We are trying to use the image scan inside azure pipelines based off the the examples in https://github.com/CrowdStrike/image-scan-example

When it comes to trying to get the image locally we get the following error

2022-09-28T11:57:18.4261750Z ##[section]Starting: Scan container-image
2022-09-28T11:57:18.4268475Z ==============================================================================
2022-09-28T11:57:18.4268813Z Task         : Command line
2022-09-28T11:57:18.4269170Z Description  : Run a command line script using Bash on Linux and macOS and cmd.exe on Windows
2022-09-28T11:57:18.4269498Z Version      : 2.201.1
2022-09-28T11:57:18.4269728Z Author       : Microsoft Corporation
2022-09-28T11:57:18.4270099Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/command-line
2022-09-28T11:57:18.4270522Z ==============================================================================
2022-09-28T11:57:18.5540733Z Generating script.
2022-09-28T11:57:18.5549051Z ========================== Starting Command Output ===========================
2022-09-28T11:57:18.5571342Z [command]/usr/bin/bash --noprofile --norc /home/vsts/work/_temp/18582713-5b44-4d90-b142-d7bde8b94fc6.sh
2022-09-28T11:57:20.7445712Z Defaulting to user installation because normal site-packages is not writeable
2022-09-28T11:57:21.2644039Z Collecting docker
2022-09-28T11:57:21.3613073Z   Downloading docker-6.0.0-py3-none-any.whl (147 kB)
2022-09-28T11:57:21.3876113Z      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 147.2/147.2 KB 6.6 MB/s eta 0:00:00
2022-09-28T11:57:21.5392196Z Collecting crowdstrike-falconpy
2022-09-28T11:57:21.5475037Z   Downloading crowdstrike_falconpy-1.2.2-py3-none-any.whl (394 kB)
2022-09-28T11:57:21.5862829Z      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 394.6/394.6 KB 10.8 MB/s eta 0:00:00
2022-09-28T11:57:21.5960817Z Requirement already satisfied: urllib3>=1.26.0 in /usr/lib/python3/dist-packages (from docker) (1.26.5)
2022-09-28T11:57:21.6324663Z Collecting websocket-client>=0.32.0
2022-09-28T11:57:21.6381679Z   Downloading websocket_client-1.4.1-py3-none-any.whl (55 kB)
2022-09-28T11:57:21.6426988Z      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 55.0/55.0 KB 22.5 MB/s eta 0:00:00
2022-09-28T11:57:21.6928060Z Collecting requests>=2.26.0
2022-09-28T11:57:21.6994239Z   Downloading requests-2.28.1-py3-none-any.whl (62 kB)
2022-09-28T11:57:21.7037331Z      ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 62.8/62.8 KB 18.9 MB/s eta 0:00:00
2022-09-28T11:57:21.7059894Z Requirement already satisfied: packaging>=14.0 in /usr/local/lib/python3.10/dist-packages (from docker) (21.3)
2022-09-28T11:57:21.7159145Z Requirement already satisfied: pyparsing!=3.0.5,>=2.0.2 in /usr/lib/python3/dist-packages (from packaging>=14.0->docker) (2.4.7)
2022-09-28T11:57:21.7225967Z Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests>=2.26.0->docker) (2020.6.20)
2022-09-28T11:57:21.7730720Z Collecting charset-normalizer<3,>=2
2022-09-28T11:57:21.7788036Z   Downloading charset_normalizer-2.1.1-py3-none-any.whl (39 kB)
2022-09-28T11:57:21.7835801Z Requirement already satisfied: idna<4,>=2.5 in /usr/lib/python3/dist-packages (from requests>=2.26.0->docker) (3.3)
2022-09-28T11:57:21.9875754Z Installing collected packages: websocket-client, charset-normalizer, requests, docker, crowdstrike-falconpy
2022-09-28T11:57:22.3064289Z Successfully installed charset-normalizer-2.1.1 crowdstrike-falconpy-1.2.2 docker-6.0.0 requests-2.28.1 websocket-client-1.4.1
2022-09-28T11:57:22.3916446Z Cloning into 'container-image-scan'...
2022-09-28T11:57:33.4252501Z DEBUG   Trying paths: ['/home/vsts/work/_temp/DockerConfig_1664366208760/config.json', '/home/vsts/.docker/config.json', '/home/vsts/.dockercfg']
2022-09-28T11:57:33.4254068Z DEBUG   Found file at path: /home/vsts/work/_temp/DockerConfig_1664366208760/config.json
