Running CVE scans with multiple instances of docker scout CLI simultaneously results in cache errors in v1.19.0 #210
Description
When running cve scans for images' archives with multiple instances of docker scout CLI v1.19.0 in the same time, some runs fail with the following error:
ERROR failed to index image: failed to initialize cache: cache may be in use by another process: timeout
This happen even when using different cache dirs for different processes (cache isolation issue?)
NOTE: This error does not happen when using docker scout CLI v1.18.4
Script to reproduce:
#!/usr/bin/env bash
# Provide path to docker scout binary as the first argument for this script
docker_scout=$1
# Create a temporary Docker config just for this test and put the plugin there.
# This is just to simply test arbitrary versions of Docker Scout without affecting actual installation
DOCKER_CONFIG="$(mktemp -d)"
trap 'rm -rf "$DOCKER_CONFIG"' EXIT
export DOCKER_CONFIG
# Copy the user's docker config as well for login details.
cp $HOME/.docker/config.json $DOCKER_CONFIG/config.json
mkdir -p "$DOCKER_CONFIG/cli-plugins"
cp "$docker_scout" "$DOCKER_CONFIG/cli-plugins/docker-scout"
chmod +x "$DOCKER_CONFIG/cli-plugins/docker-scout"
# Some popular images from Dockerhub as an example
docker pull traefik:latest
docker pull postgres:latest
docker save traefik > traefik.tar
docker save postgres > postgres.tar
docker scout version
# We are running scans for the same images in a loop here, but the error also occurs when running scans for different images every time
for try in {1..5} ; do
cache1="$(mktemp -d)/scout_cache"
echo "Using cache $cache1"
DOCKER_SCOUT_CACHE_DIR="$cache1" docker scout cves --only-severity "critical" --exit-code --locations archive://traefik.tar &
cache2="$(mktemp -d)/scout_cache"
echo "Using cache $cache2"
DOCKER_SCOUT_CACHE_DIR="$cache2" docker scout cves --only-severity "critical" --exit-code --locations archive://postgres.tar &
done
wait
rm traefik.tar postgres.tar