@@ -54,13 +54,15 @@ select an alternate build tool by using the `DOCKER_BUILD_TOOL` variable (see be
:warning: If you choose to use 'Docker-in-Docker' option considering the associated security risks, make sure your runner has required privileges to run Docker-in-Docker ([see GitLab doc](https://docs.gitlab.com/ci/docker/using_docker_build/#use-docker-in-docker-workflow-with-docker-executor)).
You can also disable the building of the Docker image to only run security checks and publishing ([see below](#using-an-external-docker-registry)).
### Global variables
The Docker template uses some global configuration used throughout all jobs.
| Input / Variable | Description | Default value |
| `build-tool` / `DOCKER_BUILD_TOOL` | The build tool to use for building container image, possible values are `kaniko`, `buildah` or`dind` | `kaniko` |
| `build-tool` / `DOCKER_BUILD_TOOL` | The build tool to use for building container image, possible values are `kaniko`, `buildah`,`dind`or `external` | `kaniko` |
| `kaniko-image` / `DOCKER_KANIKO_IMAGE` | The image used to run `kaniko` - _for kaniko build only_ | `gcr.io/kaniko-project/executor:debug` (use `debug` images for GitLab)<br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-DOCKER_KANIKO_IMAGE)|
| `buildah-image` / `DOCKER_BUILDAH_IMAGE` | The image used to run `buildah` - _for buildah build only_ | `quay.io/containers/aio:latest`<br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-DOCKER_BUILDAH_IMAGE)|
| `image` / `DOCKER_IMAGE` | The Docker image used to run the docker client (see [full list](https://hub.docker.com/r/library/docker/)) - _for Docker-in-Docker build only_ | `registry.hub.docker.com/library/docker:latest`<br/>[](https://to-be-continuous.gitlab.io/doc/secu/trivy-DOCKER_IMAGE) |
If you want to use the template with an externally built Docker image (scan for vulnerabilities, extract SBOM, test, promote...), you can skip build jobs by setting the `DOCKER_BUILD_TOOL` variable to `external`:
