Rancher Desktop: error on scanning images built locally or pulled from private registry

1

Hello again,

I’m running Rancher Desktop 1.6.0 on MacBook. I want to scan an image that has been built locally (with nerdctl), but I receive the following error:

[31mFATAL[0m image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 4 errors occurred:

  • unable to inspect the image (nginx-helloworld:latest): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
  • unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
  • failed to initialize a containerd client: failed to dial “/run/k3s/containerd/containerd.sock”: connection error: desc = “transport: error while dialing: dial unix /run/k3s/containerd/containerd.sock: connect: permission denied”
  • GET https:// index.docker. io/v2/library/nginx-helloworld/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/nginx-helloworld Type:repository]]

The same situation if I try to scan an image pulled from my company’s private registry:

[31mFATAL[0m image scan error: scan error: unable to initialize a scanner: unable to initialize a docker scanner: 4 errors occurred:

  • unable to inspect the image (artifactory.mycompany. com/images/hello-app:v0.0.1): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
  • unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
  • failed to initialize a containerd client: failed to dial “/run/k3s/containerd/containerd.sock”: connection error: desc = “transport: error while dialing: dial unix /run/k3s/containerd/containerd.sock: connect: permission denied”
  • GET https:// artifactory.mycompany. com/v2/images/hello-app/manifests/v0.0.1: UNAUTHORIZED: The client does not have permission for manifest; map[manifest:hello-app/v0.0.1/manifest.json]

I found this issue (still open): Trivy: Image scanning doesn't appear to use local images · Issue #539 · rancher-sandbox/rancher-desktop · GitHub
Is there any possibility of scanning a locally built image with nerdctl and an image pulled from a private registry? If not, this is a severe blocker in adopting Rancher Desktop as a local Kubernetes development.

Thank you!

2

The only solution that I’ve found for scanning the locally built images: tag the image, push it in a public docker hub repository, then scan the image (from GUI or from cli, using the trivy command).

It seems that there is no other way to scan a locally built image that is not pushed in the docker registry.

Feel free to come up with other solutions.