jsotiro / docker-multiscan Goto Github PK

You wrote

It has been used/tested on

• WSL2 on Windows 10 pro

How so? Neither installing it normally nor using Docker Desktop adds the network bridge "docker0" and therefore clair fails because it can't find the ip.

Furthermore I noticed on the first scan it loaded a 7gb anchor image. Why isn't this in the install-scanners.sh instead?

Several fixes (no time for a pr currently)

• requirements.txt is missing requests
• install-scanners.sh is missing #!/bin/bash or else the script fails because [[ ]] is a bash thing and not every shell supports it OR change the readme to bash install-scanners.sh

EDIT: setting the correct WSL gateway (this is still host.docker.internal or gateway.docker.internal for WSL, see Use cases and workarounds)

elif [[ "$(uname -r | sed -n 's/.*\( *microsoft *\).*/\1/pI')" == "microsoft"* ]]; then
LOCALHOST=host.docker.internal

But I still get the error Could not analyze layer: Clair responded with a failure: Got response 400 with message {"Error":{"Message":"could not find layer"}}

EDIT: I scanned a remote image and with anchore-inline only and the following command python dmscan.py -i docker.internal.net/org/image:0.1"

Result: it is saving the output as "image_0.1-[...].json" but you are looking for the report "org_0.1-vuln.json"

You mess up for image_author and image_name
Lets say its docker.internal.net/org/image:0.1 the result will be

• image_author = docker.internal.net
• image_name = org
• image_tag = 0.1

Expected

• image_author = docker.internal.net or org
• image_name = image
• image_tag = 0.1

How to fix? With negative indexing!

if "/" in main:
    author = temp_name[-2]
    name = temp_name[-1]

Installing snyx from ./install_scanners.sh requires sudo or it will fail since it is trying to do a system wide install.