Open fpt-phongnx8 opened 3 months ago
Hi team,
I got error today when run github action
Error:
+ FIRST_ARGS=' --exit-level warn --format list' + '[' ./dockle-result.txt ] + FIRST_ARGS=' --exit-level warn --format list --output ./dockle-result.txt' + '[' 1 ] + SECOND_ARGS=' --exit-level warn --exit-code 1' + RUN_TWICE= + '[' ./dockle-result.txt '!=' ] + '[' 1 '!=' 0 ] + RUN_TWICE=TRUE + '[' TRUE ] + run_dockle --exit-level warn --format list --output ./dockle-result.txt + /usr/bin/dockle --exit-level warn --format list --output ./dockle-result.txt svc-test:tmp 2024-06-13T01:05:26.574Z FATAL unable to initialize a image struct: failed to initialize source: reading manifest tmp in docker.io/library/svc-test: requested access to the resource is denied
Github workflow
- name: Security check by Dockle uses: goodwithtech/dockle-action@main with: image: svc-test:tmp output: ${{ inputs.working-directory }}dockle-result.txt ignore: ${{ inputs.working-directory }}.dockleignore
Docker version: Version: 26.1.3
Version: 26.1.3
Github Operating System Ubuntu 22.04.4
Docker images svc-test:tmp builded when run github action (Github Ubuntu machine)
svc-test:tmp
But It's work Ok when I use github image
- name: Security check by Dockle uses: goodwithtech/dockle-action@main with: image: goodwithtech/test-image:v1 output: ${{ inputs.working-directory }}dockle-result.txt ignore: ${{ inputs.working-directory }}.dockleignore
+ /usr/bin/dockle --exit-level warn --exit-code 1 goodwithtech/test-image:v1 FATAL - CIS-DI-0009: Use COPY instead of ADD in Dockerfile * Use COPY : /bin/sh -c #(nop) ADD file:81c0a803075715d1a6b4f75a29f8a01b21cc170cfc1bff6702317d1be2fe71a3 in /app/credentials.json FATAL - CIS-DI-0010: Do not store credential in environment variables/files * Suspicious filename found : app/credentials.json (You can suppress it with "-af credentials.json") * Suspicious ENV key found : MYSQL_PASSWD on /bin/sh -c #(nop) ENV MYSQL_PASSWD=password (You can suppress it with --accept-key) FATAL - DKL-DI-0005: Clear apt-get caches * Use 'rm -rf /var/lib/apt/lists' after 'apt-get install|update' : /bin/sh -c apt-get update && apt-get install -y git FATAL - DKL-LI-0001: Avoid empty password * No password user found! username : nopasswd INFO - CIS-DI-0008: Confirm safety of setuid/setgid files * setuid file: urwxr-xr-x bin/ping * setgid file: grwxr-xr-x usr/bin/chage * setgid file: grwxr-xr-x usr/bin/wall * setgid file: grwxr-xr-x usr/bin/expiry * setgid file: grwxr-xr-x usr/bin/ssh-agent * setuid file: urwxr-xr-x bin/umount * setuid file: urwxr-xr-x usr/bin/chfn * setuid file: urwxr-xr-x usr/bin/gpasswd * setuid file: urwxr-xr-x usr/bin/passwd * setgid file: grwxr-xr-x sbin/unix_chkpwd * setuid file: urwxr-xr-x bin/su * setuid file: urwxr-xr-x bin/mount * setuid file: urwxr-xr-x usr/bin/newgrp * setuid file: urwxr-xr-x usr/bin/chsh * setuid file: urwxr-xr-x usr/lib/openssh/ssh-keysign
Hi team,
I got error today when run github action
Error:
Github workflow
Docker version:
Version: 26.1.3Github Operating System Ubuntu 22.04.4
Docker images
svc-test:tmpbuilded when run github action (Github Ubuntu machine)But It's work Ok when I use github image