This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Scanning podman built container images

Troubleshoot errors while scanning container images built using Podman

To successfully run endorctl scans on a container image built using Podman, use the following instructions:

  1. Build the image using the following command. This command builds a container image and tags it with the label test:latest.
     podman build -t test:latest
  1. After building the image, confirm the target registry by running the following command. Podman automatically adds localhost as the target registry for this image.
     podman image ls

  1. Before scanning the image with endorctl, sign in to the target registry where the image is stored.

  2. Check if there is a registry running at localhost.

  3. If a registry is not running at localhost, then you must re-tag the image to a reachable registry, using the following command. Replace <reachable-registry> with the actual URL of an accessible registry.

     podman tag test:latest <reachable-registry>/test:latest
  1. Sign in to the reachable registry using any container runtime. Now you can run the endorctl scan. Targeting a reachable registry lets you locate the image manifest and download all required layer blobs for vulnerability analysis.