Scanning Podman built container images

Troubleshoot errors while scanning container images built using Podman

To successfully run endorctl scans on a container image built using Podman, use the following instructions:

Build the image using the following command. This command builds a container image and tags it with the label test:latest.
```
   podman build -t test:latest
```
After building the image, confirm the target registry by running the following command. Podman automatically adds localhost as the target registry for this image.
```
   podman image ls
```
Before scanning the image with endorctl, sign in to the target registry where the image is stored.
Check if there is a registry running at localhost.
If a registry is not running at localhost, then you must re-tag the image to a reachable registry, using the following command. Replace <reachable-registry> with the actual URL of an accessible registry.
```
   podman tag test:latest <reachable-registry>/test:latest
```
Sign in to the reachable registry using any container runtime. Now you can run the endorctl scan. Targeting a reachable registry lets you locate the image manifest and download all required layer blobs for vulnerability analysis.

Feedback

Was this page helpful?

Thanks for the feedback. Write to us at [email protected] to tell us more.