Run Scanner Agent In Rootless Mode

[dmdhrumilmistry]

Additional context
To able to run scanner agent docker containers in rootless mode.

Is your feature request related to a problem? Please describe.
Some organizations prefer running docker in rootless mode to enhance container security posture for their current infra. Host Docker Agent doesn't seem to work properly when docker is running in rootless mode.

Describe the solution you'd like

Describe alternatives you've considered

Components/Services

• UI/Frontend
• API/Backend
• Agent
• Deployment/YAMLs
• CI/CD Integration
• Other (specify)

Additional context

[noboruma]

@dmdhrumilmistry thanks for reporting this issue.
The agent needs root permission to access some system information, hence we never looked into rootless mode.
If we do that, we might lose access to useful information and thus return partial information to the console, like connectivity information and some file access (Meaning scanner might not be accessing the full file system).
Would such degradation be acceptable in your workflow?

[dmdhrumilmistry]

@dmdhrumilmistry thanks for reporting this issue. The agent needs root permission to access some system information, hence we never looked into rootless mode. If we do that, we might lose access to useful information and thus return partial information to the console, like connectivity information and some file access (Meaning scanner might not be accessing the full file system). Would such degradation be acceptable in your workflow?

@noboruma thanks for the clarity on the issue. We would like to stick to rootless mode for now since it avoids several security risks. Would it be possible to run agent without using docker with root permissions?