Trivy Fails To Scan Locally Built Images, Podman Sock Error

[exiett]

Description

MacBook M1 user is experiencing the Podman Socket error when trying to scan for locally built images. When she tries to scan a image that is pulled from the web, Trivy works just fine.

What did you expect to happen?

Trivy scans the image and reports for vulnerabilities normally.

What happened instead?

2023-02-27T15:34:20.926-0300    FATAL   image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 4 errors occurred:
    * unable to inspect the image (c7009069b0dd): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
    * unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
    * containerd socket not found: /run/containerd/containerd.sock
    * GET https://index.docker.io/v2/library/c7009069b0dd/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/c7009069b0dd Type:repository]]

Output of run with -debug:

❯ trivy image --debug c7009069b0dd
2023-02-27T15:57:16.733-0300    DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-02-27T15:57:16.776-0300    DEBUG   cache dir:  /Users/mariana.romao/Library/Caches/trivy
2023-02-27T15:57:16.777-0300    DEBUG   DB update was skipped because the local DB is the latest
2023-02-27T15:57:16.777-0300    DEBUG   DB Schema: 2, UpdatedAt: 2023-02-27 18:06:52.859913509 +0000 UTC, NextUpdate: 2023-02-28 00:06:52.859912509 +0000 UTC, DownloadedAt: 2023-02-27 18:19:50.931528 +0000 UTC
2023-02-27T15:57:16.777-0300    INFO    Vulnerability scanning is enabled
2023-02-27T15:57:16.777-0300    DEBUG   Vulnerability type:  [os library]
2023-02-27T15:57:16.777-0300    INFO    Secret scanning is enabled
2023-02-27T15:57:16.777-0300    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-02-27T15:57:16.777-0300    INFO    Please see also https://aquasecurity.github.io/trivy/v0.37/docs/secret/scanning/#recommendation for faster secret detection
2023-02-27T15:57:20.192-0300    FATAL   image scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:424
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:263
  - unable to initialize a scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:649
  - unable to initialize a docker scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.imageStandaloneScanner
        /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:22
  - 4 errors occurred:
    * unable to inspect the image (c7009069b0dd): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
    * unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
    * containerd socket not found: /run/containerd/containerd.sock
    * GET https://index.docker.io/v2/library/c7009069b0dd/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/c7009069b0dd Type:repository]]

Output of trivy -v:

Version: 0.37.3
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-02-23 18:08:26.24581044 +0000 UTC
  NextUpdate: 2023-02-24 00:08:26.24580984 +0000 UTC
  DownloadedAt: 2023-02-23 19:31:49.819695 +0000 UTC

Additional details (base image name, container registry info...):

I noticed that other users that are using MacBooks with Intel chips are not experiencing this problem.

[knqyf263]

How are you running Podman?

[exiett]

Hey, at the end of the day, I was able to fix it. It's a problem with the Podman Socket not being correctly exported. After configuring...

export DOCKER_HOST='unix:///Users/<MY_USER>/.local/share/containers/podman/machine/podman-machine-default/podman.sock'

... on .zshrc, Trivy runs flawlessly.

[knqyf263]

Good to hear. Thanks for updating.

[rhdesmond]

For a little more context, you can find the path via podman machine inspect. Then, export the DOCKER_HOST variable using the path with a unix:// prefix. So the command would be DOCKER_HOST='unix://${PODMAN_INSPECT_SOCK_PATH}'

[acdha]

For a little more context, you can find the path via podman machine inspect. Then, export the DOCKER_HOST variable using the path with a unix:// prefix. So the command would be DOCKER_HOST='unix://${PODMAN_INSPECT_SOCK_PATH}'

This can be combined using Podman's template formatting:

$ export DOCKER_HOST="unix://$(podman machine inspect --format '{{.ConnectionInfo.PodmanSocket.Path}}')"

[Ladrillo84]

I have podman on Windows 11 and I have the problem that I can't do it with a local image.

$ podman machine inspect

[ { "ConfigPath": { "Path": "C:\Users\f.lorenzo.gomis\.config\containers\podman\machine\wsl\podman-machine-default.json" }, "ConnectionInfo": { "PodmanSocket": null, "PodmanPipe": { "Path": "\\.\pipe\podman-machine-default" } }, "Created": "2023-11-06T10:48:32.3547618+01:00", "Image": { "IgnitionFilePath": { "Path": "" }, "ImageStream": "35", "ImagePath": { "Path": "C:\Users\f.lorenzo.gomis\.local\share\containers\podman\machine\wsl\podman-machine-default_fedora-podman-amd64-v38.0.34.tar" } }, "LastUp": "2023-11-06T16:13:33.5144735+01:00", "Name": "podman-machine-default", "Resources": { "CPUs": 8, "DiskSize": 2146435072, "Memory": 603856896 }, "SSHConfig": { "IdentityPath": "C:\Users\f.lorenzo.gomis\.ssh\podman-machine-default", "Port": 57957, "RemoteUsername": "user" }, "State": "running", "UserModeNetworking": false } ]

What can I do?

[jamesmhaley]

Anyone hitting this same issue on MacOS Sonoma running Docker - the same applies.

I ran docker context list, which gave me my endpoints. I then set DOCKER_HOST to an endpoint listed (I had 2 different listed, so I tested with both) - unix:///Users/[my username]/.docker/run/docker.sock and ran it again.

This worked for me.

[andyfaizan]

@jamesmhaley Thanks for the solution. Setting DOCKER_HOST to (unix:///Users/[my username]/.docker/run/docker.sock) worked for me when running trivy as a standalone app.

Although when running trivy inside docker, weirdly, the sock volume path to be mounted was the default one, as opposed to the one mentioned above.

[DavidPerezIngeniero]

I'm having hte same problem, when running the helm chart in a EKS cluster:

scan error: unable to initialize a docker scanner: 3 errors occurred:
* unable to inspect the image (748960220740.dkr.ecr.eu-west-1.amazonaws.com/gitaws:py3.11-2024-02-29c): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* GET https://748960220740.dkr.ecr.eu-west-1.amazonaws.com/v2/gitaws/manifests/py3.11-2024-02-29c: unexpected status code 401 Unauthorized: Not Authorized

How do I set the DOCKER_HOST variable? I've installed Trivy in this way:

helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm install trivy-operator aqua/trivy-operator \
   --namespace trivy-system \
   --create-namespace \
   --set="trivy.ignoreUnfixed=true" \
   --version v0.0.3

[namandf]

Hi @knqyf263 , is there a specific reason why we expect podman.socket to be active, cos podman by default does not expect podman.socket or podman.service to be active if I am not wrong. Wondering if we can directly utilize podman/libpod https://github.com/containers/podman .

We seem to need inspect, history and save commands, and none of them mandatorily require podman.socket or podman.service if I am not wrong.

[knqyf263]

@namandf We used to try the library. It has too many dependencies, and cross-compilation failed due to that (I forgot, but it was probably due to CGO). That was a few years ago, so things may be different now.