Help
Lacework
Access helpful articles and other FAQs on Lacework
Kate_M
Community Manager
Community Manager

Created on ‎08-19-2024 02:37 AM Edited on ‎08-19-2024 02:46 AM

Article Id 334273

'Could Not Connect to Docket Daemon' with K8S runners using Lacework inline scanner in GitLab pipeline

Description 'Could Not Connect to Docket Daemon' with K8S runners using Lacework inline scanner in GitLab pipeline
Scope Running GitLab with and using our inline scanner within a CI/CD pipeline
Solution

You are deploying our inline scanner to a build pipeline in gitlab, running the job fails with the following error when using Kubernetes runners:

ERROR: Error while scanning image: No docker image found.

To verify the issue, please amend the following line in your pipeline 

   - ./lw-scanner image evaluate image_name tag

And add the following 

   - ./lw-scanner image evaluate image_name tag --debug

You will now see the following error

[WARNING]:   2023-11-09 14:24:59 - Not able to fetch image metadata. Please check image name and tag information. Pulling the image.
[DEBUG]:   2023-11-09 14:24:59 - Pulling image locally
Pulling image: [ERROR]:   2023-11-09 14:24:59 - Docker daemon is not running locally. The Lacework Inline scanner requires access to the docker daemon to scan images.
[DEBUG]:   2023-11-09 14:24:59 - Docker pull failed
[DEBUG]:   2023-11-09 14:24:59 - Scanned image with registry:  name:  tag:  digest:  id:

Also verify the runner is a Kubernetes type runner, to do this, go to the jobs page in Gitlab and look at the first few lines of the job log, you should see the executor type set to Kubernetes.

 

 

Environment

 

Resolution

The issue here is a problem with the docker in docker (dind) service that GitLab provides where by it doesn’t come online in time for it to be used by the build job. To remedy this we can add a before script which will loop until the docker daemon is available - here is an example pipeline YAML

default:
    image: docker:24.0.5
    services:
      - docker:24.0.5-dind
    before_script:
      - until docker info; do sleep 5; done 

variables:
    # When using dind service, you must instruct Docker to talk with
    # the daemon started inside of the service. The daemon is available
    # with a network connection instead of the default
    # /var/run/docker.sock socket.
    DOCKER_HOST: tcp://docker:2375
    #
    # The 'docker' hostname is the alias of the service container as described at
    # https://docs.gitlab.com/ee/ci/services/#accessing-the-services.
    # If you're using GitLab Runner 12.7 or earlier with the Kubernetes executor and 
      Kubernetes 1.6 or earlier,
    # the variable must be set to tcp://localhost:2376 because of how the
    # Kubernetes executor connects services to the job container
    # DOCKER_HOST: tcp://localhost:2376

 
58
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.