I am doing a trivy scan on my image
`trivy image ...
# generalb
boundless-monitor-25497
03/31/2025, 12:34 PMI am doing a trivy scan on my image
trivy image --severity CRITICAL,HIGH --exit-code 1 segment-api:latest Copy code
2025-03-31T13:32:31+01:00 INFO [vulndb] Need to update DB
2025-03-31T13:32:31+01:00 INFO [vulndb] Downloading vulnerability DB...
2025-03-31T13:32:31+01:00 INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2"
61.66 MiB / 61.66 MiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 7.36 MiB p/s 8.6s
2025-03-31T13:32:40+01:00 INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2"
2025-03-31T13:32:40+01:00 INFO [vuln] Vulnerability scanning is enabled
2025-03-31T13:32:40+01:00 INFO [secret] Secret scanning is enabled
2025-03-31T13:32:40+01:00 INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-03-31T13:32:40+01:00 INFO [secret] Please see also <https://aquasecurity.github.io/trivy/v0.59/docs/scanner/secret#recommendation> for faster secret detection
2025-03-31T13:32:41+01:00 FATAL Fatal error image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: unable to find the specified image "segment-api:latest" in ["docker" "containerd" "podman" "remote"]: 4 errors occurred:
* docker error: unable to inspect the image (segment-api:latest): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* containerd error: containerd socket not found: /run/containerd/containerd.sock
* podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* remote error: GET <https://index.docker.io/v2/library/segment-api/manifests/latest>: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/segment-api Type:repository]]m
mysterious-animal-29850
03/31/2025, 3:14 PMHi Sandeep, your question is quite vague, are you running the trivy command on your local machine, rancher-desktop, CI pipeline?
b
boundless-monitor-25497
03/31/2025, 3:15 PMIn my local machine
m
mysterious-animal-29850
03/31/2025, 3:16 PMwhat is your container runtime? docker, podman, nerdctl?
b
boundless-monitor-25497
03/31/2025, 3:16 PMdocker
m
mysterious-animal-29850
03/31/2025, 3:16 PMare you running the trivy cli or using docker to run a trivy container image?
b
boundless-monitor-25497
03/31/2025, 3:17 PMtrivy cli
m
mysterious-animal-29850
03/31/2025, 3:18 PMAm less familiar with docker, but can you check that you have docker.sock in
/var/run/docker.sockb
boundless-monitor-25497
03/31/2025, 3:19 PMyes my user is part of docker group
m
mysterious-animal-29850
03/31/2025, 3:22 PMI just searched that image and I don't see a segment-api in dockerhub. Is that a custom image you created?
b
boundless-monitor-25497
03/31/2025, 3:49 PMyes thats the image I have build in my
boundless-monitor-25497
03/31/2025, 3:49 PMlocal
boundless-monitor-25497
03/31/2025, 3:49 PMand I am running to trivy to scan the image
m
mysterious-animal-29850
03/31/2025, 5:24 PMthen you need to specify
localhost/segment-api:latestmysterious-animal-29850
03/31/2025, 5:25 PMby default if you provide just the image name it defers to dockerhub
b
boundless-monitor-25497
04/01/2025, 2:43 AMsame error @mysterious-animal-29850
sandeep.das@D4092W76P6 iiris-apis % trivy image --severity CRITICAL,HIGH --exit-code 1 localhost/segment-api:latest Copy code
2025-04-01T03:40:44+01:00 INFO [vuln] Vulnerability scanning is enabled
2025-04-01T03:40:44+01:00 INFO [secret] Secret scanning is enabled
2025-04-01T03:40:44+01:00 INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-04-01T03:40:44+01:00 INFO [secret] Please see also <https://aquasecurity.github.io/trivy/v0.59/docs/scanner/secret#recommendation> for faster secret detection
2025-04-01T03:40:45+01:00 FATAL Fatal error image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: unable to find the specified image "localhost/segment-api:latest" in ["docker" "containerd" "podman" "remote"]: 4 errors occurred:
* docker error: unable to inspect the image (localhost/segment-api:latest): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* containerd error: containerd socket not found: /run/containerd/containerd.sock
* podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* remote error: GET <https://index.docker.io/v2/localhost/segment-api/manifests/latest>: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:localhost/segment-api Type:repository]]m
mysterious-animal-29850
04/01/2025, 2:45 AMWhen you run ‘docker images’ is the image you built in the list?
b
boundless-monitor-25497
04/01/2025, 2:47 AMYes...
Copy code
sandeep.das@D4092W76P6 iiris-apis % docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
segment-api latest 86cd9a653dbc 14 hours ago 965MBm
mysterious-animal-29850
04/01/2025, 2:59 AMOk, I take back the localhost. You should refer to your container as segment-api. Are you running docker in rootless mode?
b
boundless-monitor-25497
04/01/2025, 3:00 AMOk it works now @mysterious-animal-29850. Here is the revised command
trivy image --severity CRITICAL,HIGH --exit-code 1 --docker-host unix:///Users/sandeep.das/.rd/docker.sock segment-api:latestm
mysterious-animal-29850
04/01/2025, 3:00 AMmysterious-animal-29850
04/01/2025, 3:01 AMI asked if you were using rancher desktop… for this reason…
👍 1
b
boundless-monitor-25497
04/01/2025, 3:06 AMwill keep an eye on this open issue, thanks for your inputs
7 Views