skopeo doesn't seem to use Docker image cache when running in container #1121

meriouma · 2022-02-11T22:36:18Z

Describe the bug
While using Tern in a Docker container, skopeo tries to download the image, although it was already pulled by docker. What I'm trying to achieve here is run Tern on a private image on Github Actions. The steps are (I'm using those steps for other tools and it works fine) :

Login to private registry
Pull the private image with docker pull
Run docker run -v /var/run/docker.sock:/var/run/docker.sock philipssoftware/tern:2.9.1 report -f cyclonedxjson -o output.json -i privaterepo/image:tag (as per the README)

Error in terminal
Although the image was succesfully pulled by docker :

2022-02-11 22:17:58,014 - ERROR - skopeo - Error when downloading image: "b'time="2022-02-11T22:17:58Z" level=fatal msg="Error initializing source docker://privaterepo/image:tag: Error reading manifest edge in privaterepo/image:tag: unauthorized: authentication required"\n'"
2022-02-11 22:17:58,015 - CRITICAL - run - Cannot download Container image: "privaterepo/image:tag"

Expected behavior
Tern running on the already pulled image on the host.

Environment you are running Tern on
Enter all that apply

Output of 'tern --version' : 2.9.1

The text was updated successfully, but these errors were encountered:

nishakm · 2022-02-18T17:42:19Z

Also related to #1087 - where skopeo may require either access to registries.conf and/or passing the tls-verify=false flag.

nishakm · 2022-02-18T17:46:11Z

@meriouma Have you tried mounting your registries.conf file from your host to the tern container? Similar to this: https://docs.docker.com/registry/configuration/#overriding-the-entire-configuration-file

In situations where TLS is not enabled for a registry, users may now turn off the option to check TLS certificates and use HTTP rather than HTTPS to pull images using skopeo. It is advised to not use this flag for untrusted registries and only use it for registries hosted locally to testing or debugging. This option is also added for the `debug` sub-command. Fixes tern-tools#1121 and tern-tools#1087 Signed-off-by: Nisha K <[email protected]>

In situations where TLS is not enabled for a registry, users may now turn off the option to check TLS certificates and use HTTP rather than HTTPS to pull images using skopeo. It is advised to not use this flag for untrusted registries and only use it for registries hosted locally to testing or debugging. This option is also added for the `debug` sub-command. Fixes #1121 and #1087 Signed-off-by: Nisha K <[email protected]>

meriouma mentioned this issue Feb 14, 2022

feat: run tern and publish the results to Dependency Track equisoft-actions/docker-sbom#1

Merged

nishakm added the bug Something went wrong label Feb 15, 2022

nishakm added this to the Beta Release milestone Feb 15, 2022

nishakm self-assigned this Feb 17, 2022

nishakm mentioned this issue Feb 18, 2022

Allow explicitly turning off src-tls-verify #1127

Merged

rnjudge closed this as completed in #1127 Feb 23, 2022

rnjudge mentioned this issue Apr 27, 2022

Tern Docker image: Pulling images from private registry #1160

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

skopeo doesn't seem to use Docker image cache when running in container #1121

skopeo doesn't seem to use Docker image cache when running in container #1121

meriouma commented Feb 11, 2022 •

edited

Loading

nishakm commented Feb 18, 2022

nishakm commented Feb 18, 2022

skopeo doesn't seem to use Docker image cache when running in container #1121

skopeo doesn't seem to use Docker image cache when running in container #1121

Comments

meriouma commented Feb 11, 2022 • edited Loading

nishakm commented Feb 18, 2022

nishakm commented Feb 18, 2022

meriouma commented Feb 11, 2022 •

edited

Loading