docker image scan error

masabow123 commented 2 years ago

Hello Team

I tried to scan the docker image with dockle but I got the following error. Could you please tell me the cause and the fundamental countermeasure?

Environment

dockle version is dockle-0.4.6-1.x86_64.
We are using azure pipelines and dockle on SelfHosted VM.
All images are on the same ACR(Azure Registory Container).
Everything was scanning fine in the past. However we faced this error since 7/19.
Now, there is one image(following : acr/xxx-api) that cannot be scanned. Other scans succeed on same SelfHosted VM.

Thanks

dockle --debug

2022-09-29T01:04:56.0313783Z ##[section]Starting: Dockle Scan Container
2022-09-29T01:04:56.0323821Z ==============================================================================
2022-09-29T01:04:56.0324161Z Task         : Bash
2022-09-29T01:04:56.0324454Z Description  : Run a Bash script on macOS, Linux, or Windows
2022-09-29T01:04:56.0324726Z Version      : 3.201.1
2022-09-29T01:04:56.0324981Z Author       : Microsoft Corporation
2022-09-29T01:04:56.0325542Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/bash
2022-09-29T01:04:56.0326172Z ==============================================================================
2022-09-29T01:04:56.2146629Z Generating script.
2022-09-29T01:04:56.2162435Z Script contents:
2022-09-29T01:04:56.2163962Z dockle --debug --exit-code 1 --exit-level fatal acr/xxx-api:0.3.45-build.3
2022-09-29T01:04:56.2180801Z ========================== Starting Command Output ===========================
2022-09-29T01:04:56.2199423Z [command]/usr/bin/bash /data/infra/work/azure_work/_temp/879ac1d3-39c7-48d3-b121-f20ce274ce37.sh
2022-09-29T01:04:56.2953824Z 2022-09-29T01:04:56.293Z   [35mDEBUG[0m  There is no .dockleignore file
2022-09-29T01:04:56.2955030Z 2022-09-29T01:04:56.294Z   [35mDEBUG[0m  Skipped update confirmation
2022-09-29T01:04:56.2955762Z 2022-09-29T01:04:56.294Z   [35mDEBUG[0m  Start assessments...
2022-09-29T01:05:35.4108048Z 2022-09-29T01:05:35.410Z   [31mFATAL[0m  unable to initialize a image struct:
2022-09-29T01:05:35.4110819Z     github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
2022-09-29T01:05:35.4112179Z         /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/docker/docker.go:73
2022-09-29T01:05:35.4113700Z   - failed to initialize source:
2022-09-29T01:05:35.4114758Z     github.com/goodwithtech/deckoder/extractor/image.NewImage
2022-09-29T01:05:35.4116013Z         /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/image/image.go:86
2022-09-29T01:05:35.4117622Z   - manifest unknown: manifest tagged by "0.3.45-build.3" is not found
2022-09-29T01:05:35.4119720Z     reading manifest 0.3.45-build.3 in acr/xxx-api
2022-09-29T01:05:35.4120999Z     github.com/containers/image/v5/docker.(*dockerImageSource).fetchManifest
2022-09-29T01:05:35.4122777Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_image_src.go:202
2022-09-29T01:05:35.4124239Z     github.com/containers/image/v5/docker.(*dockerImageSource).ensureManifestIsLoaded
2022-09-29T01:05:35.4125705Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_image_src.go:229
2022-09-29T01:05:35.4127963Z     github.com/containers/image/v5/docker.newImageSourceAttempt
2022-09-29T01:05:35.4131551Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_image_src.go:133
2022-09-29T01:05:35.4133564Z     github.com/containers/image/v5/docker.newImageSource
2022-09-29T01:05:35.4134991Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_image_src.go:75
2022-09-29T01:05:35.4136339Z     github.com/containers/image/v5/docker.dockerReference.NewImageSource
2022-09-29T01:05:35.4137639Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_transport.go:144
2022-09-29T01:05:35.4139196Z     github.com/goodwithtech/deckoder/extractor/image.newSource
2022-09-29T01:05:35.4140500Z        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/image/image.go:109
2022-09-29T01:05:35.4141787Z     github.com/goodwithtech/deckoder/extractor/image.NewImage
2022-09-29T01:05:35.4143020Z        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/image/image.go:84
2022-09-29T01:05:35.4144378Z     github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
2022-09-29T01:05:35.4145669Z        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/docker/docker.go:71
2022-09-29T01:05:35.4146952Z     github.com/goodwithtech/deckoder/extractor/docker.NewDockerExtractor
2022-09-29T01:05:35.4149091Z        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/docker/docker.go:57
2022-09-29T01:05:35.4150554Z     github.com/goodwithtech/dockle/pkg/scanner.ScanImage
2022-09-29T01:05:35.4151597Z        /home/runner/work/dockle/dockle/pkg/scanner/scan.go:41
2022-09-29T01:05:35.4152576Z     github.com/goodwithtech/dockle/pkg.Run
2022-09-29T01:05:35.4153519Z        /home/runner/work/dockle/dockle/pkg/run.go:87
2022-09-29T01:05:35.4154705Z     github.com/urfave/cli.HandleAction
2022-09-29T01:05:35.4155724Z        /home/runner/go/pkg/mod/github.com/urfave/cli@v1.22.4/app.go:526
2022-09-29T01:05:35.4156706Z     github.com/urfave/cli.(*App).Run
2022-09-29T01:05:35.4157695Z        /home/runner/go/pkg/mod/github.com/urfave/cli@v1.22.4/app.go:288
2022-09-29T01:05:35.4160300Z     main.main
2022-09-29T01:05:35.4164264Z        /home/runner/work/dockle/dockle/cmd/dockle/main.go:12
2022-09-29T01:05:35.4165870Z     runtime.main
2022-09-29T01:05:35.4167030Z        /opt/hostedtoolcache/go/1.16.15/x64/src/runtime/proc.go:225
2022-09-29T01:05:35.4168075Z     runtime.goexit
2022-09-29T01:05:35.4169756Z        /opt/hostedtoolcache/go/1.16.15/x64/src/runtime/asm_amd64.s:1371
2022-09-29T01:05:35.4175202Z ##[error]Bash exited with code '1'.
2022-09-29T01:05:35.4207857Z ##[section]Finishing: Dockle Scan Container

