Default credentials
Container scanning uses DOCKER_USER
and DOCKER_PASSWORD
(https://docs.gitlab.com/ee/user/application_security/container_scanning/) for authenticated registries.
The new analyzer using Trivy doesn't use these variables, forcing users to set TRIVY_USERNAME
and TRIVY_PASSWORD
manually.
We want to avoid this manual setup and, more importantly, maintain the existing behaviour.
Edited by Thiago Figueiró