<!-- NOTICE: This Issue tracker is for the GitLab Helm chart, not the GitLab Rails application. Support: Please do not raise support issues for GitLab.com on this tracker. See https://about.gitlab.com/support/ --> ## Summary When building images with kaniko, the clair cve scanner doesnt work. ## Steps to reproduce Use Container-Scanning.gitlab-ci.yml with kaniko as mentioned in your docs. ## Configuration used (Please provide a _sanitized_ version of the configuration used wrapped in a code block (```yaml)) ```yaml stages: - docker-build-push # to run on kaniko branch - test docker-build-push: # https://docs.gitlab.com/ee/ci/docker/using_kaniko.html#building-a-docker-image-with-kaniko only: refs: # branches to run on - master - dev stage: docker-build-push image: name: gcr.io/kaniko-project/executor:debug-v0.16.0 entrypoint: [""] before_script: - | echo "-----BEGIN CERTIFICATE----- ....... -----END CERTIFICATE-----" >> /kaniko/ssl/certs/additional-ca-cert-bundle.crt script: - echo "{\"auths\":{\"$COMPANY_REGISTRY\":{\"auth\":\"$(echo -n $COMPANY_REGISTRY_USER:$COMPANY_REGISTRY_PASSWORD | base64)\"}}}" > /kaniko/.docker/config.json # for each tag that you want to add append '--destination $COMPANY_REGISTRY_IMAGE' at the end of the below line - /kaniko/executor --context $COMPANY_PROJECT_DIR --dockerfile $COMPANY_PROJECT_DIR/$DOCKERFILENAME --destination $COMPANY_REGISTRY_IMAGE variables: DOCKERFILENAME: Dockerfile # registry/project/image:tag COMPANY_REGISTRY_IMAGE: registry.COMPANY.com/project/buildock:test COMPANY_PROJECT_DIR: . include: - template: Security/Container-Scanning.gitlab-ci.yml # project/global variables variables: CLAIR_OUTPUT: High DOCKER_DRIVER: overlay2 container_scanning: stage: docker-build-push ``` ## Current behavior image gets pushed but no output from clair or scanner as if it doesnt exist in the ci file. ## Expected behavior The CVE scanner output is displayed in log. ## Versions - Chart: 13.0 is the gitlab version - Platform: - Self-hosted: (RKE) ## Relevant logs no logs from scanner.