Skip to content

Running CVE scans with multiple instances of docker scout CLI simultaneously results in cache errors in v1.19.0 #210

Open
Open
Running CVE scans with multiple instances of docker scout CLI simultaneously results in cache errors in v1.19.0#210
@fildawtraveltime

Description

@fildawtraveltime
fildawtraveltime
opened on Jan 12, 2026

When running cve scans for images' archives with multiple instances of docker scout CLI v1.19.0 in the same time, some runs fail with the following error:

ERROR   failed to index image: failed to initialize cache: cache may be in use by another process: timeout

This happen even when using different cache dirs for different processes (cache isolation issue?)

NOTE: This error does not happen when using docker scout CLI v1.18.4

Script to reproduce:

#!/usr/bin/env bash

# Provide path to docker scout binary as the first argument for this script
docker_scout=$1

# Create a temporary Docker config just for this test and put the plugin there.
# This is just to simply test arbitrary versions of Docker Scout without affecting actual installation
DOCKER_CONFIG="$(mktemp -d)"
trap 'rm -rf "$DOCKER_CONFIG"' EXIT
export DOCKER_CONFIG
# Copy the user's docker config as well for login details.
cp $HOME/.docker/config.json $DOCKER_CONFIG/config.json
mkdir -p "$DOCKER_CONFIG/cli-plugins"
cp "$docker_scout" "$DOCKER_CONFIG/cli-plugins/docker-scout"
chmod +x "$DOCKER_CONFIG/cli-plugins/docker-scout"

# Some popular images from Dockerhub as an example
docker pull traefik:latest
docker pull postgres:latest
docker save traefik > traefik.tar
docker save postgres > postgres.tar

docker scout version

# We are running scans for the same images in a loop here, but the error also occurs when running scans for different images every time
for try in {1..5} ; do
  cache1="$(mktemp -d)/scout_cache"
  echo "Using cache $cache1"
  DOCKER_SCOUT_CACHE_DIR="$cache1" docker scout cves --only-severity "critical" --exit-code --locations archive://traefik.tar &
  
  cache2="$(mktemp -d)/scout_cache"
  echo "Using cache $cache2"
  DOCKER_SCOUT_CACHE_DIR="$cache2" docker scout cves --only-severity "critical" --exit-code --locations archive://postgres.tar &
done
wait
rm traefik.tar postgres.tar

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions