[QUESTION] What is the recommend syntax for running with a plugin?

[michael-bey]

What is your question?

Hello -

I'm developing a plugin for Docker Scout since I find it to be the most useful when it comes to filtering by EPSS (something that Trivy doesn't support).

I'm able to successfully print the JSON output as expected in the Grype plugin

copa-docker-scout ./testdata/nginx1.26.1.json
# {"apiVersion":"v1alpha1","metadata":{"os":{"type":"debian","version":"11"},

And I'm able to successfully pipe my output and properly patch the image:

# Process the report and pipe directly to Copa
copa-docker-scout nginx1.26.1.json | \
copa patch --scanner docker-scout --image nginx:1.21.6 \
-t nginx-1.21.6-patched --addr docker-container://buildkitd -

However, it looks like the default way of running copa (e.g. with the -r flag), runs into issues.

copa patch --scanner docker-scout --image nginx:1.21.6 -t nginx-1.21.6-patched --addr docker-container://buildkitd -r nginx1.26.1.json 

It's not able to successfully patch the image.

 => ERROR sh -c apt-get install --no-install-recommends -y tar curl ncurses e2fsprogs open  0.4s
Error: process "sh -c apt-get install --no-install-recommends -y tar curl ncurses e2fsprogs openssl nghttp2 libxml2 expat systemd libtasn1-6 gnupg2 krb5 libssh2 libxslt libwebp glibc libsepol libxpm freetype zlib tiff perl libtirpc pcre2 util-linux gnutls28 libx11 && apt-get clean -y" did not complete successfully: exit code: 100

Am I thinking about this incorrectly? Is my first solution the intended way to run a plugin?

[ashnamehrotra]

@benichmt1 It doesn't look like there are any issues involving the parsing of the scanner report itself. Would you be able to run this with the --debug flag? Also, can you confirm that the packages being installed with apt in the logs are the ones from the report?

[michael-bey]

Here's method #1:

copa-docker-scout nginx1.26.1.json | copa patch --scanner docker-scout --image nginx:1.21.6 -t nginx-1.21.6-patched --addr docker-container://buildkitd - --debug
DEBU[0000] commandconn: starting docker with [exec -i buildkitd buildctl dial-stdio] 
DEBU[0000] serving grpc connection                      
#1 resolve image config for docker.io/library/nginx:1.21.6
#1 DONE 0.3s

#2 resolve image config for docker.io/library/nginx:1.21.6
#2 DONE 0.1s

#3 docker-image://docker.io/library/nginx:1.21.6
#3 resolve docker.io/library/nginx:1.21.6 0.1s done
DEBU[0000] Using debian:11-slim as basis for tooling image 
#3 CACHED

#4 docker-image://docker.io/library/debian:11-slim
#4 resolve docker.io/library/debian:11-slim 0.1s done
#4 CACHED

#5 apt-get update
#5 0.288 Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
#5 0.459 Get:2 http://deb.debian.org/debian-security bullseye-security InRelease [27.2 kB]
#5 0.531 Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
#5 0.603 Get:4 http://deb.debian.org/debian bullseye/main arm64 Packages [7955 kB]
#5 1.178 Get:5 http://deb.debian.org/debian-security bullseye-security/main arm64 Packages [334 kB]
#5 1.247 Get:6 http://deb.debian.org/debian bullseye-updates/main arm64 Packages [16.3 kB]
#5 1.776 Fetched 8492 kB in 2s (4949 kB/s)
#5 1.776 Reading package lists...
#5 DONE 2.1s

#6 apt-get install busybox-static
#6 0.050 Reading package lists...
#6 0.254 Building dependency tree...
#6 0.302 Reading state information...
#6 0.367 The following NEW packages will be installed:
#6 0.367   busybox-static
#6 0.528 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
#6 0.528 Need to get 811 kB of archives.
#6 0.528 After this operation, 1839 kB of additional disk space will be used.
#6 0.528 Get:1 http://deb.debian.org/debian-security bullseye-security/main arm64 busybox-static arm64 1:1.30.1-6+deb11u1 [811 kB]
#6 0.907 debconf: delaying package configuration, since apt-utils is not installed
#6 0.919 Fetched 811 kB in 0s (1763 kB/s)
#6 0.926 Selecting previously unselected package busybox-static.
(Reading database ... 6662 files and directories currently installed.)
#6 0.930 Preparing to unpack .../busybox-static_1%3a1.30.1-6+deb11u1_arm64.deb ...
#6 0.931 Unpacking busybox-static (1:1.30.1-6+deb11u1) ...
#6 0.984 Setting up busybox-static (1:1.30.1-6+deb11u1) ...
#6 DONE 1.0s

#7 copy /bin/busybox /bin/busybox
#7 CACHED

#8 mkdir /copa-out
#8 CACHED

#9 /bin/busybox sh -c 
                status="$DPKG_STATUS_IS_UNKNOWN"
                if [ -f "$DPKG_STATUS_PATH" ]; then
                    status="$DPKG_STATUS_IS_FILE"
                    cp "$DPKG_STATUS_PATH" "$RESULTS_PATH"
                elif [ -d "$DPKG_STATUS_FOLDER" ]; then
                    status="$DPKG_STATUS_IS_DIRECTORY"
                    ls -1 "$DPKG_STATUS_FOLDER" > "$RESULT_STATUSD_PATH"
                    mv "$DPKG_STATUS_FOLDER"/* "$RESULTS_PATH"
                fi
                echo -n "$status" > "${RESULTS_PATH}/${STATUSD_OUTPUT_FILENAME}"
        
#9 CACHED

#10 apt-get update
#10 0.072 Get:1 http://security.debian.org/debian-security bullseye-security InRelease [27.2 kB]
#10 0.127 Get:2 http://security.debian.org/debian-security bullseye-security/main arm64 Packages [334 kB]
#10 0.180 Get:3 http://deb.debian.org/debian bullseye InRelease [116 kB]
#10 0.353 Get:4 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
#10 0.435 Get:5 http://deb.debian.org/debian bullseye/main arm64 Packages [7955 kB]
#10 1.164 Get:6 http://deb.debian.org/debian bullseye-updates/main arm64 Packages [16.3 kB]
#10 1.676 Fetched 8492 kB in 2s (5175 kB/s)
#10 1.676 Reading package lists...
#10 DONE 1.9s

#11 sh -c apt-get -s upgrade 2>/dev/null | grep -q ^Inst || exit 1
#11 DONE 0.8s

#12 sh -c output=$(apt-get upgrade -y && apt-get clean -y && apt-get autoremove 2>&1); if [ $? -ne 0 ]; then echo $output >>error_log.txt; fi
#12 1.989 debconf: delaying package configuration, since apt-utils is not installed
#12 DONE 8.5s

#13 /bin/sh -c if [ -s error_log.txt ]; then cat error_log.txt; exit 1; fi
#13 DONE 0.1s

#14 sh -c grep "^Package:\|^Version:" "/var/lib/dpkg/status" >> "results.manifest"
#14 DONE 0.0s

#15 diff (/bin/sh -c if [ -s error_log.txt ]; then cat error_log.txt; exit 1; fi) -> (sh -c grep "^Package:\|^Version:" "/var/lib/dpkg/status" >> "results.manifest")
#15 DONE 0.0s

#15 diff (/bin/sh -c if [ -s error_log.txt ]; then cat error_log.txt; exit 1; fi) -> (sh -c grep "^Package:\|^Version:" "/var/lib/dpkg/status" >> "results.manifest")
#15 diffing done
#15 DONE 0.0s

#16 diff (sh -c apt-get -s upgrade 2>/dev/null | grep -q ^Inst || exit 1) -> (/bin/sh -c if [ -s error_log.txt ]; then cat error_log.txt; exit 1; fi)
#16 DONE 0.0s

#17 merge (docker-image://docker.io/library/nginx:1.21.6, diff (sh -c apt-get -s upgrade 2>/dev/null | grep -q ^Inst || exit 1) -> (/bin/sh -c if [ -s error_log.txt ]; then cat error_log.txt; exit 1; fi))
#17 DONE 0.0s

#18 exporting to docker image format
#18 exporting layers
#18 exporting layers 1.5s done
#18 exporting manifest sha256:67b68a7f0550cb4720196f6204c0262b1eb019a181e1cb40b2d247dd2a1d4077 done
#18 exporting config sha256:f44876a2f35fcbbdc9d811729bc75f2af50d2816d3d65a2b806ab129f06ef0b9 done
#18 sending tarball
#18 sending tarball 1.0s done
#18 DONE 2.5s
DEBU[0017] stopping session                             
INFO[0017] Loaded image: nginx:nginx-1.21.6-patched     
DEBU[0017] unimplemented call: SetWriteDeadline(2025-01-21 17:31:12.344712 -0500 EST m=+27.978110460) 
DEBU[0017] unimplemented call: SetWriteDeadline(2025-01-21 17:31:12.344824 -0500 EST m=+27.978222585) 
DEBU[0017] commandconn (docker):context canceled        
WARN[0017] --debug specified, working folder at /var/folders/1c/qhmqxqvn5ygfr8cp5b5ng7ch0000gp/T/copa-1792756211 needs to be manually cleaned up 

Image scans clean with Docker Scout afterwards.

Here's the output of doing it inline:

copa patch --scanner docker-scout --image nginx:1.21.6 -t nginx-1.21.6-patched --addr docker-container://buildkitd -r nginx1.26.1.json --debug
DEBU[0000] updates to apply: &{{{debian 11} {}} [{systemd 247.3-7 247.3-7+deb11u6 CVE-2023-50868} {libwebp 0.6.1-2.1 0.6.1-2.1+deb11u2 CVE-2023-5129} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u6 CVE-2024-2511} {glibc 2.31-13+deb11u3 2.31-13+deb11u10 CVE-2024-33599} {glibc 2.31-13+deb11u3 2.31-13+deb11u10 CVE-2024-33600} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2519} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2520} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2521} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2953} {tar 1.34+dfsg-1 1.34+dfsg-1+deb11u1 CVE-2022-48303} {nghttp2 1.43.0-1 1.43.0-1+deb11u1 CVE-2023-44487} {libwebp 0.6.1-2.1 0.6.1-2.1+deb11u2 CVE-2023-4863} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22898} {libsepol 3.1-1 3.1-1+deb11u1 CVE-2021-36084} {libsepol 3.1-1 3.1-1+deb11u1 CVE-2021-36085} {libsepol 3.1-1 3.1-1+deb11u1 CVE-2021-36086} {libsepol 3.1-1 3.1-1+deb11u1 CVE-2021-36087} {util-linux 2.36.1-8+deb11u1 2.36.1-8+deb11u2 CVE-2024-28085} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22924} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u3 CVE-2022-35252} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u9 CVE-2023-28322} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u10 CVE-2023-38546} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-4304} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-4450} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2023-0215} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u7 CVE-2023-23916} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32205} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u6 CVE-2024-9143} {gnutls28 3.7.1-5 3.7.1-5+deb11u6 CVE-2024-28835} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2022-2097} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0465} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0466} {libwebp 0.6.1-2.1 0.6.1-2.1+deb11u1 CVE-2023-1999} {openssl 1.1.1n-0+deb11u2 1.1.1v-0~deb11u1 CVE-2023-3446} {openssl 1.1.1n-0+deb11u2 1.1.1v-0~deb11u1 CVE-2023-3817} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u6 CVE-2023-5678} {nghttp2 1.43.0-1 1.43.0-1+deb11u2 CVE-2024-28182} {gnutls28 3.7.1-5 3.7.1-5+deb11u6 CVE-2024-28834} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-1354} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-1622} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-1623} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2056} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2057} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2058} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2867} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2868} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-2869} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3597} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3598} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3599} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3626} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3627} {systemd 247.3-7 247.3-7+deb11u2 CVE-2022-3821} {systemd 247.3-7 247.3-7+deb11u2 CVE-2022-4415} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-48281} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-25435} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27538} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2023-30086} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2023-30774} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u5 CVE-2023-3576} {libx11 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43786} {libxpm 1:3.5.12-1 1:3.5.12-1.1+deb11u1 CVE-2023-43788} {libxpm 1:3.5.12-1 1:3.5.12-1.1+deb11u1 CVE-2023-43789} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u6 CVE-2024-0727} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27774} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22947} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32208} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u5 CVE-2022-43552} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27535} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27536} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u9 CVE-2023-28321} {gnutls28 3.7.1-5 3.7.1-5+deb11u4 CVE-2023-5981} {systemd 247.3-7 247.3-7+deb11u6 CVE-2023-7008} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u5 CVE-2016-3709} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-1355} {tar 1.34+dfsg-1 1.34+dfsg-1+deb11u1 CVE-2023-39804} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3970} {gnutls28 3.7.1-5 3.7.1-5+deb11u1 CVE-2021-4209} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27776} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32206} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-34526} {gnupg2 2.2.27-2+deb11u1 2.2.27-2+deb11u2 CVE-2022-34903} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-2650} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u4 CVE-2023-28484} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u4 CVE-2023-29469} {krb5 1.18.3-6+deb11u1 1.18.3-6+deb11u4 CVE-2023-36054} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u5 CVE-2023-40745} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u5 CVE-2023-41175} {libx11 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43785} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u11 CVE-2023-46218} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u13 CVE-2024-7264} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u14 CVE-2024-8096} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-4645} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0795} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0796} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0797} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0798} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0799} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0800} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0801} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0802} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0803} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-0804} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u4 CVE-2023-0286} {perl 5.32.1-4+deb11u2 5.32.1-4+deb11u3 CVE-2023-47038} {ncurses 6.2+20201114-2 6.2+20201114-2+deb11u1 CVE-2022-29458} {glibc 2.31-13+deb11u3 2.31-13+deb11u9 CVE-2024-2961} {gnutls28 3.7.1-5 3.7.1-5+deb11u3 CVE-2023-0361} {glibc 2.31-13+deb11u3 2.31-13+deb11u10 CVE-2024-33602} {libssh2 1.9.0-2 1.9.0-2+deb11u1 CVE-2020-22218} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22946} {libtirpc 1.3.1-1 1.3.1-1+deb11u1 CVE-2021-46828} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u5 CVE-2022-2309} {gnutls28 3.7.1-5 3.7.1-5+deb11u2 CVE-2022-2509} {freetype 2.10.4+dfsg-1 2.10.4+dfsg-1+deb11u1 CVE-2022-27405} {freetype 2.10.4+dfsg-1 2.10.4+dfsg-1+deb11u1 CVE-2022-27406} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27775} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27781} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-27782} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u3 CVE-2022-40303} {expat 2.2.10-2+deb11u3 2.2.10-2+deb11u5 CVE-2022-43680} {libxpm 1:3.5.12-1 1:3.5.12-1.1~deb11u1 CVE-2022-44617} {libxpm 1:3.5.12-1 1:3.5.12-1.1~deb11u1 CVE-2022-46285} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u5 CVE-2023-0464} {libx11 2:1.7.2-1 2:1.7.2-1+deb11u1 CVE-2023-3138} {systemd 247.3-7 247.3-7+deb11u6 CVE-2023-50387} {expat 2.2.10-2+deb11u3 2.2.10-2+deb11u6 CVE-2023-52425} {gnutls28 3.7.1-5 3.7.1-5+deb11u5 CVE-2024-0553} {gnutls28 3.7.1-5 3.7.1-5+deb11u5 CVE-2024-0567} {glibc 2.31-13+deb11u3 2.31-13+deb11u10 CVE-2024-33601} {krb5 1.18.3-6+deb11u1 1.18.3-6+deb11u5 CVE-2024-37370} {expat 2.2.10-2+deb11u3 2.2.10-2+deb11u6 CVE-2024-45490} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u6 CVE-2024-4741} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u3 CVE-2022-3570} {perl 5.32.1-4+deb11u2 5.32.1-4+deb11u4 CVE-2020-16156} {glibc 2.31-13+deb11u3 2.31-13+deb11u4 CVE-2021-3999} {e2fsprogs 1.46.2-2 1.46.2-2+deb11u1 CVE-2022-1304} {libxml2 2.9.10+dfsg-6.7+deb11u2 2.9.10+dfsg-6.7+deb11u3 CVE-2022-40304} {ncurses 6.2+20201114-2 6.2+20201114-2+deb11u2 CVE-2023-29491} {libx11 2:1.7.2-1 2:1.7.2-1+deb11u2 CVE-2023-43787} {glibc 2.31-13+deb11u3 2.31-13+deb11u7 CVE-2023-4911} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-22576} {expat 2.2.10-2+deb11u3 2.2.10-2+deb11u4 CVE-2022-40674} {perl 5.32.1-4+deb11u2 5.32.1-4+deb11u4 CVE-2023-31484} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u12 CVE-2024-2398} {libxslt 1.1.34-4 1.1.34-4+deb11u1 CVE-2021-30560} {krb5 1.18.3-6+deb11u1 1.18.3-6+deb11u3 CVE-2022-42898} {libxpm 1:3.5.12-1 1:3.5.12-1.1~deb11u1 CVE-2022-4883} {tiff 4.2.0-1+deb11u1 4.2.0-1+deb11u4 CVE-2023-25434} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27533} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u8 CVE-2023-27534} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2021-22945} {libtasn1-6 4.16.0-2 4.16.0-2+deb11u1 CVE-2021-46848} {pcre2 10.36-2 10.36-2+deb11u1 CVE-2022-1586} {pcre2 10.36-2 10.36-2+deb11u1 CVE-2022-1587} {krb5 1.18.3-6+deb11u1 1.18.3-6+deb11u5 CVE-2024-37371} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u6 CVE-2024-5535} {openssl 1.1.1n-0+deb11u2 1.1.1n-0+deb11u3 CVE-2022-2068} {freetype 2.10.4+dfsg-1 2.10.4+dfsg-1+deb11u1 CVE-2022-27404} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u2 CVE-2022-32207} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u5 CVE-2022-32221} {zlib 1:1.2.11.dfsg-2+deb11u1 1:1.2.11.dfsg-2+deb11u2 CVE-2022-37434} {curl 7.74.0-1.3+deb11u1 7.74.0-1.3+deb11u10 CVE-2023-38545} {expat 2.2.10-2+deb11u3 2.2.10-2+deb11u6 CVE-2024-45491} {expat 2.2.10-2+deb11u3 2.2.10-2+deb11u6 CVE-2024-45492}]}
DEBU[0000] commandconn: starting docker with [exec -i buildkitd buildctl dial-stdio]
DEBU[0000] serving grpc connection
#1 resolve image config for docker.io/library/nginx:1.21.6
#1 DONE 0.2s
DEBU[0000] Using debian:11-slim as basis for tooling image

