What default values are used by the scanner if DOCKER_USER and DOCKER_PASSWORD are not defined?

When DOCKER_USER and DOCKER_PASSWORD are not defined in a GitLab CI/CD pipeline, the scanner defaults to using CI_REGISTRY_USER and CI_REGISTRY_PASSWORD for Docker registry authentication. This means that GitLab automatically falls back to these predefined environment variables to ensure that your pipeline can still authenticate and interact with the Docker registry even when specific user credentials are not provided.

CI_REGISTRY_USER and CI_REGISTRY_PASSWORD are commonly used in the context of Docker image creation and deployment within GitLab pipelines. They facilitate authentication to the GitLab Container Registry, simplifying the process of pulling and pushing Docker images as part of continuous integration and deployment workflows. This default behavior helps to avoid breaking changes in workflows when user-specific credentials are not set, ensuring a smoother CI/CD experience.