aquasecurity
I cannot reset Trivy to use Docker instead of Podman
I tried to set up Podman a few months ago, then realized that it would not meet all of our requirements at work and uninstalled it.
However, Podman is still set up as the means for Trivy to scan remote images, and I cannot figure out how to unset this config. After downloading the image and running trivy on the local image, it succeeds.
I am using our company-specific repository, which lives in the Google cloud platform. I am able to download the image using Docker, then scan the image using Trivy. But I am not able to use Trivy directly on the remote image. As you can see by the error below, however, this is not an authentication issue; it is still trying to use Podman.
I have tried this on several repositories, but I only show one example below. All are the same: I cannot run Trivy remotely. I can download using Docker. I can run Trivy locally.
How can I reconfigure Trivy to tell it to please use Docker again?
Attempting to perform trivy image on a remote image
❯ trivy image eu.gcr.io/my-company/product-classification-service-v2:production
2022-05-31T19:38:15.664+0200 FATAL image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
* unable to inspect the image (eu.gcr.io/my-company/product-classification-service-v2:production): Error: No such image: eu.gcr.io/my-company/product-classification-service-v2:production
* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* GET https://eu.gcr.io/v2/my-company/product-classification-service-v2/manifests/production: DENIED: Permission denied for "production" from request "/v2/my-company/product-classification-service-v2/manifests/production".
Downloading the image using docker and performing trivy image locally
First download the image:
❯ docker pull eu.gcr.io/my-company/product-classification-service-v2:production
production: Pulling from my-company/product-classification-service-v2
e3aaff93642b: Pull complete
.
.
.
Then perform trivy image now that it is locally available:
❯ trivy image eu.gcr.io/my-company/product-classification-service-v2:production
2022-05-31T19:45:14.594+0200 INFO Detected OS: debian
2022-05-31T19:45:14.595+0200 INFO Detecting Debian vulnerabilities...
2022-05-31T19:45:14.645+0200 INFO Number of language-specific files: 1
2022-05-31T19:45:14.645+0200 INFO Detecting python-pkg vulnerabilities...
.
.
.
I have removed information for brevity and for privacy, but you can see that the first attempt using trivy remotely did not work and the follow up attempt using it locally did.
hello @lazarillo Thanks for your interest to Trivy!
When you use image command, Trivy tried scan from 3th places(and returns error if all failed):
- local docker image
- podman image
- remote docker image
Remote images:
For remote image you got DENIED: Permission denied for "production" from request.
Trivy gets credentials from $HOME/.docker/config.json file. If this file doesn't exist then from $DOCKER_CONFIG/config.json file.
Maybe this file doesn't have auths for your registry. Check this, please
Also you can to use env for your login and password or token. Information about it.
Regards, Dmitriy
This issue is stale because it has been labeled with inactivity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}