Unable to scan with Podman - "docker-credential-desktop": executable file not found

[matskiv]

Description

I am having trouble using trivy image --scanners vuln on my machine where I don't have Docker installed, but Podman instead. I also have podman-docker package installed, which sort of aliases docker to podman and create a docker.sock, so maybe that is confusing trivy. I can provide more info as needed. I may be able to provide a PR with a fix if I am given some pointers in the right direction :)

What did you expect to happen?

I expected trivy to perform image scanning.

What happened instead?

Trivy failed to get credentials, see error below.

Output of run with -debug:

$ trivy image --scanners vuln quay.io/matskiv/vcluster:dev --debug
2023-02-02T12:51:10.349+0100	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-02-02T12:51:10.354+0100	DEBUG	cache dir:  /home/matskiv/.cache/trivy
2023-02-02T12:51:10.354+0100	DEBUG	There is no valid metadata file: unable to open a file: open /home/matskiv/.cache/trivy/db/metadata.json: no such file or directory
2023-02-02T12:51:10.355+0100	INFO	Need to update DB
2023-02-02T12:51:10.355+0100	INFO	DB Repository: ghcr.io/aquasecurity/trivy-db
2023-02-02T12:51:10.355+0100	INFO	Downloading DB...
2023-02-02T12:51:10.355+0100	DEBUG	no metadata file
2023-02-02T12:51:10.355+0100	FATAL	init error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:416
  - DB error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.NewRunner
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:130
  - failed to download vulnerability DB:
    github.com/aquasecurity/trivy/pkg/commands/operation.DownloadDB
        /home/runner/work/trivy/trivy/pkg/commands/operation/operation.go:119
  - OCI artifact error:
    github.com/aquasecurity/trivy/pkg/db.(*Client).Download
        /home/runner/work/trivy/trivy/pkg/db/db.go:155
  - OCI artifact error:
    github.com/aquasecurity/trivy/pkg/db.(*Client).initOCIArtifact
        /home/runner/work/trivy/trivy/pkg/db/db.go:205
  - OCI repository error:
    github.com/aquasecurity/trivy/pkg/oci.NewArtifact
        /home/runner/work/trivy/trivy/pkg/oci/artifact.go:70
  - error getting credentials - err: exec: "docker-credential-desktop": executable file not found in $PATH, out: ``

Output of trivy -v:

$ trivy version
Version: 0.37.1

Additional details (base image name, container registry info...):

OS: Fedora 37 Relevant packages:

$ dnf list installed | grep podman
podman.x86_64                                     4:4.3.1-1.fc37                                  @updates                                                                  
podman-docker.noarch                              4:4.3.1-1.fc37                                  @updates                                                                  
podman-gvproxy.x86_64                             4:4.3.1-1.fc37                                  @updates                                                                  
podman-plugins.x86_64                             4:4.3.1-1.fc37                                  @updates                                                                  
podman-remote.x86_64                              4:4.3.1-1.fc37                                  @updates

[knqyf263]

This error could be happening in google/go-containerregistry. @AndreyLevchenko Would you take a look?

[AndreyLevchenko]

Hi I've installed Fedora with both podman and podman-docker, but I was able to scan your image (quay.io/matskiv/vcluster:dev)

probably this: https://forums.docker.com/t/docker-credential-desktop-exe-executable-file-not-found-in-path-using-wsl2/100225 may help

[matskiv]

Oh, I did not think this was such a generic problem. Sorry for bothering you here with this, I should have spent more time googling.

Thank you @AndreyLevchenko , the solution from your link indeed worked :raised_hands:

In ~/.docker/config.json change credsStore to credStore