6

I've pulled a docker image from a private repository to local and trying to scan the local image with trivy image command. It is pulling the database but showing Unauthorized error to access the local image

scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
        * unable to inspect the image (index.docker.io/library/58625f3e2b28:latest): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
        * unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
        * GET https://index.docker.io/v2/library/58625f3e2b28/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/58625f3e2b28 Type:repository]]

Docker deamon is running and the image is also in local. Trivy version: 0.22.0
I'm running Trivy as a docker container and using below command to scan the local image

docker run aquasec/trivy image <<imagename>>
Manoj kumar
  • 227
  • 6
  • 19
  • maybe because it's a private image it has no data on it? also from user and type of machine\OS are you running this? – Noam Yizraeli Dec 29 '21 at 11:12
  • @NoamYizraeli it has data.. i've pulled that to local using my credentials. And I tried scanning it in WSL2 ubuntu and windows powershell, git bash. All were giving same error – Manoj kumar Dec 29 '21 at 12:40
  • how did you install `trivy` and how did you run the scanning command? also, maybe it's a permissions thing, try running cmd as admin and run `docker ps` to make sure the daemon is running (I know you've checked that, I'm making sure anyway by running a command that needs to talk to the daemon) – Noam Yizraeli Dec 29 '21 at 17:35
  • @NoamYizraeli actually I'm running trivy as a docker container.. it is pulling CVE results to its database and then throwing this error. I'm running this inside a wsl2 ubuntu with sudo access. It is showing the type as registry in the error msg even though i'm trying to run a image in my local – Manoj kumar Dec 30 '21 at 07:32
  • command used to scan is `docker run aquasec/trivy image <>` – Manoj kumar Dec 30 '21 at 07:50

1 Answers1

7

The official documentation states that you have to mount the Docker socket if you wish to scan an image on your host machine.

The command would then look like this:

docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image <<imagename>>
turbolocust
  • 155
  • 2
  • 13