Reputation: 759
Prisma Randomously not finding docker image in jenkins
We have two stages one to build the docker image and another one to scan it with prisma pluging.
build image :
stage('Build Docker image preproduction') {
steps {
script {
dockerImage = docker.build("${env.docker_image_name}")
}
}
}
stage('Prisma Cloud Scan') {
steps {
prismaCloudScanImage dockerAddress: "$DOCKER_HOST", image: "${env.docker_image_name}:latest", logLevel: 'debug', resultsFile: 'prisma-cloud-scan-results.json'
}
}
This works fine most of the time, but in some situation almost ( 1 over 20 ) the job failled and we get this error:
[PRISMACLOUD] Scanning images remotely on default-5mn8k
[PRISMACLOUD] Waiting for scanner to complete
[PRISMACLOUD] /home/jenkins/agent/workspace/ild_chore_add-prisma-to-pipeline/twistcli6275500796561372150 images scan otherimagename:1234 --docker-address tcp://localhost:2375 --min-scan-time 1611048549280 --ci --publish --details --address https://XXXXXXXXXprisma_host_hereXXXXX --ci-results-file prisma-cloud-scan-results.json
[ild_chore_add-prisma-to-pipeline] $ /home/jenkins/agent/workspace/ild_chore_add-prisma-to-pipeline/twistcli6275500796561372150 images scan otherimagename:1234 --docker-address tcp://localhost:2375 --min-scan-time 1611048549280 --ci --publish --details --address https://XXXXXXXXXprisma_host_hereXXXX --ci-results-file prisma-cloud-scan-results.json
[PRISMACLOUD] failed to find image otherimagename:1234
[PRISMACLOUD] Scanner failed to run properly. Status: 1
and before this message we can see in the console that the image is already present in the docker host:
+ docker build -t otherimagename:1234 .
Sending build context to Docker daemon 20.54MB
Step 1/2 : FROM nginx:stable
---> b9e1dc12387a
Step 2/2 : COPY docs /usr/share/nginx/html
---> Using cache
---> 09787d1a562e
Successfully built 09787d1a562e
Successfully tagged otherimagename:1234
Can you help me figure out what's going on? we also set up one sleep time between the two steps, but still facing the issue.
Upvotes: 3
Views: 1782
Answers (1)
Reputation: 91
Thanks, @EFOE, this hint of the docker config helped. I ran into the same problem via Jenkins. The scans were running on Jenkins EC2 Jenkins agents, both Win and Linux for respective images. While there were no issues with the Linux image scans, the Windows scans failed to find the docker images.
I debugged the docker daemon logs on the windows EC2 agents and found that the images were actually accessible locally on those agents, but the Prisma plugin was unable to access the Docker API for the image details.
Since my agent never had any browsers installed (IE was broken), once I installed chrome as a browser, the Prisma plugin was able to access the docker images as well as perform the scans. So basically my agent needed a client to access the Docker API.
There were no issues when accessing the twistcli binaries by Prisma. Just had issues with only the Prisma Jenkins plugin for Windows.
Hopefully, this will help if someone runs into similar issues.
Upvotes: 1
Related Questions
- Docker not found when building docker image using Docker Jenkins container pipeline
- Jenkins pipeline fails for docker login to pull public image from dockerhub
- docker not found inside jenkins pipeline
- Trying to push image to DockerHub in containerized Jenkins
- Jenkins pipeline docker agent - docker run error - Failed to run image - java.io.IOException
- Can't Get Docker Image
- Jenkins Pipeline : docker not found with Maven docker image
- Jenkins always pull docker image from a declarative pipeline agent definition
- Jenkins within the docker is failing to pull the image
- Building docker images inside a Jenkins container