Unable to docker scan: "failed to get DockerScanID"


I am new to docker and have studied “Get started”.

I did everything exactly before the vulnerability scan (Image-building best practices | Docker Documentation).

When I execute <$ sudo docker scan second-time>, I get the error <failed to get DockerScanID: bad status code “400 Bad Request”>

is my image.

OS Version: Ubuntu 20.04.

First, I did everything according to the instructions (Orientation and setup | Docker Documentation).

When I got to , I got an error.

I thought that maybe something broke during the experiments. Therefore, I completely removed the docker, deleted the account on the “Docker Hub”.

After that:

  • installed docker from repository

  • downloaded the app

  • created Dockerfile

  • executed <$ sudo docker build -t second-time . >

  • created a new docker account and public repository

  • executed <$ sudo docker login -u My_account_at_dockerhub >

  • executed <$ sudo docker tag second-time My_account_at_dockerhub/second-time>

  • executed <$ sudo docker push My_account_at_dockerhub/second-time>

  • on “Docker Hub” in the repository I see the image

  • I execute <$ sudo docker scan second-time>

and I get the error <failed to get DockerScanID: bad status code “400 Bad Request”>

  • trying <$ sudo docker scan My_account_at_dockerhub/second-time>

and getting the same error.

I could not find a solution to this problem anywhere, so I decided to write here.

Sincerely, Maris

This is just a guess but is it possible you reached the limit of the monthly free Docker scan? The limit is 10 per month.

I haven’t been able to scan even once. But, perhaps, I somehow reached my limit. Can I see how many requests were counted by Docker Hub?

I don’t know but I got the same error when I was not logged in with

docker scan --login

It opened a webbrowser to authenticate. Afther that I could run docker scan without any error.


Thank you very much! It really helped.

I also had the same experience. Once I authenticated, as you suggested, it worked just fine. Thank you!

The same thing

Thank you very much!

Unfortunately that didn’t work for me. I did a “docker login” and that worked, but gave me the same error above.

If I tried adding --login the command fails:

–login flag expects no argument

no matter where I put the flag. I then checked Docker Hub and note it says:

vulnerability scanning - disabled

If I try to enable it, I’m told I must upgrade to a Pro license. So maybe they just changed this? Or perhaps you’re all paying customers? Otherwise not sure what I’m doing wrong. Rest of the tutorial went fine.

Hmmm, you probably know, but that is not what is documented, unless you already used it earlier this month?

This feature requires a Docker subscription

You can now get 10 free scans per month as part of your Docker subscription. Sign in to Docker to start scanning your images for vulnerabilities.

But the Docker Subscription Cheat Sheet seems to indicate you’ll need Pro or better indeed. :thinking:

(Sorry, cannot check as indeed I am on a Pro account.)

Thanks for your help. I just started with Docker yesterday and this was my first attempt at a scan, and I’m confident I haven’t even made 10 failures (yet!). Looking at the cheat sheet, it says I should get 10 “Local vulnerability scans” with the free edition, and 200 with Snyk. The ones I don’t get are the Hub scans. But still, it doesn’t work for me and maybe it’s a syntax issue I’m blind to:

PS D:\Downloads\app> docker scan getting-started
failed to get DockerScanID: bad status code "400 Bad Request"
PS D:\Downloads\app> docker scan getting-started --accept-license
failed to get DockerScanID: bad status code "400 Bad Request"
PS D:\Downloads\app> docker scan getting-started --login
--login flag expects no argument

docker login works fine on its own, though.

Is this the only way you tried to log in? You shouldn’t pass “getting-started” as an argument.

1 Like

I’ve solved the problem, here are all the details. Note it seems you may be using an older version, because your comments don’t align with the command output or docs. Do appreciate the help, though!

First, I had successfully logged in with:

docker login -u username

But that logs me into Docker Hub. What the docs fail to mention is that I also need to register with Snyk first.

But before I discovered that, I read the docker scan docs, notably troubleshooting section:


  • The Vulnerability scanning feature doesn’t work with Alpine distributions.
  • If you are using Debian and OpenSUSE distributions, the login process only works with the --token flag, you won’t be redirected to the Snyk website for authentication.

Both warnings are for WSL, which I am using (probably obvious from the D:\ in my paths). That’s where I discovered I needed a token for login, but when I created a Docker Hub auth token and used that, I got a clue in the form of an error message:

PS D:\Downloads\app> docker scan  --login --token TOKEN
Authentication failed. Please check the API token on https://snyk.io

Aha! I then registered on Snyk, got the token, and retried the above command with the Snyk token. Success:

Your account has been authenticated. Snyk is now ready to be used.

After logging in, I’m able to successfully scan with (truncated output):

PS D:\Downloads\app> docker scan getting-started

Testing getting-started...

Now, you’re saying I don’t include the image name, but docker scan throws an error if I don’t.

Usage:  docker scan [OPTIONS] IMAGE
"docker scan" requires exactly 1 argument

Passing the image name comes directly from the tutorial, which I have been following precisely:

Here is the output of --version, in case it helps:

PS D:\Downloads\app> docker scan --version
Version:    0.9.0
Git commit: b05830d
Provider:   Snyk (1.563.0 (standalone))

It seems the tutorial may need to be updated (I see it’s a year old), but as this is just day 1 for me, I could be missing something.

1 Like

I meant don’t pass the argument when you want to log in.


docker scan --login


docker scan getting-started --login

You also got the error message so I am pretty sure it is not a matter of versions :slight_smile:

But I’m glad you managed to solve your problem.

I had the same experience as MadeUpName, though fortunately for me, a day later than him so the solution was here for me to find. :wink:

The tutorial should probably reflect these steps, since it is at least notionally for Docker newbies.

Thanks for the solution! :smiley:

1 Like

What was confusing to me was:

Usage:  docker scan [OPTIONS] IMAGE
"docker scan" requires exactly 1 argument

I read “exactly 1 argument” as the IMAGE argument in the usage line. Not that an option might count as an argument. Or that with --login option, takes zero arguments. If I may be so bold, that conflict makes the command help/error message incorrect. Or at a minimum, imprecise.

Oh I see. You are right, that is confusing.

In my case it was because I was running it in msys2, when I ran it in powershell it worked fine.

I am trying to run this command but it’s not woking. it’s always asking to login to Dockerhub. Login to dockerhub is must to run the scan?
docker scan --token dsd-sd2-2222-4dsd-sds nginx:latest
Token is from Snyk.

If I use the command like this
docker scan --login --token dsd-sd2-2222-4dsd-sds nginx:latest
then it throw this error,
–login flag expects no argument

Looks like login to dockerhub is must to use Docker Scan. It may be cost thing :slight_smile:

Then don’t add an argument :slight_smile: