Scan Local Image using Trivy #4270

bhuvi11 · 2021-12-22T14:29:00Z

bhuvi11
Dec 22, 2021

I am trying to use trivy to scan a image locally built in my desktop
I used the command trivy image <image_name> and got the below error

-12-22T14:25:30.920Z FATAL scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
* unable to inspect the image (index.docker.io/library/pipe-test8:latest): Error: No such image: index.docker.io/library/pipe-test8:latest
* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* GET https://index.docker.io/v2/library/pipe-test8/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/pipe-test8 Type:repository]]
Can someone help me

knqyf263 · 2021-12-22T15:05:34Z

knqyf263
Dec 22, 2021
Maintainer

Seems like your image doesn't exist in your local Docker daemon. Please make sure the image name and tag is correct.

0 replies

sbrinkerhoff · 2021-12-22T22:49:14Z

sbrinkerhoff
Dec 22, 2021

Working here with a local image present (MacOS, Docker Desktop, Trivy)

❯ trivy stan:latest
2021-12-22T17:47:40.450-0500	FATAL	scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
	* unable to inspect the image (index.docker.io/library/stan:latest): Error: No such image: index.docker.io/library/stan:latest
	* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* GET https://index.docker.io/v2/library/stan/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/stan Type:repository]]
	
❯ echo "FROM nginx:latest" >> Dockerfile
❯ docker build . -t stan:latest

❯ trivy stan:latest
2021-12-22T17:48:05.992-0500	INFO	Detected OS: debian
2021-12-22T17:48:05.992-0500	INFO	Detecting Debian vulnerabilities...
2021-12-22T17:48:06.032-0500	INFO	Number of language-specific files: 1
2021-12-22T17:48:06.032-0500	INFO	Detecting jar vulnerabilities...

stan:latest (debian 11.2)
=========================
Total: 98 (UNKNOWN: 0, LOW: 83, MEDIUM: 5, HIGH: 6, CRITICAL: 4)

0 replies

hazcod · 2021-12-30T13:38:44Z

hazcod
Dec 30, 2021

Works for me too.

0 replies

PenelopeFudd · 2022-01-26T23:44:56Z

PenelopeFudd
Jan 26, 2022

Ok, I think I've got the same problem:

# docker image ls 

REPOSITORY                                                               TAG       IMAGE ID       CREATED         SIZE
999999999999.dkr.ecr.us-west-2.amazonaws.com/foobar2-edge-cache-server   latest    6626baea4fd6   2 weeks ago     3.55GB
aquasec/trivy                                                            0.22.0    51c32101009b   4 weeks ago     61MB
<none>                                                                   <none>    9eeb7053d381   2 months ago    921MB
nginx                                                                    latest    ea335eea17ab   2 months ago    141MB
999999999999.dkr.ecr.us-west-2.amazonaws.com/foobar2-edge-cache-server   <none>    00d3704627b8   2 months ago    1.16GB
<none>                                                                   <none>    ecea4ed288b9   2 months ago    1.16GB
localhost:5000/ansible-base                                              latest    84bbce9e6c36   2 months ago    922MB
ansible-base                                                             latest    cbeaf85279a5   3 months ago    855MB
osdk-foobar2:5000/docker/ansible-base                                    latest    cbeaf85279a5   3 months ago    855MB
vagrant-mutate                                                           latest    cf0d30e2a697   3 months ago    354MB
vagrantlibvirt/vagrant-libvirt                                           latest    9e33cc799237   3 months ago    732MB
ubuntu                                                                   18.04     5a214d77f5d7   3 months ago    63.1MB
registry                                                                 2         b2cb11db9d3d   4 months ago    26.2MB
ubuntu                                                                   16.04     b6f507652425   4 months ago    135MB
ubuntu                                                                   latest    1318b700e415   6 months ago    72.8MB
ubuntu                                                                   14.04     13b66b487594   10 months ago   197MB
hello-world                                                              latest    d1165f221234   10 months ago   13.3kB
node                                                                     12.16.3   bdca973cfa07   20 months ago   916MB

I can run trivy image node, trivy image node:12.6.3, or trivy image localhost:5000/ansible-base, but not trivy image "<none>" (makes no sense) or trivy image ecea4ed288b9:

# trivy image ecea4ed288b9

2022-01-26T15:47:49.322-0800	FATAL	scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
	* unable to inspect the image (index.docker.io/library/ecea4ed288b9:latest): Error: No such image: index.docker.io/library/ecea4ed288b9:latest
	* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* GET https://index.docker.io/v2/library/ecea4ed288b9/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/ecea4ed288b9 Type:repository]]

Is there a way to scan images by image id? In a forensic investigation of a live system, it would be a bad idea to modify the docker image metadata, as that would alter the evidence and could jeopardize the case.

