-
Notifications
You must be signed in to change notification settings - Fork 42
The Dockle component of the scanning tool is broken using ubuntu latest #146
Comments
Thanks for raising this issue and providing a workaround. This issue resulted in being unable so scan a locally build
Adding the work-around resolved the issue! 💯 |
Workaround for goodwithtech/dockle#188 Source: Azure/container-scan#146
* fix for containerscan Workaround for goodwithtech/dockle#188 Source: Azure/container-scan#146 * remove path filter to test designer scan will revert this when tested ok * test container scan with repositories instead * revert changes made to run workflow
hi, I think it is resolved in dockle 0.3.0, so ultimate fix would be to update that dependency goodwithtech/dockle#72 (comment) if I am not mistaken |
I was under the impression from this code that it tries to get the latest then falls back to an older version. https://github.com/Azure/container-scan/blob/master/src/dockleHelper.ts#L190-L202 I think this is where those two versions are defined. https://github.com/Azure/container-scan/blob/master/src/dockleHelper.ts#L17-L18 |
This issue is idle because it has been open for 14 days with no activity. |
* update docker images to alpine 3.16 * add workaround for Azure/container-scan#146
* update to alpine 3.16.1 * add workaround for Azure/container-scan#146
As of 2022/08/20, this problem is still occurring. Currently, @iamahern's solution is the only workaround.
Scanning for CIS and best practice violations...
Error: FATAL unable to initialize a image struct: failed to initialize source: reading manifest latest in docker.io/keinos/vscode-dev-container-go-test: errors:
Error: An error occurred while scanning the container image for best practice violations
name: Azure Scan
on:
workflow_dispatch:
pull_request:
branches: [main]
jobs:
analysis:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Build Docker image
run: docker build -t test:local .
- name: Run Dockle and Trivy
uses: Azure/container-scan@v0
with:
image-name: test:local
severity-threshold: CRITICAL
+ env:
+ # See:
+ # https://github.com/goodwithtech/dockle/issues/188
+ # https://github.com/Azure/container-scan/issues/146
+ DOCKLE_HOST: "unix:///var/run/docker.sock" |
This issue is idle because it has been open for 14 days with no activity. |
There is an upstream issue in the Dockle CLI where it is utilizing the
XDG_RUNTIME_DIR
variable to determine the docker host settings. See:goodwithtech/dockle#188
I was able to work around the issue by setting:
This is breaking Azure Container Scan for images that are not pushed to container registries on the current
ubuntu-latest
runner.The text was updated successfully, but these errors were encountered: