Skip to content

Support of Docker TCP port to scan local cache images on host machine #170

New issue
New issue
Closed
#171
Closed
Support of Docker TCP port to scan local cache images on host machine#170
#171
Labels
enhancementNew feature or request
@Dentrax

Description

@Dentrax
Dentrax
opened on Feb 15, 2022

Currently, dockle only have a support for /var/run/docker.sock to connect Docker Daemon. We @developer-guy noticed that since we rely on $DOCKER_HOST variable by setting tcp://localhost:2375, dockle ignores the local cache even if image already present on the host machine. Ending up with pulling the image again.

Consider following example:

scan:
  image: $SCAN_IMAGE
  services:
    - docker:19.03.15-dind
  variables:
    DOCKER_HOST: "tcp://localhost:2375"
    DOCKER_TLS_CERTDIR: ""
  script:
    - docker image pull --quiet $DOCKER_IMAGE
    - dockle --exit-level WARN --exit-code 0 $DOCKER_IMAGE

How to reproduce:

  1. $ docker run --privileged -p 12375:2375 -e DOCKER_TLS_CERTDIR="" --rm -it docker:20.10.12-dind
  2. $ DOCKER_HOST=tcp://localhost:12375 docker image pull busybox
  3. $ DOCKER_HOST=tcp://localhost:12375 docker image tag busybox foo
$ DOCKER_HOST=tcp://localhost:12375 docker image ls
REPOSITORY             TAG       IMAGE ID       CREATED        SIZE
busybox                latest    ec3f0931a6e6   10 days ago    1.24MB
foo                    latest    ec3f0931a6e6   10 days ago    1.24MB

$ DOCKER_HOST=tcp://localhost:12375 dockle --exit-level WARN --exit-code 0 foo

2022-02-15T17:26:12.772+0300    FATAL   unable to initialize a image struct: failed to initialize source: reading manifest latest in docker.io/library/foo: errors:
denied: requested access to the resource is denied
unauthorized: authentication required

If you have necessary access to docker.io, you will get the following error:

2022-02-15T12:09:30.033Z	DEBUG	There is no .dockleignore file
2022-02-15T12:09:30.033Z	DEBUG	Fetch latest version from github
2022-02-15T12:09:30.575Z	DEBUG	Start assessments...
2022-02-15T12:09:30.928Z	FATAL	unable to initialize a image struct:
    github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.0-20210909145842-06c0013a5310/extractor/docker/docker.go:73
  - failed to initialize source:
    github.com/goodwithtech/deckoder/extractor/image.NewImage
        /home/runner/go/pkg/mod/github.com/goodwithtech/deckoder@v0.0.0-20210909145842-06c0013a5310/extractor/image/image.go:86
  - manifest unknown: manifest unknown

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions