dockle
dockle copied to clipboard
Published
20 hours ago •
goodwithtech
goodwithtech
docker image scan error
Hello Team
I tried to scan the docker image with dockle but I got the following error. Could you please tell me the cause and the fundamental countermeasure?
Environment
- dockle version is dockle-0.4.6-1.x86_64.
- We are using azure pipelines and dockle on SelfHosted VM.
- All images are on the same ACR(Azure Registory Container).
- Everything was scanning fine in the past. However we faced this error since 7/19.
- Now, there is one image(following : acr/xxx-api) that cannot be scanned. Other scans succeed on same SelfHosted VM.
Thanks
dockle --debug
2022-09-29T01:04:56.0313783Z ##[section]Starting: Dockle Scan Container
2022-09-29T01:04:56.0323821Z ==============================================================================
2022-09-29T01:04:56.0324161Z Task : Bash
2022-09-29T01:04:56.0324454Z Description : Run a Bash script on macOS, Linux, or Windows
2022-09-29T01:04:56.0324726Z Version : 3.201.1
2022-09-29T01:04:56.0324981Z Author : Microsoft Corporation
2022-09-29T01:04:56.0325542Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/bash
2022-09-29T01:04:56.0326172Z ==============================================================================
2022-09-29T01:04:56.2146629Z Generating script.
2022-09-29T01:04:56.2162435Z Script contents:
2022-09-29T01:04:56.2163962Z dockle --debug --exit-code 1 --exit-level fatal acr/xxx-api:0.3.45-build.3
2022-09-29T01:04:56.2180801Z ========================== Starting Command Output ===========================
2022-09-29T01:04:56.2199423Z [command]/usr/bin/bash /data/infra/work/azure_work/_temp/879ac1d3-39c7-48d3-b121-f20ce274ce37.sh
2022-09-29T01:04:56.2953824Z 2022-09-29T01:04:56.293Z [35mDEBUG[0m There is no .dockleignore file
2022-09-29T01:04:56.2955030Z 2022-09-29T01:04:56.294Z [35mDEBUG[0m Skipped update confirmation
2022-09-29T01:04:56.2955762Z 2022-09-29T01:04:56.294Z [35mDEBUG[0m Start assessments...
2022-09-29T01:05:35.4108048Z 2022-09-29T01:05:35.410Z [31mFATAL[0m unable to initialize a image struct:
2022-09-29T01:05:35.4110819Z github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
2022-09-29T01:05:35.4112179Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/docker/docker.go:73
2022-09-29T01:05:35.4113700Z - failed to initialize source:
2022-09-29T01:05:35.4114758Z github.com/goodwithtech/deckoder/extractor/image.NewImage
2022-09-29T01:05:35.4116013Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:86
2022-09-29T01:05:35.4117622Z - manifest unknown: manifest tagged by "0.3.45-build.3" is not found
2022-09-29T01:05:35.4119720Z reading manifest 0.3.45-build.3 in acr/xxx-api
2022-09-29T01:05:35.4120999Z github.com/containers/image/v5/docker.(*dockerImageSource).fetchManifest
2022-09-29T01:05:35.4122777Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_image_src.go:202
2022-09-29T01:05:35.4124239Z github.com/containers/image/v5/docker.(*dockerImageSource).ensureManifestIsLoaded
2022-09-29T01:05:35.4125705Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_image_src.go:229
2022-09-29T01:05:35.4127963Z github.com/containers/image/v5/docker.newImageSourceAttempt
2022-09-29T01:05:35.4131551Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_image_src.go:133
2022-09-29T01:05:35.4133564Z github.com/containers/image/v5/docker.newImageSource
2022-09-29T01:05:35.4134991Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_image_src.go:75
2022-09-29T01:05:35.4136339Z github.com/containers/image/v5/docker.dockerReference.NewImageSource
2022-09-29T01:05:35.4137639Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_transport.go:144
2022-09-29T01:05:35.4139196Z github.com/goodwithtech/deckoder/extractor/image.newSource
2022-09-29T01:05:35.4140500Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:109
2022-09-29T01:05:35.4141787Z github.com/goodwithtech/deckoder/extractor/image.NewImage
2022-09-29T01:05:35.4143020Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:84
2022-09-29T01:05:35.4144378Z github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
2022-09-29T01:05:35.4145669Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/docker/docker.go:71
2022-09-29T01:05:35.4146952Z github.com/goodwithtech/deckoder/extractor/docker.NewDockerExtractor
2022-09-29T01:05:35.4149091Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/docker/docker.go:57
2022-09-29T01:05:35.4150554Z github.com/goodwithtech/dockle/pkg/scanner.ScanImage
2022-09-29T01:05:35.4151597Z /home/runner/work/dockle/dockle/pkg/scanner/scan.go:41
2022-09-29T01:05:35.4152576Z github.com/goodwithtech/dockle/pkg.Run
2022-09-29T01:05:35.4153519Z /home/runner/work/dockle/dockle/pkg/run.go:87
2022-09-29T01:05:35.4154705Z github.com/urfave/cli.HandleAction
2022-09-29T01:05:35.4155724Z /home/runner/go/pkg/mod/github.com/urfave/[email protected]/app.go:526
2022-09-29T01:05:35.4156706Z github.com/urfave/cli.(*App).Run
2022-09-29T01:05:35.4157695Z /home/runner/go/pkg/mod/github.com/urfave/[email protected]/app.go:288
2022-09-29T01:05:35.4160300Z main.main
2022-09-29T01:05:35.4164264Z /home/runner/work/dockle/dockle/cmd/dockle/main.go:12
2022-09-29T01:05:35.4165870Z runtime.main
2022-09-29T01:05:35.4167030Z /opt/hostedtoolcache/go/1.16.15/x64/src/runtime/proc.go:225
2022-09-29T01:05:35.4168075Z runtime.goexit
2022-09-29T01:05:35.4169756Z /opt/hostedtoolcache/go/1.16.15/x64/src/runtime/asm_amd64.s:1371
2022-09-29T01:05:35.4175202Z ##[error]Bash exited with code '1'.
2022-09-29T01:05:35.4207857Z ##[section]Finishing: Dockle Scan Container
@masabow123 Could you try setting the following environment variables in the target pipeline?
DOCKLE_HOST: "unix:///var/run/docker.sock"
Thank you for your update. We already tried your suggestion. (Because, we also found this issue -> https://github.com/aquasecurity/trivy/issues/2432)
■Azure Pipeline bash task
▼pattern1
bash: dockle --debug --exit-code 1 --exit-level $variables.dockleExitLevel $variables.containerRepositoryName/$variables.containerImageName:$(fullVersion)
env:
DOCKLE_HOST: "unix:///var/run/docker.sock"
displayName: 'Dockle Scan Container'
workingDirectory: $(Build.SourcesDirectory)
▼pattern2
bash: dockle --debug --exit-code 1 --exit-level $variables.dockleExitLevel $variables.containerRepositoryName/$variables.containerImageName:$(fullVersion)
env:
DOCKLE_HOST: "unix:///var/run/docker.sock"
XDG_RUNTIME_DIR: "/var/run"
displayName: 'Dockle Scan Container'
workingDirectory: $(Build.SourcesDirectory)
■Dockle error
2022-09-29T05:49:40.7706729Z ##[section]Starting: Dockle Scan Container
2022-09-29T05:49:40.7716728Z ==============================================================================
2022-09-29T05:49:40.7717070Z Task : Bash
2022-09-29T05:49:40.7717357Z Description : Run a Bash script on macOS, Linux, or Windows
2022-09-29T05:49:40.7717642Z Version : 3.201.1
2022-09-29T05:49:40.7717875Z Author : Microsoft Corporation
2022-09-29T05:49:40.7718555Z Help : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/bash
2022-09-29T05:49:40.7719125Z ==============================================================================
2022-09-29T05:49:40.9628913Z Generating script.
2022-09-29T05:49:40.9653133Z Script contents:
2022-09-29T05:49:40.9654787Z dockle --debug --exit-code 1 --exit-level fatal ***/XXXXXX:0.3.45-build.12
2022-09-29T05:49:40.9663900Z ========================== Starting Command Output ===========================
2022-09-29T05:49:40.9682924Z [command]/usr/bin/bash /data/infra/work/azure_work/_temp/44503a27-9b9b-476d-bed6-dde2ddb9a7fd.sh
2022-09-29T05:49:41.0010355Z 2022-09-29T05:49:40.999Z [35mDEBUG[0m There is no .dockleignore file
2022-09-29T05:49:41.0012254Z 2022-09-29T05:49:40.999Z [35mDEBUG[0m Skipped update confirmation
2022-09-29T05:49:41.0016635Z 2022-09-29T05:49:40.999Z [35mDEBUG[0m Start assessments...
