search

goodwithtech / dockle

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
https://containers.goodwith.tech/
Apache License 2.0
2.75k stars 138 forks source link

Dockle can't perform the inspection. #251

Closed pyama86 closed 7 months ago

pyama86 commented 7 months ago

Description

Hello! Thank you for using our software. It appears you are having issues executing a local image scan with Dockle. Here's the summary of the situation and the error messages:

What did you expect to happen?

# pull ubuntu latest
root@host:~# docker pull ubuntu:latest
latest: Pulling from library/ubuntu
57c139bbda7e: Pull complete
Digest: sha256:e9569c25505f33ff72e88b2990887c9dcf230f23259da296eb814fc2b41af999
Status: Downloaded newer image for ubuntu:latest
docker.io/library/ubuntu:latest
# add tag
root@host:~# docker tag ubuntu:latest example:latest
# run dockle
root@host:~# dockle -d example:latest
2024-02-03T15:15:43.976+0900    DEBUG   There is no .dockleignore file
2024-02-03T15:15:43.976+0900    DEBUG   Skipped update confirmation
2024-02-03T15:15:43.976+0900    DEBUG   Start assessments...
2024-02-03T15:15:46.538+0900    FATAL   unable to initialize a image struct:
    github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.4/extractor/docker/docker.go:73
  - failed to initialize source:
    github.com/goodwithtech/deckoder/extractor/image.NewImage
        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.4/extractor/image/image.go:86
  - reading manifest latest in docker.io/library/example: requested access to the resource is denied

root@host:~# docker run --rm -e DOCKLE_HOST=unix:///var/run/docker.sock -v /var/run/docker.sock:/var/run/docker.sock goodwithtech/dockle:v0.4.13 -d example:latest
2024-02-03T06:18:01.637Z        DEBUG   There is no .dockleignore file
2024-02-03T06:18:01.637Z        DEBUG   Skipped update confirmation
2024-02-03T06:18:01.638Z        DEBUG   Start assessments...
2024-02-03T06:18:04.225Z        FATAL   unable to initialize a image struct:
    github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.4/extractor/docker/docker.go:73
  - failed to initialize source:
    github.com/goodwithtech/deckoder/extractor/image.NewImage
        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.4/extractor/image/image.go:86
  - reading manifest latest in docker.io/library/example: requested access to the resource is denied

What happened instead?

Output of run with -debug:

(paste your output here)

Output of dockle -v:

root@host:~# dockle -v
dockle version 0.4.13

Additional details (base image name, container registry info...):

tomoyamachi commented 7 months ago

@pyama86 Thank you for your feedback. I could not reproduce it in my environment. Please let me know your OS/ARCH and the result of the following command.

$ docker image ls --no-trunc ubuntu:latest
pyama86 commented 7 months ago 
# docker image ls --no-trunc ubuntu:latest
REPOSITORY   TAG       IMAGE ID                                                                  CREATED      SIZE
ubuntu       latest    sha256:fd1d8f58e8aedc22ec0a3a7ce1a33de544a596eaa6cdb842f1af7c5e081d453f   8 days ago   77.9MB

As shown above. Recently, there have been issues that started occurring after updating to the latest version of Docker due to a vulnerability in runc. Therefore, there might be some relation to Docker.

# docker -v
Docker version 25.0.2, build 29cf629
tomoyamachi commented 7 months ago

@pyama86 Thank you for the information. This bug may have been addressed in the latest version. I hope testing it in your environment to confirm.

pyama86 commented 7 months ago

Thank you for the quick fix.