I am trying to run docker scan against an image in my CircleCI build below is what my job and workflow looks like. This ends with an error: Failed to scan image "**/image:latest". Please make sure the image and/or repository exist, and that you are using the correct credentials. It seems like docker scan works fine if I first push my image to docker hub, then pull it as part of the docker-scan job. But the idea is that I would build my image, scan it, and if it was good then push it out. Any ideas on how to get this to work?
jobs:
build:
docker:
- image: cimg/base:2020.09
steps:
- checkout
- setup_remote_docker:
version: 20.10.2
- run:
name: docker login
command: |
docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
docker info
- run:
name: Build the docker image
command: |
docker build -t my/image:latest .
mkdir docker-cache
docker save -o docker-cache/image.tar my/image:latest
- persist_to_workspace:
root: .
paths:
- docker-cache
docker-scan:
machine:
image: ubuntu-2004:202104-01
steps:
- checkout
- attach_workspace:
at: .
- run:
name: docker login
command: |
docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
docker info
- run:
name: load
command: |
docker load < docker-cache/image.tar
- run:
name: docker scan
command: |
docker scan --accept-license my/image:latest
...
workflows:
version: 2
build_and_test:
jobs:
- build:
context: my-context
filters:
branches:
ignore:
- develop
- master
- docker-scan:
context: my-context
requires:
- build
filters:
branches:
ignore:
- develop
- master