Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"vexctl filter - vex.csaf.json" requires me an authnetication to docker hub even I have already been authenticated. #295

Open
hisashiyamaguchi opened this issue Jan 8, 2025 · 0 comments
Open

"vexctl filter - vex.csaf.json" requires me an authnetication to docker hub even I have already been authenticated. #295

hisashiyamaguchi opened this issue Jan 8, 2025 · 0 comments

Comments

@hisashiyamaguchi
Copy link

I'm testing vexctl command with trivy, and getting an authneticatikn error even I have already been authenticated to docker hub. Here comes the output. Any ideas?

$ uname -a
Darwin xxxx 24.2.0 Darwin Kernel Version 24.2.0: Fri Dec 6 19:02:41 PST 2024; root:xnu-11215.61.5~2/RELEASE_ARM64_T6030 arm64

$ trivy image nginx -s CRITICAL --format=sarif | vexctl filter - vex.csaf.json
2025-01-08T14:11:03+09:00 INFO [vuln] Vulnerability scanning is enabled
2025-01-08T14:11:03+09:00 INFO [secret] Secret scanning is enabled
2025-01-08T14:11:03+09:00 INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-01-08T14:11:03+09:00 INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.58/docs/scanner/secret#recommendation for faster secret detection
2025-01-08T14:11:03+09:00 INFO Detected OS family="debian" version="12.8"
2025-01-08T14:11:03+09:00 INFO [debian] Detecting vulnerabilities... os_version="12" pkg_num=149
2025-01-08T14:11:03+09:00 INFO Number of language-specific files num=0
2025-01-08T14:11:03+09:00 WARN Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.58/docs/scanner/vulnerability#severity-selection for details.
Error: opening vex.csaf.json: opening vex data from vex.csaf.json: fetching attached attestation: GET https://index.docker.io/v2/library/vex.csaf.json/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/vex.csaf.json Type:repository]]
Usage:
vexctl filter [flags]

Flags:
--format string format of the vex document (vex | csaf | cyclonedx) (default "vex")
-h, --help help for filter
--product strings IDs of products in a CSAF document to VEX (defaults to first one found)

Global Flags:
--log-level string the logging verbosity, either 'panic', 'fatal', 'error', 'warning', 'info', 'debug', 'trace' (default "info")

FATA opening vex.csaf.json: opening vex data from vex.csaf.json: fetching attached attestation: GET https://index.docker.io/v2/library/vex.csaf.json/manifests/latest: UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/vex.csaf.json Type:repository]]

$ docker info
Client:
Version: 27.3.1
Context: desktop-linux
Debug Mode: false
Plugins:
ai: Ask Gordon - Docker Agent (Docker Inc.)
Version: v0.1.0
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-ai
buildx: Docker Buildx (Docker Inc.)
Version: v0.18.0-desktop.2
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.30.3-desktop.1
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-compose
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.37
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-debug
desktop: Docker Desktop commands (Alpha) (Docker Inc.)
Version: v0.0.15
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-desktop
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.2
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.27
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-extension
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.5
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-feedback
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.4.0
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-sbom
scout: Docker Scout (Docker Inc.)
Version: v1.15.0
Path: /Users/hyamaguchi/.docker/cli-plugins/docker-scout

Server:
Containers: 53
Running: 42
Paused: 0
Stopped: 11
Images: 30
Server Version: 27.3.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
runc version: v1.1.13-0-g58aa920
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 6.10.14-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 12
Total Memory: 7.653GiB
Name: docker-desktop
ID: 72331279-ed8e-4de1-b8ae-39772e1e5bb3
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=unix:///Users/hyamaguchi/Library/Containers/com.docker.docker/Data/docker-cli.sock
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false

WARNING: daemon is not using the default seccomp profile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hisashiyamaguchi