tomoyamachi commented 2 years ago

@masabow123 Could you try setting the following environment variables in the target pipeline?

DOCKLE_HOST: "unix:///var/run/docker.sock"

masabow123 commented 2 years ago

Thank you for your update. We already tried your suggestion. (Because, we also found this issue -> https://github.com/aquasecurity/trivy/issues/2432)

■Azure Pipeline bash task

▼pattern1
bash: dockle --debug --exit-code 1 --exit-level $variables.dockleExitLevel $variables.containerRepositoryName/$variables.containerImageName:$(fullVersion)
env:
DOCKLE_HOST: "unix:///var/run/docker.sock"
displayName: 'Dockle Scan Container'
workingDirectory: $(Build.SourcesDirectory)

▼pattern2
bash: dockle --debug --exit-code 1 --exit-level $variables.dockleExitLevel $variables.containerRepositoryName/$variables.containerImageName:$(fullVersion)
env:
DOCKLE_HOST: "unix:///var/run/docker.sock"
XDG_RUNTIME_DIR: "/var/run"
displayName: 'Dockle Scan Container'
workingDirectory: $(Build.SourcesDirectory)

■Dockle error

2022-09-29T05:49:40.7706729Z ##[section]Starting: Dockle Scan Container
2022-09-29T05:49:40.7716728Z ==============================================================================
2022-09-29T05:49:40.7717070Z Task         : Bash
2022-09-29T05:49:40.7717357Z Description  : Run a Bash script on macOS, Linux, or Windows
2022-09-29T05:49:40.7717642Z Version      : 3.201.1
2022-09-29T05:49:40.7717875Z Author       : Microsoft Corporation
2022-09-29T05:49:40.7718555Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/bash
2022-09-29T05:49:40.7719125Z ==============================================================================
2022-09-29T05:49:40.9628913Z Generating script.
2022-09-29T05:49:40.9653133Z Script contents:
2022-09-29T05:49:40.9654787Z dockle --debug --exit-code 1 --exit-level fatal ***/XXXXXX:0.3.45-build.12
2022-09-29T05:49:40.9663900Z ========================== Starting Command Output ===========================
2022-09-29T05:49:40.9682924Z [command]/usr/bin/bash /data/infra/work/azure_work/_temp/44503a27-9b9b-476d-bed6-dde2ddb9a7fd.sh
2022-09-29T05:49:41.0010355Z 2022-09-29T05:49:40.999Z   [35mDEBUG[0m  There is no .dockleignore file
2022-09-29T05:49:41.0012254Z 2022-09-29T05:49:40.999Z   [35mDEBUG[0m  Skipped update confirmation
2022-09-29T05:49:41.0016635Z 2022-09-29T05:49:40.999Z   [35mDEBUG[0m  Start assessments...
2022-09-29T05:49:56.2630309Z 2022-09-29T05:49:56.262Z   [31mFATAL[0m  unable to initialize a image struct:
2022-09-29T05:49:56.2631711Z     github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
2022-09-29T05:49:56.2632925Z         /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/docker/docker.go:73
2022-09-29T05:49:56.2634798Z   - failed to initialize source:
2022-09-29T05:49:56.2635897Z     github.com/goodwithtech/deckoder/extractor/image.NewImage
2022-09-29T05:49:56.2637316Z         /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/image/image.go:86
2022-09-29T05:49:56.2638666Z   - manifest unknown: manifest tagged by "0.3.45-build.12" is not found
2022-09-29T05:49:56.2640491Z     reading manifest 0.3.45-build.12 in ***/XXXXXX
