Problem:

When executing a scanner-CLI container, INFO level logging is often provided in the output. This can be a problem for automated processes that are expecting a JSON output only.


docker run --rm -it  --privileged  -v /var/run/docker.sock:/var/run/docker.sock aquasec/scanner-cli:4.0 --user aqua-user --password aqua-password --host http(s)://URL:port scan --local ubuntu:latest




2018-05-01 17:58:53.176 INFO Inspecting image... {"registry": "Docker Hub", "image": "ubuntu:latest"}
2018-05-01 17:58:53.184 INFO Getting image history... {"registry": "Docker Hub", "image": "ubuntu:latest"}
2018-05-01 17:58:53.265 INFO Calculating image digest... {"registry": "Docker Hub", "image": "ubuntu:latest", "analyzer_path": "/opt/aquasec/analyzer"}
2018-05-01 17:58:54.446 INFO Analyzing image... {"registry": "Docker Hub", "image": "ubuntu:latest", "analyzer_path": "/opt/aquasec/analyzer"}
2018-05-01 17:58:55.682 INFO Contacting CyberCenter... {"registry": "Docker Hub", "image": "ubuntu:latest"}
2018-05-01 17:58:56.085 INFO CyberCenter connection established {"registry": "Docker Hub", "image": "ubuntu:latest", "api_version": "4"}
2018-05-01 17:58:56.604 INFO Processing results... {"registry": "Docker Hub", "image": "ubuntu:latest"}
2018-05-01 17:58:56.605 INFO    Applying image assurance policies...    {"registry": "Docker Hub", "image": "ubuntu:latest"}



Solution:

This is caused primarily by the -t flag associated with the Docker Run Command.  By removing the -t flag, you will only receive the JSON output from the scan results. With the -t flag removed, you can split the STDERR & STDOUT by leveraging 2>/dev/null at the end of your command.


docker run --rm -i  --privileged  -v /var/run/docker.sock:/var/run/docker.sock aquasec/scanner-cli:4.0 --user aqua-user --password aqua-password --host http(s)://URL:port scan --local ubuntu:latest 2>/dev/null
{
  "image": "ubuntu:latest",
  "scan_started": {
    "seconds": 1525445582,
    "nanos": 14137736
  .......}