2022-09-28T11:57:33.4254931Z DEBUG   Found 'auths' section
2022-09-28T11:57:33.4256097Z DEBUG   Found entry (registry='***', username='***')
2022-09-28T11:57:33.4394826Z DEBUG   http://localhost:None "GET /version HTTP/1.1" 200 907
2022-09-28T11:57:33.4418105Z DEBUG   Starting new HTTPS connection (1): api.eu-1.crowdstrike.com:443
2022-09-28T11:57:34.3193803Z DEBUG   https://api.eu-1.crowdstrike.com:443 "POST /oauth2/token HTTP/1.1" 308 0
2022-09-28T11:57:34.3217562Z DEBUG   Starting new HTTPS connection (1): api.us-2.crowdstrike.com:443
2022-09-28T11:57:35.2197684Z DEBUG   https://api.us-2.crowdstrike.com:443 "POST /oauth2/token HTTP/1.1" 201 1221
2022-09-28T11:57:35.2313146Z DEBUG   http://localhost:None "GET /v1.41/images/json?only_ids=0&all=0&filters=%7B%22reference%22%3A+%5B%22dashbordapi%3ABuild-52958%22%5D%7D HTTP/1.1" 200 3
2022-09-28T11:57:35.2320419Z INFO    Pulling container image: 'dashbordapi:Build-52958'
2022-09-28T11:57:35.2321232Z DEBUG   Looking for auth config
2022-09-28T11:57:35.2322237Z DEBUG   Looking for auth entry for 'docker.io'
2022-09-28T11:57:35.2322717Z DEBUG   No entry found
2022-09-28T11:57:35.2323040Z DEBUG   No auth config found
2022-09-28T11:57:36.6128990Z DEBUG   http://localhost:None "POST /v1.41/images/create?tag=Build-52958&fromImage=dashbordapi HTTP/1.1" 404 174
2022-09-28T11:57:36.6129662Z ERROR   Unknown error
2022-09-28T11:57:36.6130076Z Traceback (most recent call last):
2022-09-28T11:57:36.6130737Z   File "/home/vsts/.local/lib/python3.10/site-packages/docker/api/client.py", line 268, in _raise_for_status
2022-09-28T11:57:36.6131224Z     response.raise_for_status()
2022-09-28T11:57:36.6131821Z   File "/home/vsts/.local/lib/python3.10/site-packages/requests/models.py", line 1021, in raise_for_status
2022-09-28T11:57:36.6132337Z     raise HTTPError(http_error_msg, response=self)
2022-09-28T11:57:36.6133136Z requests.exceptions.HTTPError: 404 Client Error: Not Found for url: http+docker://localhost/v1.41/images/create?tag=Build-52958&fromImage=dashbordapi
2022-09-28T11:57:36.6133549Z 
2022-09-28T11:57:36.6133907Z The above exception was the direct cause of the following exception:
2022-09-28T11:57:36.6134134Z 
2022-09-28T11:57:36.6134409Z Traceback (most recent call last):
2022-09-28T11:57:36.6134953Z   File "/home/vsts/work/1/s/container-image-scan/cs_scanimage.py", line 359, in main
2022-09-28T11:57:36.6135391Z     scan_image.container_tag()
2022-09-28T11:57:36.6135954Z   File "/home/vsts/work/1/s/container-image-scan/cs_scanimage.py", line 82, in container_tag
2022-09-28T11:57:36.6136415Z     self.client.images.pull(local_tag)
2022-09-28T11:57:36.6136997Z   File "/home/vsts/.local/lib/python3.10/site-packages/docker/models/images.py", line 465, in pull
2022-09-28T11:57:36.6137459Z     pull_log = self.client.api.pull(
2022-09-28T11:57:36.6138024Z   File "/home/vsts/.local/lib/python3.10/site-packages/docker/api/image.py", line 429, in pull
2022-09-28T11:57:36.6138482Z     self._raise_for_status(response)
2022-09-28T11:57:36.6139089Z   File "/home/vsts/.local/lib/python3.10/site-packages/docker/api/client.py", line 270, in _raise_for_status
2022-09-28T11:57:36.6139996Z     raise create_api_error_from_http_exception(e) from e
2022-09-28T11:57:36.6140683Z   File "/home/vsts/.local/lib/python3.10/site-packages/docker/errors.py", line 39, in create_api_error_from_http_exception
2022-09-28T11:57:36.6141260Z     raise cls(e, response=response, explanation=explanation) from e
2022-09-28T11:57:36.6142493Z docker.errors.ImageNotFound: 404 Client Error for http+docker://localhost/v1.41/images/create?tag=Build-52958&fromImage=dashbordapi: Not Found ("pull access denied for dashbordapi, repository does not exist or may require 'docker login': denied: requested access to the resource is denied")
2022-09-28T11:57:36.6410309Z ##[error]Bash exited with code '10'.
2022-09-28T11:57:36.6442843Z ##[section]Finishing: Scan container-image