Thanks.

0 replies

tatulea · 2022-02-03T12:37:44Z

tatulea
Feb 3, 2022

I'm also interested in scanning the image using image id

0 replies

2022-04-13T00:05:11Z

github-actions[bot]
bot Apr 13, 2022

This issue is stale because it has been labeled with inactivity.

0 replies

davehodg · 2022-06-09T13:35:54Z

davehodg
Jun 9, 2022

I have built a named local image and I get:

% trivy i platform    
2022-06-09T14:34:15.794+0100	FATAL	image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
	* unable to inspect the image (platform): Error: No such image: platform
	* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* GET https://index.docker.io/v2/library/platform/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/platform Type:repository]]

Freshly brew updated trivy.

0 replies

apankowski · 2022-12-03T12:12:59Z

apankowski
Dec 3, 2022

TL;DR

You might have not exported the image to your local docker image cache. Without providing information on your exact setup used to build the images it's hard to tell (OS, do you use containerd, docker, buildx, which versions, etc.).

Longer version

Today I decided to include Trivy scan of docker images built for my project with GitHub Actions. Built images are local to the GitHub Actions runner host. I got (pretty much) the same error in my initial build:

2022-12-03T11:10:36.407Z	FATAL	image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 4 errors occurred:
	* unable to inspect the image (apankowski/garcon:07776268f3b753caa640f474ab41eac29c25a554): Error: No such image: apankowski/garcon:07776268f3b753caa640f474ab41eac29c25a554
	* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* containerd socket not found: /run/containerd/containerd.sock
	* GET https://index.docker.io/v2/apankowski/garcon/manifests/07776268f3b753caa640f474ab41eac29c25a554: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:apankowski/garcon Type:repository]]

Initially I thought it was because I used apankowski/ prefix but that wasn't it. Inspecting the logs carefully I found this output from my image building command:

WARNING: No output specified with docker-container driver. Build result will only remain in the build cache. To push result image into registry use --push or to load image into docker use --load

This made sense -- I'm using docker buildx for building.
So, following advice in the warning message, I added --load to the build command which made buildx export the image to local docker image cache, making it visible to Trivy.

So: I suggest verifying that your build image is visible to docker using docker image ls. Also provide the exact setup you're using to build the image (OS, do you use containerd, docker, buildx, which versions, etc.)

0 replies

autarchprinceps · 2023-01-11T14:55:00Z

autarchprinceps
Jan 11, 2023

I have exactly the same issue, but no --load doesn't help. Trivy doesn't use the local version, but always tries to pull from docker hub:

❯ docker images | grep test
test                                                     latest            c33738aa1932   4 minutes ago   744MB
❯ trivy i test
2023-01-11T15:50:41.776+0100	INFO	Vulnerability scanning is enabled
2023-01-11T15:50:41.777+0100	INFO	Secret scanning is enabled
2023-01-11T15:50:41.777+0100	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-01-11T15:50:41.777+0100	INFO	Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection
2023-01-11T15:50:43.258+0100	FATAL	image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 4 errors occurred:
	* unable to inspect the image (test): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
	* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* containerd socket not found: /run/containerd/containerd.sock
	* GET https://index.docker.io/v2/library/test/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/test Type:repository]]

But testing a docker hub image works on the same machine, so clearly non of the other problems it considers are there.

❯ trivy --version
Version: 0.36.1
On Mac

1 reply

revolunet Jul 18, 2023

same issue for me, [email protected] with brew

the image is visible in docker image ls but not with trivy image app:latest

knqyf263 · 2023-01-11T15:14:25Z

knqyf263
Jan 11, 2023
Maintainer

@autarchprinceps Your issue is different from others. Trivy can't connect to the Docker daemon. Do you have special DOCKER_HOST?

unable to inspect the image (test): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

0 replies

revolunet · 2023-07-18T23:17:19Z

revolunet
Jul 18, 2023

On mac looks like you have to set the DOCKER_HOST :

docker build . -t app:latest

export DOCKER_HOST=unix:///Users/xxx/.docker/run/docker.sock

trivy image app:latest

3 replies

pantelis-karamolegkos May 29, 2024

On mac looks like you have to set the DOCKER_HOST :

docker build . -t app:latest

export DOCKER_HOST=unix:///Users/xxx/.docker/run/docker.sock

trivy image app:latest

This also worked for me so the question becomes why is an explicit export of DOCKER_HOST needed?

