Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Could not analyze layer: POST to Clair failed Post http://127.0.0.1:6060/v1/layers: dial tcp 127.0.0.1:6060: getsockopt: connection refused #61

Open
Saurabh-16 opened this issue Jun 9, 2021 · 2 comments

Comments

@Saurabh-16
Copy link

We are running clair scanner to run security scan on our docker images.
The clair scanner runs inside a travis build and in our case both clair scanner and clair runs on same machine that is launched by travis.

However , we see following issue intermittently in some of the travis build run:-

8.98s$ clair-scanner -w tests/cve-scan-whitelist.yaml -c "http://127.0.0.1:6060" --threshold="High" --ip "$(ip -4 addr show docker0 | grep -oP '(?<=inet\s)\d+(.\d+){3}')" $IMAGE_NAME:latest
2021/06/09 01:28:57 [INFO] ▶ Start clair-scanner
2021/06/09 01:29:06 [INFO] ▶ Server listening on port 9279
2021/06/09 01:29:06 [INFO] ▶ Analyzing cbb111c748af833f9ef620afd2320b662c7a04b0e3cf08caf4e4f25af031892b
2021/06/09 01:29:06 [CRIT] ▶ Could not analyze layer: POST to Clair failed Post http://127.0.0.1:6060/v1/layers: dial tcp 127.0.0.1:6060: getsockopt: connection refused
The command "clair-scanner -w tests/cve-scan-whitelist.yaml -c "http://127.0.0.1:6060" --threshold="High" --ip "$(ip -4 addr show docker0 | grep -oP '(?<=inet\s)\d+(.\d+){3}')" $IMAGE_NAME:latest" exited with 1.

This issue is very intermittent and sometimes build will pass without any issues. Is there any issue with --ip I am giving.
I tried passing --ip "$(hostname -i)" , but still gets same issue.

Below are complete set of commands we have defined in .travis.yml

@Dung828
Copy link

Dung828 commented Mar 27, 2022

Many thanks for who built clair-scanner. I have finally installed it on my AWS Linux EC2 server 10gb. This is for my Securecode assessment. I have found the arminc/clair-local-scan is gone from "sudo docker container ls" after maybe around 5 minutes. So its current container id needs to be removed and run again -
docker run -p 6060:6060 --link clair-db:postgres -d --name clair arminc/clair-local-scan.
Then run "./clair-scanner ....... ". I don't know why it is gone after 5 minutes .

@arminc
Copy link
Owner

arminc commented Mar 28, 2022

Have you checked the logs to see if the container crashed because of an issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants