LARA
Reputation: 1
How to scan built docker images using trivy in gitlab-ci pipeline?
I am trying to write a gitlab-ci script to build images from dockerfiles, scan them using Trivy and push them to my private registry. I've used the below script, and it works fine when i use it to pull docker images, scan them and push to my registry but it gives an error when i use it on custom built images
if gcloud artifacts docker images list $DOCKER_REGISTRY/$image --include-tags | grep -q $version; then
echo "Image $image:$version already exists in the repository. Skipping build and push."
else
cd $path;
buildah build -t $DOCKER_REGISTRY/$image:$version .;
echo "Image : $DOCKER_REGISTRY/$image:$version"
# Scan the image with Trivy and set exit code 1 for critical vulnerabilities
trivy image --severity CRITICAL --exit-code 1 --no-progress $DOCKER_REGISTRY/$image:$version
if [ $? -eq 0 ]; then
# Push the image to the Docker registry using Buildah
buildah push "$DOCKER_REGISTRY/$repository:$tag"
echo "buildah push "$DOCKER_REGISTRY/$image:$version""
echo "Image $image:$version has been pushed to the artifact registry"
else
echo "Image $image:$version contains critical vulnerabilities. Skipping build and push."
fi
fi
The error:
2023-09-19T05:35:27.513Z INFO Need to update DB
2023-09-19T05:35:27.514Z INFO Downloading DB...
2023-09-19T05:35:32.992Z FATAL scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
* unable to inspect the image (asia-west-docker.pkg.dev/v2/project-circles/dataplatform/buildah-image:1.0.1): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* GET https://asia-west-docker.pkg.dev/v2/project-circles/dataplatform/buildah-image/manifests/1.0.1: MANIFEST_UNKNOWN: Failed to fetch "1.0.1"
Note : I am using buildah:v3.1 image in my gitlab-ci pipeline
Please help me to identify what I'm doing wrong here and what i need to do to fix it?
Thank you in advance! :)
Upvotes: 0
Views: 1341
Answers (0)
Related Questions
- How do I pass environment variables to Docker containers?
- How to run trivy image scan inside Azure DevOps
- How to Perform GitLab Container Scanning Before Pushing Images Using GitLab CI with Kaniko Without Using Artifacts?
- How to add users to Docker container?
- How do I use docker commands in docker container?
- build and push docker images with GitLab CI
- Gitlab CI cannot pull image from private docker registry
- GitLab CI/CD: building multiarch Docker images
- How to start newly built docker image when deploying?