We ran the docker image command in previous step and can see the image shows as below

REPOSITORY                                               TAG           IMAGE ID       CREATED          SIZE
***/dashbordapi                                          Build-52958   549080671830   1 second ago     320MB

We did think it was weird that the repo had ***/ which this appears to be the way that Pipelines does it, I have tried specifying ***/ in the image name however that threw more errors

Thes step we have is as follows

- task: Docker@2
  displayName: 'Build Docker container'
  inputs:
    command: build
    Dockerfile: 'Dockerfile'
    containerRegistry: 'Azure Container Registry'
    repository: ${{ parameters.imageName }}
    tags: Build-$(Build.BuildId)
- script: |
    docker images --all
    echo $(CONTAINER_REPO)
    echo $(CONTAINER_TAG)
- script: |
    export FALCON_CLIENT_SECRET=$(FALCON_CLIENT_SECRET)
    export FALCON_CLIENT_ID=$(FALCON_CLIENT_ID)
    pip3 install docker crowdstrike-falconpy
    if [ ! -d container-image-scan ] ; then
      git clone https://github.com/crowdstrike/container-image-scan
    fi
    python3 container-image-scan/cs_scanimage.py --log-level DEBUG
  displayName: 'Scan container-image'

--skip-push needs to be documented to explain what the purpose is

Environment variables for the values cloud and tag do not overwrite the default value defined in def parse_args()

This can be verified by printing the contents of the variables in main when using environment variables.

This can be remedied by either commenting the line 267, removing the required from the parameter or removing the default value.

Please provide an option to pass or fail based on policy and the ability to pass a specific policy name/id to the script for assessment.. The cs_scanimage.py script is currently passing or failing based on score but we would like to use policies for assessment. We prefer policy over score for several reasons.

• Score is an arbitrary value that may not reflect the desired results.
• Multiple policies can be configured and applied on disparate subsets of our code.
• To provide Crowdstrike functionality to the appropriate stakeholders in the company we would like the CI/CD team to manage invocation of the image scan but would like the CISO org to manage the policy applied to the scans.

It's a priority 2 for us.

We're using script for image scanning. It's executed on pipeline agent( RedHat 8.5 with podman 3.3.1) and got following error:

podman.errors.exceptions.APIError: 400 Client Error: Bad Request (error pushing image "container-upload.us-1.crowdstrike.com/docker.io/library/python:slim": trying to reuse blob sha256:fd95118eade99a75b949f634a0994e0f0732ff18c2573fabdfc8d4f95b092f0e at destination: unable to retrieve auth token: invalid username/password: unauthorized)

I've attached details in this txt file for your reference.
27.txt

I've had a quick look, it seems a missing "auth_config" parameter in your "container_push" method??

podman-py lib ref:
https://github.com/containers/podman-py/blob/a174c43ea07c960cc11af8444ad7143094749246/podman/domain/images_manager.py#L187

Thanks!

BTW:
The client id and secret are available and have been verified.

Document the required api key permisions needed to run the script.

Falcon Container Image read & write

Currently cs_scanimage.py only provide a detailed report of relevant Vulnerabilities. The information in stdout is not intuitive or immediately meaningful to the user. A user generally will want to quickly see the counts of high, critical, low Vulnerabilities. When we use the tool in a CI/CD system we are forced to consume and parse the resultant JSON file and provide a summary. Users outside of the system will not have that luxury without distributing a wrapper to perform this trivial function. It would be good to have the count of Vulnerabilities returned from the script to stdout in a human readable form that is also easily to programmatically parse such as yaml, json, or toml.

It's a priority 3 for us.

Does the integration push results to the UI and are remediation steps made available?

Can we get the JSON report into SARIF format so that results can viewed under the "Security" tab on GitHub?

https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github

I would like to see if we can build tolerations for vulnerabilities into the cs_scanimage.py script.

The idea is that we count vulnerabilities based on severity in the code and only exit non-zero if the count does not meet this criteria. The idea would be to count Low, Medium, High and Critical and exit non-zero based on input arguments.

As an example the below would only fail if the count of High vulnerabilities was greater than or equal to 3.

cs_scanimage.py -hv 3

There should also be a way to allow for the script to return zero in any circumstance. At least perhaps we could use a high number on Critical to accomplish this..

i.e. cs_scanimage.py -hv 99

Or something to this extent.

• we are scanning these images (had no issue with older versions):

splunk/fluentd-hec: (Docker Hub ) 1.2.12 (fails scan)

splunk/k8s-metrics: (Docker Hub ) 1.1.12 (fails scan)

splunk/kube-objects: (Docker Hub ) 1.1.12 (fails scan)

• when getting report, it fails with:

INFO Authenticating with CrowdStrike Falcon API
INFO Downloading Image Scan Report
INFO Searching for vulnerabilities in scan report...
WARNING MEDIUM CVE-2022-1586 Vulnerability detected affecting pcre2-10.32-2.el8.src.rpm
WARNING MEDIUM CVE-2022-25313 Vulnerability detected affecting expat-2.2.5-4.el8_5.3.src.rpm
ERROR Unknown error
Traceback (most recent call last):
File "/home/vmadmin/agent/_work/228/blueprints/templates/steps/script/cs_scanimage.py", line 368, in main
f_vuln_score = int(scan_report.get_alerts_vuln())
File "/home/vmadmin/agent/_work/228/blueprints/templates/steps/script/cs_scanimage.py", line 181, in get_alerts_vuln
cvss_v3 = details.get('cvss_v3_score', {})
AttributeError: 'NoneType' object has no attribute 'get'
##[error]Bash exited with code '10'.

• seems details returned as None, was able to get working by adding condition:

λ git diff -r main
diff --git a/cs_scanimage.py b/cs_scanimage.py
index d97017e..c7a7172 100644
--- a/cs_scanimage.py
+++ b/cs_scanimage.py
@@ -181,11 +181,12 @@ class ScanReport(dict):
vuln = vulnerability['Vulnerability']
cve = vuln.get('CVEID', 'CVE-unknown')
details = vuln.get('Details', {})
- cvss_v3 = details.get('cvss_v3_score', {})
- severity = cvss_v3.get('severity')
- if severity is None:
- cvss_v2 = details.get('cvss_v2_score', {})
- severity = cvss_v2.get('severity')
+ if details is not None:
+ cvss_v3 = details.get('cvss_v3_score', {})
+ severity = cvss_v3.get('severity')
+ if severity is None:
+ cvss_v2 = details.get('cvss_v2_score', {})
+ severity = cvss_v2.get('severity')
if severity is None:
severity = details.get('severity', 'UNKNOWN')
product = vuln.get('Product', {})

• was able to get get pass and get severity:

WARNING MEDIUM CVE-2020-26137 Vulnerability detected affecting urllib3 1.24.2
WARNING MEDIUM CVE-2021-33503 Vulnerability detected affecting urllib3 1.24.2
INFO Searching for leaked secrets in scan report...
INFO Searching for malware in scan report...
INFO Searching for misconfigurations in scan report...
WARNING Alert: Misconfiguration found
ERROR Exiting: Vulnerability score threshold exceeded: '18700' out of '500'
##[error]Bash exited with code '1'.
Finishing: Crowdstrike image scanning

Hi! Its currently possible to exempt a CVE ID from the console, but those CVEs are still accounted for in the scoring of this script. Is it possible to modify it so we pull the CVE IDs that are exempted in the report and then add this block to get_alerts_vuln():

if cve in exemptedCVEs: critical_score = 0 high_score = 0 medium_score = 0 low_score = 0

This would let us manage whitelisted vulnerabilities or those that we accept risk for from the console while not impacting CI/CD workflows. The score for any whitelisted CVE would be set to 0 and not be a cause for deployment failure.

Expect:
The image scanning script should support Podman.

Problem:
We have an internal requirement that need to use Podman instead of Docker.

Run into below issue when switching to Podman:

[vmadmin@azlazdisp00002 ~]$ python3 container-image-scan/cs_scanimage.py -r "sb-1tier-sampleapp" -t "89924" -u 9e70b6f087444dc8b97129606a2107d9
ERROR Unknown error
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib64/python3.6/http/client.py", line 1269, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1315, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1264, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1040, in _send_output
self.send(msg)
File "/usr/lib64/python3.6/http/client.py", line 978, in send
self.connect()
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
sock.connect(self.unix_socket)
FileNotFoundError: [Errno 2] No such file or directory

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 638, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3.6/site-packages/urllib3/util/retry.py", line 368, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/usr/lib/python3.6/site-packages/urllib3/packages/six.py", line 692, in reraise
raise value.with_traceback(tb)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3.6/site-packages/urllib3/connectionpool.py", line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib64/python3.6/http/client.py", line 1269, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1315, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1264, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1040, in _send_output
self.send(msg)
File "/usr/lib64/python3.6/http/client.py", line 978, in send
self.connect()
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/transport/unixconn.py", line 30, in connect
sock.connect(self.unix_socket)
urllib3.exceptions.ProtocolError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/api/client.py", line 214, in _retrieve_server_version
return self.version(api_version=False)["ApiVersion"]
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/api/daemon.py", line 181, in version
return self._result(self._get(url), json=True)
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/utils/decorators.py", line 46, in inner
return f(self, *args, **kwargs)
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/api/client.py", line 237, in _get
return self.get(url, **self._set_request_timeout(kwargs))
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.6/site-packages/requests/adapters.py", line 498, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "container-image-scan/cs_scanimage.py", line 341, in main
client = docker.from_env()
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/client.py", line 101, in from_env
**kwargs_from_env(**kwargs)
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/client.py", line 45, in init
self.api = APIClient(*args, **kwargs)
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/api/client.py", line 197, in init
self._version = self._retrieve_server_version()
File "/home/vmadmin/.local/lib/python3.6/site-packages/docker/api/client.py", line 222, in _retrieve_server_version
f'Error while fetching server API version: {e}'
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', FileNotFoundError(2, 'No such file or directory'))

• '[' '!' -d container-image-scan ']'
• pip3 install docker
  Defaulting to user installation because normal site-packages is not writeable
  Requirement already satisfied: docker in /var/lib/jenkins/.local/lib/python3.7/site-packages (5.0.3)
  Requirement already satisfied: requests!=2.18.0,>=2.14.2 in /var/lib/jenkins/.local/lib/python3.7/site-packages (from docker) (2.26.0)
  Requirement already satisfied: websocket-client>=0.32.0 in /var/lib/jenkins/.local/lib/python3.7/site-packages (from docker) (1.1.0)
  Requirement already satisfied: idna<4,>=2.5; python_version >= "3" in /var/lib/jenkins/.local/lib/python3.7/site-packages (from requests!=2.18.0,>=2.14.2->docker) (3.2)
  Requirement already satisfied: urllib3<1.27,>=1.21.1 in /var/lib/jenkins/.local/lib/python3.7/site-packages (from requests!=2.18.0,>=2.14.2->docker) (1.26.6)
  Requirement already satisfied: certifi>=2017.4.17 in /var/lib/jenkins/.local/lib/python3.7/site-packages (from requests!=2.18.0,>=2.14.2->docker) (2021.5.30)
  Requirement already satisfied: charset-normalizer~=2.0.0; python_version >= "3" in /var/lib/jenkins/.local/lib/python3.7/site-packages (from requests!=2.18.0,>=2.14.2->docker) (2.0.3)
• python3 container-image-scan/cs_scanimage.py
  ERROR Unknown error
  Traceback (most recent call last):
  File "container-image-scan/cs_scanimage.py", line 355, in main
  client = docker.from_env()
  File "/var/lib/jenkins/.local/lib/python3.7/site-packages/docker/client.py", line 10
  
  1, in from_env
  **kwargs_from_env(**kwargs)
  File "/var/lib/jenkins/.local/lib/python3.7/site-packages/docker/client.py", line 45, in init
  self.api = APIClient(*args, **kwargs)
  File "/var/lib/jenkins/.local/lib/python3.7/site-packages/docker/api/client.py", line 132, in init
  config_dict=self._general_configs, credstore_env=credstore_env,
  TypeError: load_config() got an unexpected keyword argument 'config_dict'

We will be using cs_scanimage.py in a Kubernetes environment with limited to no Docker in Docker support. The script currently uses Docker commands which are not supported in our environment. We will use the Crane tool to push the image prior to running cs_scanimage.py and need to disable the image push.

As a follow-up item, not to block the original request, Crowdstrike may look into adding functionality to push the image without Docker.

It's a Priority 1 for us to implement in CI/CD.