ve followed the documentation correctly. Is there something I have overlooked, missed or misunderstood here, or is this a bug or an unexpected edge case that needs investigating?
Any and all help is welcomed.
Thanks!