Here is pseudo code for a pipeline definition I have:
include:
- template: Security/Container-Scanning.gitlab-ci.yml
stages:
- build
- scan
- query
build_job:
stage: build
...
container_scanning:
stage: scan
...
query_job:
stage: query
...
script:
- curl --header "Authorization: Bearer <token>" \
"https://git.example.com/api/v4/projects/${CI_PROJECT_ID}/vulnerability_findings?report_type=container_scanning&pipeline_id=${CI_PIPELINE_ID}"
...
I try to query container scanning information from a CI pipeline that is still running. However, this query just returns [] and when I make the same query for the same pipeline after it finishes the report is not empty.
So it seems like it is not possible to make queries via GitLab REST API while the pipeline is still running.
Do you know a workaround for this issue or am I just making a mistake here?
It depends on the API which you are trying to use. For example it is possible to use pipelines or jobs API during the pipeline's run.
But in case of vulnerability findings API - you can't get findings when pipeline is not yet complete. There is no exact restriction for that in the API docs, but it exists in docs for pipeline's security tab:
The pipeline vulnerability report only displays after the pipeline is complete. If the pipeline has a blocking manual job, the pipeline waits for the manual job and the vulnerabilities cannot be displayed if the blocking manual job did not run.
And for displaying vulnerability report on the pipeline's security tab - vulnerability findings API is used.