Container Image Scan fails with "Scan Container Image pattern supported only on Linux MID Servers" - Support and Troubleshooting

Container Image Scan fails with "Scan Container Image pattern supported only on Linux MID Servers" Issue .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Container Image Scan fails with the following error message:

Scan Container Image pattern supported only on Linux Mid Servers. Only Linux Mid Servers provide mid server capablity 'Scan Container Images'. Command output is 'which' is not recognized as an internal or external command, operable program or batch file.

The Discovery log may show entries similar to:

Task is running on MID server

Pattern: Scan Container Image

1 Verify trivy installation: Running local command: which trivy Command stderr: 'which' is not recognized as an internal or external command, operable program or batch file. setAttribute(CommandOutput,'which' is not recognized as an internal or external command, operable program or batch file.)

2 Check Mid is Linux or not

setAttribute(error_message,Scan Container Image pattern supported only on Linux Mid Servers. Only Linux Mid Servers provide mid server capablity 'Scan Container Images'. Command output is 'which' is not recognized as an internal or external command, operable program or batch file.)

setAttribute(output,Error) Release .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } ALL

Cause .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } The Scan Container Image pattern is being executed on a Windows MID Server or a non-Linux MID Server. The Container Image Scan pattern requires a Linux MID Server because it runs Linux commands such as:

which trivy When this command runs on a Windows MID Server, Windows returns:

'which' is not recognized as an internal or external command, operable program or batch file. The pattern detects this output and marks the scan as failed. This usually happens when:

1. No Image Registry to MID Server Mapping exists for the image registry. 2. A Windows MID Server is selected by the MID selection logic. 3. A Windows MID Server has broad capabilities such as ALL. 4. The required Linux MID Server does not have the Scan Container Images capability. 5. The image registry is not mapped to the intended Linux MID Server.

Resolution .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } 1. Confirm that the scan is running on the wrong MID Server

Open the Discovery log for the failed Container Image Scan and check the first few lines.

Example:

Task is running on MID server If the MID Server is Windows or does not support Linux commands, the scan will fail with: 'which' is not recognised as an internal or external command, operable program or batch file.

2. Validate the Linux MID Server

Navigate to: MID Server > Servers. Open the intended Linux MID Server and confirm:

Status: Up Host OS: Linux Capability: Scan Container Images

Also validate on the Linux MID host that Trivy is installed and available to the MID Server service user:

which trivy trivy -v Expected output for which trivy should be a valid Linux path, for example:

/usr/bin/trivy

3. Identify the registry URL from the Container Repository

Navigate to: cmdb_ci_container_repository_list.do. Review the Name field.

Example Container Repository name:

registry.example.com:5000/project/application

The registry URL to use in mapping is only:

registry.example.com:5000

Do not use the full repository path or image tag in the mapping.

4. Create an Image Registry to MID Server Mapping

Navigate to: sn_itom_pattern_image_registry_mid_server_mapping_list.do

Create a new mapping record.

Example:

Name: Registry Example to Linux MID Registry URL: registry.example.com:5000 MID Server: Applies to: All MID servers Active: true Order: 100

Save the record.

5. Create mappings per unique registry URL

A mapping is required per unique registry URL , not per image. For example, all of these images can use one mapping:

registry.example.com:5000/project1/app1 registry.example.com:5000/project2/app2 registry.example.com:5000/project3/app3

Required mapping: Registry URL: registry.example.com:5000 MID Server:

For Docker Hub namespace-style images, such as:

prom/alertmanager grafana/grafana minio/minio The registry should be treated as:

docker.io

6. Reset the failed scan status

Open the failed record in: sn_itom_pattern_container_image_scan_status

Change:

Scan Status: None

Save the record. This allows the scan to be picked up again and routed through the correct Linux MID Server based on the mapping.

7. Re-run and validate:

After resetting the scan status, rerun the scan or wait for the image scan process to run again. In the Discovery log, confirm:

Task is running on MID server Then confirm the Trivy validation step returns a valid Linux path:

Running local command: which trivy Command response: /usr/bin/trivy

The error should no longer show:

'which' is not recognised as an internal or external command, operable program or batch file. Related Links .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Map a MID Server to a container image repository — ServiceNow Product Documentation