Skip to content

fix: use docker driver for Buildx in cve-scan workflow#245

Open
rdark wants to merge 1 commit intoory:masterfrom
rdark:fix/cve-scan-buildx-driver
Open

fix: use docker driver for Buildx in cve-scan workflow#245
rdark wants to merge 1 commit intoory:masterfrom
rdark:fix/cve-scan-buildx-driver

Conversation

@rdark
Copy link

@rdark rdark commented Feb 26, 2026

Summary

  • The default driver used by stores built images inside the Buildx builder container rather than the local
    Docker daemon. This causes downstream scanners (notably Kubescape) to fail because they cannot resolve the image.
  • Setting keeps the built image in the local daemon where all scanners can access it.

Example failure from : https://github.com/ory/oathkeeper/actions/runs/22443585810/job/64992030672?pr=1259

@rdark
fix: use docker driver for Buildx in cve-scan workflow
7d3309a 
The default docker-container driver used by setup-buildx-action stores
built images inside the Buildx builder container rather than the local
Docker daemon. This causes downstream scanners (notably Kubescape) to
fail because they cannot find the image.

Setting driver: docker keeps the built image in the local daemon where
all scanners can access it.
@rdark rdark mentioned this pull request Feb 28, 2026
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rdark