Iamchhimpa Jul 7, 2024

Thanks @revolunet this worked for me too!

export DOCKER_HOST=unix:///Users/xxx/.docker/run/docker.sock

gligorot Jan 30, 2025

why is an explicit export of DOCKER_HOST needed?
@pantelis-karamolegkos see #4270 (comment)

rvowles · 2023-09-15T07:56:52Z

rvowles
Sep 15, 2023

Yes, @revolunet 's answer worked for me:

export DOCKER_HOST=unix:///$HOME/.docker/run/docker.sock

1 reply

knqyf263 Sep 15, 2023
Maintainer

There is also --docker-host.

$ trivy image -h | grep docker-host
      --docker-host string              unix domain socket path to use for docker scanning

ozbillwang · 2023-10-25T01:48:48Z

ozbillwang
Oct 25, 2023

#480

0 replies

pjonsson · 2023-12-01T11:53:30Z

pjonsson
Dec 1, 2023

Using Trivy 0.47.0, both the Debian packages directly on an Ubuntu 22.04 machine, and the 0.47.0 tarball inside a container with a mounted /var/run/docker.sock and running:

trivy --debug image --severity HIGH,CRITICAL --no-progress --image-src docker --format template --template "@contrib/junit.tpl" -o toolbox/gl-container-scanning-report.xml -d registry.com/project/toolbox:prod-5415-ddb70916

gave:

2023-12-01T11:04:31.968Z	DEBUG	Severities: ["HIGH" "CRITICAL"]
2023-12-01T11:04:31.968Z	DEBUG	Ignore statuses	{"statuses": null}
2023-12-01T11:04:31.984Z	DEBUG	cache dir:  /root/.cache/trivy
2023-12-01T11:04:31.985Z	DEBUG	There is no valid metadata file: unable to open a file: open /root/.cache/trivy/db/metadata.json: no such file or directory
2023-12-01T11:04:31.985Z	INFO	Need to update DB
2023-12-01T11:04:31.985Z	INFO	DB Repository: ghcr.io/aquasecurity/trivy-db
2023-12-01T11:04:31.985Z	INFO	Downloading DB...
2023-12-01T11:04:31.985Z	DEBUG	no metadata file
2023-12-01T11:04:34.181Z	DEBUG	Updating database metadata...
2023-12-01T11:04:34.181Z	DEBUG	DB Schema: 2, UpdatedAt: 2023-12-01 06:11:19.964132421 +0000 UTC, NextUpdate: 2023-12-01 12:11:19.96413215 +0000 UTC, DownloadedAt: 2023-12-01 11:04:34.18160659 +0000 UTC
2023-12-01T11:04:34.181Z	INFO	Vulnerability scanning is enabled
2023-12-01T11:04:34.181Z	DEBUG	Vulnerability type:  [os library]
2023-12-01T11:04:34.182Z	INFO	Secret scanning is enabled
2023-12-01T11:04:34.182Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-01T11:04:34.182Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.47/docs/scanner/secret/#recommendation for faster secret detection
2023-12-01T11:04:34.184Z	FATAL	image scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:424
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:268
  - unable to initialize a scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:679
  - unable to initialize a docker scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.imageStandaloneScanner
        /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:17
  - 1 error occurred:
	* unable to inspect the image (registry.com/project/toolbox:prod-5415-ddb70916): Error response from daemon: No such image: registry.com/project/toolbox:prod-5415-ddb70916

The image is built with the default docker builder and listed in docker images, so --load does not improve the situation. Manually extracting the image ID and passing that to the same trivy command line:

IMAGE_ID=$(docker images | grep toolbox | grep prod-5415-dddb70916 | awk '{print $3}')
trivy --debug image --severity HIGH,CRITICAL --no-progress --image-src docker --format template --template "@contrib/junit.tpl" -o toolbox/gl-container-scanning-report.xml -d $IMAGE_ID

makes things work for me, both inside the container and directly on the machine.

Not sure if it matters, but using the Docker 24.0.7 Debian packages from docker.com.

0 replies

drifter75 · 2024-01-19T22:56:58Z

drifter75
Jan 19, 2024

using Docker version 24.0.7 and trivy 'Version: 0.48.3'

using 'docker run aquasec/trivy image localhost:5000/zigbee2mqtt:1.35.1' gave...


2024-01-19T22:49:16.924Z        FATAL   image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: 4 errors occurred:
        * docker error: unable to inspect the image (localhost:5000/zigbee2mqtt:1.35.1): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
        * containerd error: containerd socket not found: /run/containerd/containerd.sock
        * podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
        * remote error: Get "https://localhost:5000/v2/": dial tcp 127.0.0.1:5000: connect: connection refused; Get "http://localhost:5000/v2/": dial tcp 127.0.0.1:5000: connect: connection refused

but it works if I provide the IP address of host instead of localhost.

docker run aquasec/trivy image 192.168.1.85:5000/zigbee2mqtt:1.35.1
-
-
-
192.168.1.85:5000/zigbee2mqtt:1.35.1 (alpine 3.18.5)
====================================================
Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 0, CRITICAL: 0)

0 replies

jiri-bajer · 2024-03-04T16:17:36Z

jiri-bajer
Mar 4, 2024

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image <my local image> helped in my case.
See https://www.howtogeek.com/devops/how-to-use-trivy-to-find-vulnerabilities-in-docker-containers/ for source of the advice.

