Breaking out the notes from https://gitlab.com/gitlab-org/gitlab/-/issues/290240#note_505944006 into this new issue. It appears that the runner is using the default Kubernetes docker image pull policy `pull-if-not-present` This is causing issues when images are updated, such as security analyzers, as old out of date images are used. Documentation https://docs.gitlab.com/runner/security/index.html#usage-of-private-docker-images-with-if-not-present-pull-policy suggests that `always` is preferred I've tried setting this value in the Openshift console runner environment, this spins up a new runner pod which appears to pull a new image, but this is only because it is new, the environment variable does not persist and the image is reused afterwards. At the very least we should document how to set this in the Openshift Runner yml. cc @fcatteau