'Issues with running trivy scan on docker - Azure DevOps

New to trivy and relatively new to docker images also. I have an existing pipeline which runs a build and push of a docker image using docker compose. Once the task completes, I can see the docker image pushed onto azure container registry. The issue I have right now is that I cannot get trivy to scan the image, it could also be that i am missing a critical element.

Here is the pipeline in a nutshell.

steps:
- task: DockerCompose@0
  displayName: 'Build service image'
  inputs:
    azureSubscription: 'Azure subscription 1 (xxxxxx-xxxxx-xxxxxxx-xxxxx)'
    azureContainerRegistry: '{"loginServer":"acrr2n0.azurecr.io", "id" : "/subscriptions/xxxxxx-xxxxx-xxxxxxx-xxxxx/resourceGroups/rg_dev/providers/Microsoft.ContainerRegistry/registries/acrdev01"}'
    dockerComposeFileArgs: |
    projectName: '$(Build.Repository.Name)_test'
    action: 'Build services'
    additionalImageTags: '$(Build.BuildId)'
  enabled: false


steps:
- task: DockerCompose@0
  displayName: 'Push Image'
  inputs:
    azureSubscription: 'Azure subscription 1 (xxxxxx-xxxxx-xxxxxxx-xxxxx)'
    azureContainerRegistry: '{"loginServer":"acrdev01.azurecr.io", "id" : "/subscriptions/xxxxxx-xxxxx-xxxxxxx-xxxxx/resourceGroups/rg_dev/providers/Microsoft.ContainerRegistry/registries/acrdev01"}'
    projectName: '$(Build.Repository.Name)_test'
    action: 'Push services'
    additionalImageTags: '$(Build.BuildId)'
  enabled: false


steps:
- script: |
       sudo apt-get install rpm
       wget https://github.com/aquasecurity/trivy/releases/download/v$(trivyVersion)/trivy_$(trivyVersion)_Linux-64bit.deb
       sudo dpkg -i trivy_$(trivyVersion)_Linux-64bit.deb
       trivy -v
  displayName: 'Download and install Trivy'


steps:
- script: |
   echo "$(Build.BuildId)"
   echo "$(System.DefaultWorkingDirectory)"
   echo "$(Build.Repository.Name)_test"
   trivy -v
   trivy image python:3.4-alpine
   trivy image container_registry_name.azurecr.io/repository_name:tag
  displayName: 'Run trivy scan'

On ACR, I can see the docker images.

running the following works trivy image python:3.4-alpine but that is not what I want to achieve, I want to scan the docker image already in ACR or going into ACR.

Running trivy image container_registry_name.azurecr.io/repository_name:tag gives me the error message.

* unable to inspect the image (container_registry_name.azurecr.io/repository_name:tag:1948): Error: No such image: container_registry_name.azurecr.io/repository_name:tag:1948 * GET https://acr_container_registry.azurecr.io/oauth2/token?scope=repository%3Arepository_name%3Apull&service=acr_container_registry.azurecr.io: UNAUTHORIZED: authentication required, visit https://aka.ms/acr/authorization for more information.

dockerdocker-composeazure-container-registry


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

docker image - merged/diff/work/LowerDir components of GraphDriver

docker image - merged/diff/work/LowerDir components of GraphDriver

In docker-compose, is it possible to reuse volume configuration between services?

Installing imagemagick in docker container

How to set docker container name in Pycharm Docker Interpreter

Docker. Communication between Laravel containers

E: Package 'mysql-client' has no installation candidate in php-fpm image build using docker compose

M1 chip, Install Puppeteer in Docker NodeJs, The chromium binary is not available for arm64

How do I configure "ulimits" for a Docker container running in AWS ECS?

Travis-ci installs packages from requirements.txt file automatically

How critical is dumb-init for Docker?

docker build failed after pip installed requirements with exit code 137

Error with docker and react, digital envelope routines::unsupported

npm ERR! Tracker "idealTree" already exists while creating the Docker image for Node project

How to access gradle test reports from a docker container