我在 gitlab 中使用这个模板,
include:
- template: Jobs/Container-Scanning.gitlab-ci.yml
使用 nexus-sonatype 3.66 扫描图像漏洞,仅在启用匿名时才能正常工作。
如果在 nexus-sonatype 中禁用匿名,我将出现此错误,
[ERROR] [2024-04-14 00:41:08 +0000] [container-scanning] > Scanner has not created a file with results (tmp.json)
[INFO] [2024-04-14 00:41:08 +0000] [container-scanning] > Scan failed. Use `SECURE_LOG_LEVEL=debug` to see more details.
[ERROR] [2024-04-14 00:41:08 +0000] [container-scanning] > 2024-04-14T00:41:08.455Z INFO Vulnerability scanning is enabled
2024-04-14T00:41:08.470Z FATAL image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: 4 errors occurred:
* docker error: unable to inspect the image (nexus-server:5000/ubi-carvel:3778): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* containerd error: containerd socket not found: /run/containerd/containerd.sock
* podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* remote error: GET https://nexus-server:5000/v2/token?scope=repository%3Aubi-carvel%3Apull&service=https%3A%2F%2Fnexus-server%3A5000%2Fv2%2Ftoken: UNAUTHORIZED: access to the requested resource is not authorized
我使用 openshift buildconfigs 或使用 buildah 来构建镜像,两者在 container_scanning 阶段都有几乎相同的错误。
请帮忙! 谢谢, 大学
您需要添加Nexus的凭证,
CS_REGISTRY_USER : xxxxx
CS_REGISTRY_PASSWORD: xxxxx
在 buildah 上,有警告(可能可以修复,没有尝试),但使用 Openshift buildconfig,一切都很好。