We are currently in the process of setting up a GitLab pipeline and we want to include a job that scans images for us. This pointed us to https://docs.gitlab.com/ee/ci/examples/container_scanning.html where it recommends to use clair but using the dind executor.
However when we try to use the dind executor, we come across issues with certificates as we are trying to pull images from a registry that we are hosting inhouse, where we are using self signed certs. Ref: https://gitlab.com/gitlab-org/gitlab-runner/issues/1350
We have tried many work arounds suggested but all seem to not work for various reasons.
So I have a few questions:
- Should we simply change the self signed cert to a cert from a registered certificate authority?
- Is clair the only option to scan images via gitlab?
- Should we be avoiding dind runner altogether according to this post? http://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/
Any help greatly appreciated.