Scanning Local Docker Images with Trivy

When using Trivy to scan Docker images pulled from a private repository, you may encounter unauthorized access errors. This guide will help you understand how to resolve these issues.

Common Error Messages

While attempting to scan a local Docker image, you might see errors similar to the following:

scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
    * unable to inspect the image (index.docker.io/library/58625f3e2b28:latest): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
    * unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
    * GET https://index.docker.io/v2/library/58625f3e2b28/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/58625f3e2b28 Type:repository]]

Possible Causes

  1. Docker Daemon Not Running: Ensure that the Docker daemon is active. You can check its status with:

    systemctl status docker

  2. Image Not Found Locally: Verify that the image is indeed present on your local machine. You can list local images with:

    docker images

  3. Authentication Issues: If the image is from a private repository, ensure you have logged in to Docker with the correct credentials:

    docker login

Running Trivy to Scan Local Images

To scan a local Docker image using Trivy, you can run the following command:

docker run --rm -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image <imagename>
  • The --rm flag automatically removes the container after the scan.
  • The -v /var/run/docker.sock:/var/run/docker.sock option allows Trivy to access the Docker daemon, which is necessary for scanning local images.

Conclusion

By ensuring that the Docker daemon is running, confirming the image's presence, and addressing any authentication issues, you can successfully scan your local Docker images with Trivy. If you continue to face issues, consider checking the Trivy documentation for further troubleshooting steps.