Move checkmarx/kics:gh-action-kics1.7 out of DockerHub

Open gpaulfleetwood opened this issue 2 years ago • 0 comments

Hi Team, We have many projects and workflows and I have rolled out KICS as Dockerfile scanner. We are starting to see DockerHub rate limit errors at peak build times. I think it is related to the Dockerfile pulls an image with each GitHub Action run of kics-github-action.

The Dockerfile has the FROM as the following, which is pulling from DockerHub: FROM checkmarx/kics:gh-action-kics1.7

In GitHub Actions we see this error:

Build container for action use: '/runner/_work/_actions/checkmarx/kics-github-action/v1.7.0/Dockerfile'.
  /usr/local/bin/docker build -t cb6c97:92d05c25b4fe44ca831a6ff9b1489e29 -f "/runner/_work/_actions/checkmarx/kics-github-action/v1.7.0/Dockerfile" "/runner/_work/_actions/checkmarx/kics-github-action/v1.7.0"
  DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
              Install the buildx component to build images with BuildKit:
              https://docs.docker.com/go/buildx/
  
  Sending build context to Docker daemon  948.7kB
  
  Step 1/5 : FROM checkmarx/kics:gh-action-kics1.7
  toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
  Warning: Docker build failed with exit code 1, back off 9.139 seconds before retry.

Other Marketplace Actions I have checked use ghcr.io or quay.io instead of DockerHub, probably to avoid the rate limit issue.

Feb 01 '24 02:02 gpaulfleetwood