Closed SyraD closed 5 years ago
The fact that microscanner returns a non-zero code is failling the docker build, and the final image isn't being created, but it seems that Docker is creating an intermediate image that doesn't get removed. I reproduced the same thing without microscanner as follows:
Dockerfile
FROM mongo:3.2.1
RUN echo hello # This forces an intermediate image different from mongo:3.2.1
RUN exit 4
Build:
$ docker build -f Dockerfile.test .
Sending build context to Docker daemon 27.24MB
Step 1/3 : FROM mongo:3.2.1
---> 7e350b877a9a
Step 2/3 : RUN echo hello
---> Running in 9e7a5c4b2ba9
hello
Removing intermediate container 9e7a5c4b2ba9
---> 099c83cf7c11
Step 3/3 : RUN exit 4
---> Running in 6a2b69c29d5b
The command '/bin/sh -c exit 4' returned a non-zero code: 4
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 099c83cf7c11 8 seconds ago 317MB
mongo 3.2.1 7e350b877a9a 2 years ago 317MB
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6a2b69c29d5b 099c83cf7c11 "/bin/sh -c 'exit 4'" 2 minutes ago Exited (4) 2 minutes ago sad_proskuriakova
This demonstrates that it's not a microscanner issue but a Docker build issue so I'll close this here. Please re-open if you disagree.
Following https://blog.aquasec.com/microscanner-free-image-vulnerability-scanner-for-developers
Vulnerable image successfully builds.
The image builds: