trivy icon indicating copy to clipboard operation
trivy copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

custom docker socket for image scan option

Open aswath-s-tw opened this issue 2 years ago • 16 comments

It would be great if we can have a flag for scanning local images with custom docker socket path.

I use colima as the container runtime for docker. The unix domain socket path for colima is unix:///Users/<username>/.colima/default/docker.sock

while doing trivy image <image_name>, it throws an error saying Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Would be cool if it had an option similar to trivy image --socket <socket_path>.

aswath-s-tw avatar Oct 06 '22 15:10 aswath-s-tw

hey trivy team, please do review this request. Would like to work on it !

aswath-s-tw avatar Oct 08 '22 19:10 aswath-s-tw

Hey trivy team. Is this feature request even valid ? Please validate it so that I can start working on a solution.

titanventura avatar Oct 14 '22 14:10 titanventura

Bumping this point, would like this option! additionally trivy should maybe always check for the colima socket, just like it does for podman etc....

lme-nca avatar Nov 03 '22 14:11 lme-nca

Ahh ! Never mind about this issue ! It is easily possible in colima too if we are able to create a symbolic link between the colima socket file and the docker sock path.

I ran sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock and it worked fine !

Thanks for the support anyway. Please let me know if other container runtimes need to be supported. Would be happy to help !

aswath-s-tw avatar Nov 03 '22 18:11 aswath-s-tw

Yes this works as well, however sadly i'm on a managed machine and this involves me getting the sudo permission first, which is rather cumbersome :)

lme-nca avatar Nov 04 '22 08:11 lme-nca

This issue is stale because it has been labeled with inactivity.

github-actions[bot] avatar Jan 04 '23 00:01 github-actions[bot]

I think DOCKER_HOST helps, but it sounds reasonable to add a flag.

knqyf263 avatar Jan 25 '23 09:01 knqyf263

In that case, I would like to work on it. Can you assign me to this issue ?

aswath-s-tw avatar Jan 27 '23 08:01 aswath-s-tw

In that case, I would like to work on it. Can you assign me to this issue ?

Sure! @AndreyLevchenko will help. I think we want to add --docker-host.

knqyf263 avatar Jan 28 '23 05:01 knqyf263

Hi, Can i load --docker-host as a field in the struct DockerOption located in pkg/fanal/types/docker.go

aswath-s-tw avatar Jan 29 '23 19:01 aswath-s-tw

Hi @AndreyLevchenko , if this approach is fine, I can go ahead with the implementation. Wanted to follow up. What do you think ?

aswath-s-tw avatar Feb 01 '23 07:02 aswath-s-tw

ping @AndreyLevchenko @knqyf263

aswath-s-tw avatar Feb 02 '23 04:02 aswath-s-tw

ping @AndreyLevchenko @knqyf263

aswath-s-tw avatar Feb 03 '23 11:02 aswath-s-tw

Sounds good

knqyf263 avatar Feb 05 '23 00:02 knqyf263

Hi @knqyf263 can I get some ideas or pointers around how I should write tests for this feature ? I seem to have done the implementation bit. But was not sure what to test and how to structure my tests !

aswath-s-tw avatar Feb 09 '23 14:02 aswath-s-tw

Hi @aswath-s-tw Could you publish PR draft so we could review your code and suggest something related to tests

AndreyLevchenko avatar Feb 10 '23 10:02 AndreyLevchenko

Hey @knqyf263 @AndreyLevchenko please review the code/PR and suggest changes if any. Thanks !

aswath-s-tw avatar Feb 12 '23 06:02 aswath-s-tw