1 reply

PenelopeFudd Jul 24, 2024

That works, but it's a big security hole since it grants the container full access to your system.
Unfortunately, I haven't heard of a more-secure alternative. 🫤

reukiodo · 2024-10-03T22:32:59Z

reukiodo
Oct 3, 2024

Is there no way to run trivy on an image without first running a docker or podman daemon ??

2024-10-03 15:31:28 github@clad-github-builder:~/actions-runner/_work/cladcloud/cladcloud$ docker image ls
REPOSITORY             TAG              IMAGE ID       CREATED          SIZE
degauss-geocoder-api   20241003145526   5efec9cc1c83   21 minutes ago   5.21GB
2024-10-03 15:31:34 github@clad-github-builder:~/actions-runner/_work/cladcloud/cladcloud$ trivy --debug image --image-src docker degauss-geocoder-api
2024-10-03T15:31:42.857-0700	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-10-03T15:31:42.857-0700	DEBUG	Ignore statuses	{"statuses": null}
2024-10-03T15:31:42.859-0700	DEBUG	cache dir:  /home/github/.cache/trivy
2024-10-03T15:31:42.860-0700	DEBUG	DB update was skipped because the local DB is the latest
2024-10-03T15:31:42.860-0700	DEBUG	DB Schema: 2, UpdatedAt: 2024-10-03 18:15:28.620721667 +0000 UTC, NextUpdate: 2024-10-04 18:15:28.620721527 +0000 UTC, DownloadedAt: 2024-10-03 19:51:31.283915153 +0000 UTC
2024-10-03T15:31:42.860-0700	INFO	Vulnerability scanning is enabled
2024-10-03T15:31:42.860-0700	DEBUG	Vulnerability type:  [os library]
2024-10-03T15:31:42.860-0700	INFO	Secret scanning is enabled
2024-10-03T15:31:42.860-0700	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-10-03T15:31:42.860-0700	INFO	Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
2024-10-03T15:31:42.860-0700	DEBUG	Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-10-03T15:31:42.864-0700	FATAL	image scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /builddir/build/BUILD/trivy-0.50.4/pkg/commands/artifact/run.go:425
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /builddir/build/BUILD/trivy-0.50.4/pkg/commands/artifact/run.go:269
  - unable to initialize a scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /builddir/build/BUILD/trivy-0.50.4/pkg/commands/artifact/run.go:704
  - unable to initialize an image scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.imageStandaloneScanner
        /builddir/build/BUILD/trivy-0.50.4/pkg/commands/artifact/scanner.go:18
  - 1 error occurred:
	* docker error: unable to inspect the image (degauss-geocoder-api): Error response from daemon: No such image: degauss-geocoder-api:latest


2024-10-03 15:31:42 github@clad-github-builder:~/actions-runner/_work/cladcloud/cladcloud$

0 replies

gligorot · 2025-01-30T13:59:27Z

gligorot
Jan 30, 2025

In my case I have multiple docker contexts, and trivy needs to be "shown" the correct one.

So:

❯ docker context ls
NAME           DESCRIPTION                               DOCKER ENDPOINT                                 
colima-amd     colima [profile=amd]                      unix:///Users/xxx/.colima/amd/docker.sock   
colima-arm *   colima [profile=arm]                      unix:///Users/xxx/.colima/arm/docker.sock   
default        Current DOCKER_HOST based configuration   unix:///var/run/docker.sock

Then based on the selected context (marked with *) set DOCKER_HOST and run trivy:

DOCKER_HOST="unix://$HOME/.colima/arm/docker.sock" trivy image name:tag

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scan Local Image using Trivy #4270

{{title}}

Replies: 18 comments 6 replies

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

Select a reply

Scan Local Image using Trivy #4270

Replies: 18 comments · 6 replies

knqyf263 Dec 22, 2021 Maintainer

github-actions[bot] bot Apr 13, 2022

knqyf263 Jan 11, 2023 Maintainer

knqyf263 Sep 15, 2023 Maintainer

Replies: 18 comments 6 replies

knqyf263
Dec 22, 2021
Maintainer

github-actions[bot]
bot Apr 13, 2022

knqyf263
Jan 11, 2023
Maintainer

knqyf263 Sep 15, 2023
Maintainer