我已将一个 docker 镜像从私有(private)存储库拉到本地,并尝试使用 trivy image 命令扫描本地镜像。正在拉取数据库,但显示 Unauthorized error to access the local image
scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
* unable to inspect the image (index.docker.io/library/58625f3e2b28:latest): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
* GET https://index.docker.io/v2/library/58625f3e2b28/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/58625f3e2b28 Type:repository]]
Docker deamon 正在运行,镜像也在本地。
Trivy 版本:0.22.0
我将 Trivy 作为 docker 容器运行,并使用以下命令扫描本地镜像
docker run aquasec/trivy image <<imagename>>
最佳答案
官方documentation声明如果您希望在主机上扫描图像,则必须安装 Docker 套接字。
命令将如下所示:
docker run -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image <<imagename>>
关于docker - 使用 Trivy 扫描本地 docker 镜像漏洞,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70516891/