diff options
Diffstat (limited to 'doc/user/application_security/container_scanning/index.md')
-rw-r--r-- | doc/user/application_security/container_scanning/index.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index 04b0bace265..6ee8be822da 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -189,6 +189,7 @@ variables: CS_IMAGE: <aws_account_id>.dkr.ecr.<region>.amazonaws.com/<image>:<tag> CS_REGISTRY_USER: AWS CS_REGISTRY_PASSWORD: "$AWS_ECR_PASSWORD" + AWS_DEFAULT_REGION: <region> ``` Authenticating to a remote registry is not supported when [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) is enabled. @@ -783,6 +784,21 @@ To prevent the error, ensure the Docker version that the runner is using is For information on this, see the [general Application Security troubleshooting section](../../../ci/jobs/job_artifacts_troubleshooting.md#error-message-no-files-to-upload). +### `unexpected status code 401 Unauthorized: Not Authorized` when scanning an image from AWS ECR + +This might happen when AWS region is not configured and the scanner cannot retrieve an authorization token. When you set `SECURE_LOG_LEVEL` to `debug` you will see a log message like below: + +```shell +[35mDEBUG[0m failed to get authorization token: MissingRegion: could not find region configuration +``` + +To resolve this, add the `AWS_DEFAULT_REGION` to your CI/CD variables: + +```yaml +variables: + AWS_DEFAULT_REGION: <AWS_REGION_FOR_ECR> +``` + ## Changes Changes to the container scanning analyzer can be found in the project's |