Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Installing docker scan for bitbucket pipelines ?

Ritesh Thakur
Ritesh Thakur Feb 28, 2023
I have a bitbucket-pipeline where after I build an image, I want to then run a scan. I am aware of the tool Snyk but in this case I want to run with a cheaper service i.e. docker's native scan. Problem however now is, that when I run following I get "docker: 'scan' is not a docker command." error. Is there a way to install docker scan in bitbucket pipeline ? "apt get" commands from following script yield "bash: apt: command not found". Can someone help me please ?

deployment: Test
services:
  - docker
caches:
  - pip
script:
  - cd .
  - export IMAGE_NAME="ABC"
  - export IMAGE_NAME_EXTENSION="latest"
  - VERSION=$(<version.txt)
  - docker build -t $IMAGE_NAME .
  - docker login -u $DOCKER_USERNAME -p $DOCKER_ACCESS_TOKEN
  - apt update && apt install -y docker-scan-plugin
  - docker scan $IMAGE_NAME:$IMAGE_NAME_EXTENSION
Answer
Watch
Like Be the first to like this
576 views

1 answer

1 accepted

0 votes
Answer accepted
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Mar 02, 2023

Hello @Ritesh Thakur ,

Thank you for reaching out to Community!

The docker scan is indeed a plugin and it needs to be installed separately as it does not come with the standard docker cli. It's important to note that according to docker's official documentation, the docker scan command is deprecated.

However, if you still want to use it, the way you install it very depends on the image you are using. The docker images are usually based on Linux distributions, and each Linux distribution can come with a different package manager. For example, Debian-based distributions comers with apt, while Fedora has dnf and alpine-based Linux has apk.

The error you received bash: apt: command not found is likely because the image you are using is based in a Linux distribution that does not use apt as the package manager, so bash is not able to find the command. You can find the linux distribution used by your image using the following command : 

cat /etc/*-release

Then you can use the corresponding package manager to install docker scan. In case you are not able to install it using a package manager, you can try installing it manually following the instruction of docker scan official documentation.

Hope that helps! 

Thank you, @Ritesh Thakur !

Patrik S

View More Comments
Ritesh Thakur
Ritesh Thakur Mar 02, 2023 • edited

Thanks for response Patrik. Noted.

Like
Ritesh Thakur
Ritesh Thakur Mar 02, 2023 • edited

"docker scan" indeed is discontinues but with newer CLI 4.17.0, they have rolled out "docker scout". I think somewhere bitbucket has to update Docker CLI so that when I use "Docker" as a "Service" in my pipeline, bitbucket-pipeline is able to access scout command. Thoughts ?

The reason I think is this, when I run "docker --version" on pipelines, I see: Docker version 20.10.18, build b40c2f6 vs when I run it on my local machine where "docker scout" works, I see: Docker version 20.10.23, build 7155243

Another reason is, that when I run "docker --help" on pipelines, I don't see "scout" as a command under "Management Commands". What bothers me is that "scout" is not listed as a blocked command here. Attaching 2 pictures where you can see that Docker CLI on local machine supports scout or scan vs on Bitbucket it doesn't. (docker_help_local is local machine's screenshot and docker_help_bb is Bitbucket's screenshot)

I think capability to run "docker scout" to scan the docker image built during deployment, is a necessity. Can you look into this please docker_help_bb.PNGdocker_help_local.PNG

Like
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Mar 06, 2023

Hello @Ritesh Thakur ,

It seems like the Docker scout is still in the early adopter phase and it currently comes just with Docker Desktop installation, but not with Docker engine CLI (which is used in pipelines). I went ahead and created a feature request to add support for docker scout in pipelines, which you can find in the link below : 

I would suggest you to add your vote there, since this helps both developers and product managers to understand the interest. Also, make sure you add yourself as a watcher in case you want to receive first-hand updates from that ticket. Please note that all features are implemented with this policy in mind.

Thank you, @Ritesh Thakur !

Patrik S

Like Ritesh Thakur likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events