search

docker / scan-cli-plugin

Docker Scan is a Command Line Interface to run vulnerability detection on your Dockerfiles and Docker images
Apache License 2.0
178 stars 43 forks source link

Failed to scan local built image (dind rootless in jenkins) #194

Open mo-saeed opened 2 years ago

mo-saeed commented 2 years ago

Description

docker scan command fails with local image after docker build step.

docker scan  kubernetes-template:202201130950
10:53:07  Failed to scan image "kubernetes-template:202201130950". Please make sure the image and/or repository exist, and that you are using the correct credentials.

Steps to reproduce the issue:

  1. Run Jenkins pipeline in docker-in-docker container
  2. run docker build .
  3. run docker scan image

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

20.10.11

Output of docker scan --version:

Version:    v0.16.0
Git commit: e135637
Provider:   Snyk (1.809.0 (standalone))

Output of docker info:


Client:
 Context:    default
 Debug Mode: false
 Plugins:
  scan: Docker Scan (Docker Inc., v0.16.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 20.10.11
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: none
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc version: v1.0.2-0-g52b36a2d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  rootless
 Kernel Version: 5.8.0-1042-aws
 Operating System: Ubuntu 20.04.3 LTS (containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.35GiB
 ID: EIVP:FKHK:XYFI:GC7Y:LQDA:2NCF:6SUS:XVGQ:5S5O:7DTZ:UOGZ:YLH2
 Docker Root Dir: /dind-rootless/.local/share/docker
 Debug Mode: false
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine```

**Additional environment details (AWS, VirtualBox, physical, etc.):**
Jenkins DIND running on kuberneres EKS cluster
mo-saeed commented 2 years ago

For remote images:

it works with docker scan hello-world (doesn't need authentication) BUT

despite the fact that i have config.json under DOCKER_CONFIG with my private registry credentials, it fails with authentication error when i run docker scan MY_PRIVATE_REG:kubernetes-template:202201130950

Am not sure what's the issue

mo-saeed commented 2 years ago

@StefanScherer maybe you can help here ? Thanks a lot in advance!