Hi,
When the image scan is executed the SecretScanner runs docker save and then extract the content of the saved tar then perform a scan on it.

It would be great to have a functionality to provide the tar image directly for scanning so that we don't have to use Docker daemon to run docker save first.

The idea is to run SecretScanner inside a Docker container where it has no access to Docker daemon from the host.
For now, I have implemented a workaround myself, by using a 3rd party tool to create image archive, and then supplying that archive to SecretScanner.

In order to achieve that, I had to add a functionality in SecretScanner to accept the tar archive as an input.

The idea is to run SecretScanner inside a Docker container where it has no access to Docker daemon from the host.
For now, I have implemented a workaround myself, by using a 3rd party tool to create image archive, and then supplying that archive to SecretScanner.

In order to achieve that, I had to add a functionality in SecretScanner to accept the tar archive as an input.

Thanks for the update. This is a useful feature for SecretScanner. Would you like to raise a pull request for this change?

The idea is to run SecretScanner inside a Docker container where it has no access to Docker daemon from the host.
For now, I have implemented a workaround myself, by using a 3rd party tool to create image archive, and then supplying that archive to SecretScanner.
In order to achieve that, I had to add a functionality in SecretScanner to accept the tar archive as an input.

Thanks for the update. This is a useful feature for SecretScanner. Would you like to raise a pull request for this change?

For sure, I will do a pull request soon :)