Gitlab container scanning with Nexus Sonatype 3.66

Hi All,

I’m using this template in gitlab,

  - template: Jobs/Container-Scanning.gitlab-ci.yml

to scan for image vulnerabilities with nexus-sonatype 3.66, only works fine if anonymous is enabled.

I will have this error if anonymous is disabled in nexus-sonatype,

[ERROR] [2024-04-14 00:41:08 +0000] [container-scanning]  >  Scanner has not created a file with results (tmp.json)
[INFO] [2024-04-14 00:41:08 +0000] [container-scanning]  >  Scan failed. Use `SECURE_LOG_LEVEL=debug` to see more details.
[ERROR] [2024-04-14 00:41:08 +0000] [container-scanning]  >  2024-04-14T00:41:08.455Z	INFO	Vulnerability scanning is enabled
2024-04-14T00:41:08.470Z	FATAL	image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: 4 errors occurred:
	* docker error: unable to inspect the image (nexus-server:5000/ubi-carvel:3778): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
	* containerd error: containerd socket not found: /run/containerd/containerd.sock
	* podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* remote error: GET https://nexus-server:5000/v2/token?scope=repository%3Aubi-carvel%3Apull&service=https%3A%2F%2Fnexus-server%3A5000%2Fv2%2Ftoken: UNAUTHORIZED: access to the requested resource is not authorized

Either I use openshift buildconfigs or use buildah to build the image and both have almost the same errors on the container_scanning stage.

Please help!

Hi, this seems like a question for the Lifecycle part of the forums -

This is for Nexus Repository Manager.

You need to add the credential of Nexus,


On buildah, there’s warning (probably it could be fixed, didn’t try) but using Openshift buildconfig, all fine.