scan-cli-plugin icon indicating copy to clipboard operation
scan-cli-plugin copied to clipboard
verified publisher icon docker

Failed to scan local built image (dind rootless in jenkins)

Open mo-saeed opened this issue 4 years ago • 2 comments

Description

docker scan command fails with local image after docker build step.

docker scan  kubernetes-template:202201130950
10:53:07  Failed to scan image "kubernetes-template:202201130950". Please make sure the image and/or repository exist, and that you are using the correct credentials.

Steps to reproduce the issue:

  1. Run Jenkins pipeline in docker-in-docker container
  2. run docker build .
  3. run docker scan image

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

20.10.11

Output of docker scan --version:

Version:    v0.16.0
Git commit: e135637
Provider:   Snyk (1.809.0 (standalone))

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  scan: Docker Scan (Docker Inc., v0.16.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 20.10.11
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: none
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc version: v1.0.2-0-g52b36a2d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  rootless
 Kernel Version: 5.8.0-1042-aws
 Operating System: Ubuntu 20.04.3 LTS (containerized)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.35GiB
 ID: EIVP:FKHK:XYFI:GC7Y:LQDA:2NCF:6SUS:XVGQ:5S5O:7DTZ:UOGZ:YLH2
 Docker Root Dir: /dind-rootless/.local/share/docker
 Debug Mode: false
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine```

**Additional environment details (AWS, VirtualBox, physical, etc.):**
Jenkins DIND running on kuberneres EKS cluster

mo-saeed avatar Jan 13 '22 10:01 mo-saeed

For remote images:

it works with docker scan hello-world (doesn't need authentication) BUT

despite the fact that i have config.json under DOCKER_CONFIG with my private registry credentials, it fails with authentication error when i run docker scan MY_PRIVATE_REG:kubernetes-template:202201130950

Am not sure what's the issue

mo-saeed avatar Jan 17 '22 12:01 mo-saeed

@StefanScherer maybe you can help here ? Thanks a lot in advance!

mo-saeed avatar Feb 03 '22 17:02 mo-saeed