Clair Not Delivering Scan Results Due to Incomplete Configuration

Issue

• Clair is unable to send security scan notifications to Quay due to timeouts.

nginx stdout | 2025/04/17 06:21:34 [error] 99#0: *38865 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.0.x.x, server: , request: "POST /secscan/notification HTTP/1.1", upstream: "http://unix:/tmp/gunicorn_secscan.sock/secscan/notification", host: "registry.example.com"

• Scan Status Stuck in "IN_PROGRESS". All entries in the manifestsecuritystatus table have index_status = 1 (IN_PROGRESS), with no scans transitioning to COMPLETED (2) or showing failures.

SELECT * FROM manifestsecuritystatus WHERE index_status <> 1;
-- Returns 0 rows (no scans completed or failed)

• Clair's notifier service is failing to deliver scan results to Quay, halting progress.

{"level":"error","deliverer":"webhook","component":"notifier/Delivery.Deliver","error":"failed to deliver notification: code: 504 status 504 Gateway Time-out","time":"2025-04-28T00:57:49Z","message":"encountered error on tick"}

• The scan status column is not visible in the Quay UI.