Scan docker images with Trivy from within a docker container

Problem

I would like to do the following:

1. Create an image with Trivy and Docker installed
2. Run the container on Kubernetes
3. Schedule a CRON job to pull all images from a container registry and to scan them, and output the results to stdout

Question

Is there a smart way to do this? Can you even install docker within a docker container?

I ended up doing the following:

1. Creating an image with Trivy and Skopeo installed
2. Downloading the docker images with Skopeo
   • skopeo copy --src-creds=user:password --dest-compress --src-tls-verify=false docker://myrepo.com/mynamespace/ubuntu:latest oci:ubuntu
3. Scanning the image
   • trivy image --input ubuntu

An alternative to Skopeo would be to use the Registry HTTP API to download images as suggested by David Maze.