#2 resolve image config for docker.io/library/nginx:1.21.6
#2 DONE 0.1s

#3 docker-image://docker.io/library/nginx:1.21.6
#3 resolve docker.io/library/nginx:1.21.6 0.1s done
#3 DONE 0.1s

#4 docker-image://docker.io/library/debian:11-slim
#4 resolve docker.io/library/debian:11-slim 0.2s done
#4 CACHED

#5 apt-get update
#5 0.340 Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
#5 0.594 Get:2 http://deb.debian.org/debian-security bullseye-security InRelease [27.2 kB]
#5 0.765 Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
#5 0.916 Get:4 http://deb.debian.org/debian bullseye/main arm64 Packages [7955 kB]
#5 3.640 Get:5 http://deb.debian.org/debian-security bullseye-security/main arm64 Packages [334 kB]
#5 3.734 Get:6 http://deb.debian.org/debian bullseye-updates/main arm64 Packages [16.3 kB]
#5 4.270 Fetched 8492 kB in 4s (2018 kB/s)
#5 4.270 Reading package lists...
#5 DONE 4.5s

#6 apt-get install busybox-static
#6 0.047 Reading package lists...
#6 0.261 Building dependency tree...
#6 0.311 Reading state information...
#6 0.375 The following NEW packages will be installed:
#6 0.375   busybox-static
#6 0.648 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
#6 0.648 Need to get 811 kB of archives.
#6 0.648 After this operation, 1839 kB of additional disk space will be used.
#6 0.648 Get:1 http://deb.debian.org/debian-security bullseye-security/main arm64 busybox-static arm64 1:1.30.1-6+deb11u1 [811 kB]
#6 1.185 debconf: delaying package configuration, since apt-utils is not installed
#6 1.193 Fetched 811 kB in 1s (1109 kB/s)
#6 1.203 Selecting previously unselected package busybox-static.
(Reading database ... 6662 files and directories currently installed.)
#6 1.206 Preparing to unpack .../busybox-static_1%3a1.30.1-6+deb11u1_arm64.deb ...
#6 1.207 Unpacking busybox-static (1:1.30.1-6+deb11u1) ...
#6 1.339 Setting up busybox-static (1:1.30.1-6+deb11u1) ...
#6 DONE 1.4s

#7 copy /bin/busybox /bin/busybox
#7 CACHED

#8 mkdir /copa-out
#8 CACHED

#9 /bin/busybox sh -c
                status="$DPKG_STATUS_IS_UNKNOWN"
                if [ -f "$DPKG_STATUS_PATH" ]; then
                    status="$DPKG_STATUS_IS_FILE"
                    cp "$DPKG_STATUS_PATH" "$RESULTS_PATH"
                elif [ -d "$DPKG_STATUS_FOLDER" ]; then
                    status="$DPKG_STATUS_IS_DIRECTORY"
                    ls -1 "$DPKG_STATUS_FOLDER" > "$RESULT_STATUSD_PATH"
                    mv "$DPKG_STATUS_FOLDER"/* "$RESULTS_PATH"
                fi
                echo -n "$status" > "${RESULTS_PATH}/${STATUSD_OUTPUT_FILENAME}"

#9 CACHED

#3 docker-image://docker.io/library/nginx:1.21.6
#3 CACHED

#10 apt-get update
#10 0.075 Get:1 http://security.debian.org/debian-security bullseye-security InRelease [27.2 kB]
#10 0.151 Get:2 http://security.debian.org/debian-security bullseye-security/main arm64 Packages [334 kB]
#10 0.273 Get:3 http://deb.debian.org/debian bullseye InRelease [116 kB]
#10 0.546 Get:4 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
#10 0.678 Get:5 http://deb.debian.org/debian bullseye/main arm64 Packages [7955 kB]
#10 1.713 Get:6 http://deb.debian.org/debian bullseye-updates/main arm64 Packages [16.3 kB]
#10 2.194 Fetched 8492 kB in 2s (3943 kB/s)
#10 2.194 Reading package lists...
#10 DONE 2.4s

#11 sh -c apt-get -s upgrade 2>/dev/null | grep -q ^Inst || exit 1
#11 DONE 0.9s

#12 sh -c apt-get install --no-install-recommends -y libwebp libsepol glibc curl libx11 libssh2 e2fsprogs libtasn1-6 libxslt tar libxpm ncurses pcre2 systemd libxml2 krb5 expat nghttp2 util-linux gnupg2 libtirpc zlib perl freetype openssl tiff gnutls28 && apt-get clean -y
#12 0.049 Reading package lists...
#12 0.273 Building dependency tree...
#12 0.322 Reading state information...
#12 0.358 E: Unable to locate package libwebp
#12 0.358 E: Unable to locate package libsepol
#12 0.358 E: Unable to locate package glibc
#12 0.358 E: Unable to locate package libx11
#12 0.358 E: Unable to locate package libssh2
#12 0.358 E: Unable to locate package libxslt
#12 0.358 E: Unable to locate package libxpm
#12 0.358 E: Unable to locate package ncurses
#12 0.358 E: Unable to locate package pcre2Error: process "sh -c apt-get install --no-install-recommends -y libwebp libsepol glibc curl libx11 libssh2 e2fsprogs libtasn1-6 libxslt tar libxpm ncurses pcre2 systemd libxml2 krb5 expat nghttp2 util-linux gnupg2 libtirpc zlib perl freetype openssl tiff gnutls28 && apt-get clean -y" did not complete successfully: exit code: 100

[sozercan]

@benichmt1

#12 0.358 E: Unable to locate package libwebp
#12 0.358 E: Unable to locate package libsepol
#12 0.358 E: Unable to locate package glibc
#12 0.358 E: Unable to locate package libx11
#12 0.358 E: Unable to locate package libssh2
#12 0.358 E: Unable to locate package libxslt
#12 0.358 E: Unable to locate package libxpm
#12 0.358 E: Unable to locate package ncurses

looks like these don't match the package names in this image. for example, ncurses is called ncurses-base and ncurses-bin or libwebp is called libwebp6.

Can Docker Scout provide the exact package names?

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.