Closed CorneliaS closed 3 weeks ago
I'm able to re-create this issue. We'll provide a fix asap.
Could you give the following command a try?
docker run --rm -it -u root \
-v /var/run/docker.sock:/var/run/docker.sock \
-e DOCKER_SCOUT_HUB_USER=<user> \
-e DOCKER_SCOUT_HUB_PASSWORD=<pat> \
docker/scout-cli:77c55cf cves testimage:latest
@cdupuis Yes, the command works :)
The fix was released.
Since version 1.8 I get "permission denied errors" when I run the Docker scout-cli from a Docker image. I have made several attempts to solve this problem, but without success.
Background: I have a local image which i want to scan for vulnerabilities without installing docker scout-cli (using the docker image of docker scout-cli).
My original call was as follows:
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_SCOUT_HUB_USER=<user> -e DOCKER_SCOUT_HUB_PASSWORD=<pat> docker/scout-cli:latest cves testimage:latest
Since version 1.8 i get following error:After some research on Google and several failed calls, these two approaches were the closest to a solution (but still fails):
docker run -u <uid>:<gid> --rm -v /var/run/docker.sock:/var/run/docker.sock --mount type=bind,source=<somepath>,target=/tmp -e DOCKER_SCOUT_CACHE_DIR=/tmp -e DOCKER_SCOUT_HUB_USER=<user> -e DOCKER_SCOUT_HUB_PASSWORD=<pat> docker/scout-cli:latest cves local://testimage:latest
docker run -u <uid>:<gid> --rm -v /var/run/docker.sock:/var/run/docker.sock -e DOCKER_SCOUT_NO_CACHE=true -e DOCKER_SCOUT_HUB_USER=<user> -e DOCKER_SCOUT_HUB_PASSWORD=<pat> docker/scout-cli:latest cves local://testimage:latest
I guess that changing the user (uid) and the group (gid) is not the right way to solve it. But how else do I get access to the var/run/docker.sock file to load the local image?