|
12 | 12 |
|
13 | 13 | Your scan may time out. Java takes a particularly long time to scan. Try increasing the value of the ---timeout option such as `--timeout 15m`. |
14 | 14 |
|
| 15 | +### Unable to initialize an image scanner |
| 16 | + |
| 17 | +!!! error |
| 18 | + ```bash |
| 19 | + $ trivy image ... |
| 20 | + ... |
| 21 | + 2024-01-19T08:15:33.288Z FATAL image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: 4 errors occurred: |
| 22 | + * docker error: unable to inspect the image (ContainerImageName): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? |
| 23 | + * containerd error: containerd socket not found: /run/containerd/containerd.sock |
| 24 | + * podman error: unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory |
| 25 | + * remote error: GET https://index.docker.io/v2/ContainerImageName: MANIFEST_UNKNOWN: manifest unknown; unknown tag=0.1 |
| 26 | + ``` |
| 27 | + |
| 28 | +It means Trivy is unable to find the container image in the following places: |
| 29 | + |
| 30 | +* Docker Engine |
| 31 | +* containerd |
| 32 | +* Podman |
| 33 | +* A remote registry |
| 34 | + |
| 35 | +Please see error messages for details of each error. |
| 36 | + |
| 37 | +Common mistakes include the following, depending on where you are pulling images from: |
| 38 | + |
| 39 | +#### Common |
| 40 | +- Typos in the image name |
| 41 | + - Common mistake :) |
| 42 | +- Forgetting to specify the registry |
| 43 | + - By default, it is considered to be Docker Hub ( `index.docker.io` ). |
| 44 | + |
| 45 | +#### Docker Engine |
| 46 | +- Incorrect Docker host |
| 47 | + - If the Docker daemon's socket path is not `/var/run/docker.sock`, you need to specify the `--docker-host` flag or the `DOCKER_HOST` environment variable. |
| 48 | + The same applies when using TCP; you must specify the correct host address. |
| 49 | + |
| 50 | +#### containerd |
| 51 | +- Incorrect containerd address |
| 52 | + - If you are using a non-default path, you need to specify the `CONTAINERD_ADDRESS` environment variable. |
| 53 | + Please refer to [this documentation](../target/container_image.md#containerd). |
| 54 | +- Incorrect namespace |
| 55 | + - If you are using a non-default namespace, you need to specify the `CONTAINERD_NAMESPACE` environment variable. |
| 56 | + Please refer to [this documentation](../target/container_image.md#containerd). |
| 57 | + - |
| 58 | +#### Podman |
| 59 | +- Podman socket configuration |
| 60 | + - You need to enable the Podman socket. Please refer to [this documentation](../target/container_image.md#podman). |
| 61 | + |
| 62 | +#### Container Registry |
| 63 | +- Unauthenticated |
| 64 | + - If you are using a private container registry, you need to authenticate. Please refer to [this documentation](../advanced/private-registries/index.md). |
| 65 | +- Using a proxy |
| 66 | + - If you are using a proxy within your network, you need to correctly set the `HTTP_PROXY`, `HTTPS_PROXY`, etc., environment variables. |
| 67 | +- Use of a self-signed certificate in the registry |
| 68 | + - Because certificate verification will fail, you need to either trust that certificate or use the `--insecure` flag (not recommended in production). |
| 69 | + |
15 | 70 | ### Certification |
16 | 71 |
|
17 | 72 | !!! error |
|
0 commit comments