2022-09-29T05:49:56.2641626Z     github.com/containers/image/v5/docker.(*dockerImageSource).fetchManifest
2022-09-29T05:49:56.2642865Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_image_src.go:202
2022-09-29T05:49:56.2644109Z     github.com/containers/image/v5/docker.(*dockerImageSource).ensureManifestIsLoaded
2022-09-29T05:49:56.2645366Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_image_src.go:229
2022-09-29T05:49:56.2646407Z     github.com/containers/image/v5/docker.newImageSourceAttempt
2022-09-29T05:49:56.2647735Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_image_src.go:133
2022-09-29T05:49:56.2649224Z     github.com/containers/image/v5/docker.newImageSource
2022-09-29T05:49:56.2650293Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_image_src.go:75
2022-09-29T05:49:56.2651447Z     github.com/containers/image/v5/docker.dockerReference.NewImageSource
2022-09-29T05:49:56.2652912Z        /home/runner/go/pkg/mod/github.com/containers/image/v5@v5.19.1/docker/docker_transport.go:144
2022-09-29T05:49:56.2654354Z     github.com/goodwithtech/deckoder/extractor/image.newSource
2022-09-29T05:49:56.2655688Z        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/image/image.go:109
2022-09-29T05:49:56.2656795Z     github.com/goodwithtech/deckoder/extractor/image.NewImage
2022-09-29T05:49:56.2657847Z        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/image/image.go:84
2022-09-29T05:49:56.2658978Z     github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
2022-09-29T05:49:56.2660101Z        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/docker/docker.go:71
2022-09-29T05:49:56.2661249Z     github.com/goodwithtech/deckoder/extractor/docker.NewDockerExtractor
2022-09-29T05:49:56.2662912Z        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.1/extractor/docker/docker.go:57
2022-09-29T05:49:56.2663974Z     github.com/goodwithtech/dockle/pkg/scanner.ScanImage
2022-09-29T05:49:56.2664856Z        /home/runner/work/dockle/dockle/pkg/scanner/scan.go:41
2022-09-29T05:49:56.2666049Z     github.com/goodwithtech/dockle/pkg.Run
2022-09-29T05:49:56.2666890Z        /home/runner/work/dockle/dockle/pkg/run.go:87
2022-09-29T05:49:56.2667715Z     github.com/urfave/cli.HandleAction
2022-09-29T05:49:56.2668589Z        /home/runner/go/pkg/mod/github.com/urfave/cli@v1.22.4/app.go:526
2022-09-29T05:49:56.2669754Z     github.com/urfave/cli.(*App).Run
2022-09-29T05:49:56.2670756Z        /home/runner/go/pkg/mod/github.com/urfave/cli@v1.22.4/app.go:288
2022-09-29T05:49:56.2671515Z     main.main
2022-09-29T05:49:56.2672384Z        /home/runner/work/dockle/dockle/cmd/dockle/main.go:12
2022-09-29T05:49:56.2673125Z     runtime.main
2022-09-29T05:49:56.2673978Z        /opt/hostedtoolcache/go/1.16.15/x64/src/runtime/proc.go:225
2022-09-29T05:49:56.2674869Z     runtime.goexit
2022-09-29T05:49:56.2675980Z        /opt/hostedtoolcache/go/1.16.15/x64/src/runtime/asm_amd64.s:1371
2022-09-29T05:49:56.2703872Z ##[error]Bash exited with code '1'.
2022-09-29T05:49:56.2752381Z ##[section]Finishing: Dockle Scan Container

goodwithtech / dockle

docker image scan error #198