Dockle Error while scanning an Image built on a Gitlab SaaS Runner #263
Description
Description
- Am making use of Gitlab SaaS Runner to build an image and then scan it with Dockle binary.
- The Runner's environment that am making use of for this pipeline is docker image with dind service.
- Here's my Gitlab workflow YAML file:
# cat .gitlab-ci.yaml
stages:
- build-scan-image
build-scan-image:
stage: build-scan-image
image: docker:latest
services:
- docker:dind
script:
- echo "Dockerfile contents....."
- cat Dockerfile
- echo "Image Build............."
- docker image build -t test-app:latest .
- docker image ls
- echo "Scan image with Dockle......"
- chmod 777 dockle
- ./dockle --version
- ./dockle --debug test-app:latest
- Dockle scan fails to read the built image with an error.
What did you expect to happen?
Parse the image and identify the mis-configurations.
What happened instead?
2024-08-08T05:17:38.236Z FATAL unable to initialize a image struct: failed to initialize source: reading manifest latest in docker.io/library/test-app: requested access to the resource is denied
Output of run with -debug:
$ ./dockle --debug test-app:latest
2024-08-08T05:59:50.695Z DEBUG There is no .dockleignore file
2024-08-08T05:59:50.695Z DEBUG Skipped update confirmation
2024-08-08T05:59:50.695Z DEBUG Start assessments...
2024-08-08T05:59:51.043Z FATAL unable to initialize a image struct:
github.com/goodwithtech/deckoder/extractor/docker.newDockerExtractor
/home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/docker/docker.go:73
- failed to initialize source:
github.com/goodwithtech/deckoder/extractor/image.NewImage
/home/runner/go/pkg/mod/github.com/goodwithtech/[email protected]/extractor/image/image.go:86
- reading manifest latest in docker.io/library/test-app: requested access to the resource is denied
Output of dockle -v:
dockle version 0.4.14
Additional details (base image name, container registry info...):
- Pipepline logs for the above job is attached FYR.
gitlab-pipeline-logs.txt