2022-09-29T05:49:56.2630309Z 2022-09-29T05:49:56.262Z [31mFATAL[0m unable to initialize a image struct:
2022-09-29T05:49:56.2631711Z github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
2022-09-29T05:49:56.2632925Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/docker/docker.go:73
2022-09-29T05:49:56.2634798Z - failed to initialize source:
2022-09-29T05:49:56.2635897Z github.com/goodwithtech/deckoder/extractor/image.NewImage
2022-09-29T05:49:56.2637316Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:86
2022-09-29T05:49:56.2638666Z - manifest unknown: manifest tagged by "0.3.45-build.12" is not found
2022-09-29T05:49:56.2640491Z reading manifest 0.3.45-build.12 in ***/XXXXXX
2022-09-29T05:49:56.2641626Z github.com/containers/image/v5/docker.(*dockerImageSource).fetchManifest
2022-09-29T05:49:56.2642865Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_image_src.go:202
2022-09-29T05:49:56.2644109Z github.com/containers/image/v5/docker.(*dockerImageSource).ensureManifestIsLoaded
2022-09-29T05:49:56.2645366Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_image_src.go:229
2022-09-29T05:49:56.2646407Z github.com/containers/image/v5/docker.newImageSourceAttempt
2022-09-29T05:49:56.2647735Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_image_src.go:133
2022-09-29T05:49:56.2649224Z github.com/containers/image/v5/docker.newImageSource
2022-09-29T05:49:56.2650293Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_image_src.go:75
2022-09-29T05:49:56.2651447Z github.com/containers/image/v5/docker.dockerReference.NewImageSource
2022-09-29T05:49:56.2652912Z /home/runner/go/pkg/mod/github.com/containers/image/[email protected]/docker/docker_transport.go:144
2022-09-29T05:49:56.2654354Z github.com/goodwithtech/deckoder/extractor/image.newSource
2022-09-29T05:49:56.2655688Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:109
2022-09-29T05:49:56.2656795Z github.com/goodwithtech/deckoder/extractor/image.NewImage
2022-09-29T05:49:56.2657847Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:84
2022-09-29T05:49:56.2658978Z github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
2022-09-29T05:49:56.2660101Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/docker/docker.go:71
2022-09-29T05:49:56.2661249Z github.com/goodwithtech/deckoder/extractor/docker.NewDockerExtractor
2022-09-29T05:49:56.2662912Z /home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/docker/docker.go:57
2022-09-29T05:49:56.2663974Z github.com/goodwithtech/dockle/pkg/scanner.ScanImage
2022-09-29T05:49:56.2664856Z /home/runner/work/dockle/dockle/pkg/scanner/scan.go:41
2022-09-29T05:49:56.2666049Z github.com/goodwithtech/dockle/pkg.Run
2022-09-29T05:49:56.2666890Z /home/runner/work/dockle/dockle/pkg/run.go:87
2022-09-29T05:49:56.2667715Z github.com/urfave/cli.HandleAction
2022-09-29T05:49:56.2668589Z /home/runner/go/pkg/mod/github.com/urfave/[email protected]/app.go:526
2022-09-29T05:49:56.2669754Z github.com/urfave/cli.(*App).Run
2022-09-29T05:49:56.2670756Z /home/runner/go/pkg/mod/github.com/urfave/[email protected]/app.go:288
2022-09-29T05:49:56.2671515Z main.main
2022-09-29T05:49:56.2672384Z /home/runner/work/dockle/dockle/cmd/dockle/main.go:12
2022-09-29T05:49:56.2673125Z runtime.main
2022-09-29T05:49:56.2673978Z /opt/hostedtoolcache/go/1.16.15/x64/src/runtime/proc.go:225
2022-09-29T05:49:56.2674869Z runtime.goexit
2022-09-29T05:49:56.2675980Z /opt/hostedtoolcache/go/1.16.15/x64/src/runtime/asm_amd64.s:1371
2022-09-29T05:49:56.2703872Z ##[error]Bash exited with code '1'.
2022-09-29T05:49:56.2752381Z ##[section]Finishing: Dockle Scan Container