Skip to content

fix: enable Docker API version negotiation#545

Open
jotka wants to merge 1 commit intoanchore:mainfrom
jotka:fix/docker-api-version-negotiation
Open

fix: enable Docker API version negotiation#545
jotka wants to merge 1 commit intoanchore:mainfrom
jotka:fix/docker-api-version-negotiation

Conversation

@jotka
Copy link
Copy Markdown

@jotka jotka commented Mar 13, 2026

Summary

  • Add client.WithAPIVersionNegotiation() to the Docker client options in GetClient()

Problem

The Docker client in internal/docker/client.go uses client.FromEnv but does not enable API version negotiation. This means the client defaults to the API version compiled into the moby/moby library (currently v1.53).

When stereoscope connects to an older Docker daemon — for example one that only supports API v1.43 — the daemon rejects requests with:

Error response from daemon: client version 1.53 is too new. Maximum supported API version is 1.43

This breaks tools like grype when scanning images on hosts running older Docker versions (e.g. Docker 25.x, 26.x, Synology DSM).

Fix

Adding client.WithAPIVersionNegotiation() makes the client ping the daemon on first request and automatically downgrade to the daemon's supported API version. This matches the behavior of the Docker CLI itself and grype's own Docker client in cmd/grype/cli/commands/completion.go, which already uses WithAPIVersionNegotiation().

Test plan

  • go build ./internal/docker/ compiles successfully
  • go test ./internal/docker/ passes
  • Verified scanning works against Docker daemon with API v1.43

@jotka jotka force-pushed the fix/docker-api-version-negotiation branch from bbdd25e to e10aa21 Compare March 13, 2026 17:45
@wagoodman wagoodman added the bug Something isn't working label Apr 22, 2026
@jotka @wagoodman
fix: enable Docker API version negotiation
e1d7ffe 
Without WithAPIVersionNegotiation(), the Docker client defaults to the
API version compiled into the moby/moby library (currently v1.53). When
connecting to older Docker daemons that only support up to e.g. v1.43,
this causes "client version 1.53 is too new" errors.

Adding WithAPIVersionNegotiation() makes the client ping the daemon
first and downgrade to the daemon's supported API version, matching
the behavior of the Docker CLI itself.

Signed-off-by: Jarek Krochmalski <jkrochmalski@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman force-pushed the fix/docker-api-version-negotiation branch from e10aa21 to e1d7ffe Compare April 22, 2026 13:45
@wagoodman
Copy link
Copy Markdown
Contributor

wagoodman commented Apr 22, 2026

I'm confused how this could make a difference, this option is deprecated upstream and auto-negotiation is on by default. There are conditions that disable negotiation though, such as setting DOCKER_API_VERSION in the environment (since FromEnv is in the options list, and WithAPIVersionFromEnv disables negotiation when set) -- Here's the PR that changed this behavior.

Can you double check your findings? Since the option that you added is a nop I feel that there must be another reason for the behavior change when pulling this in (maybe due to a version bump of the docker client itself?).

@thaJeztah
Copy link
Copy Markdown
Contributor

thaJeztah commented Apr 22, 2026

Yes, this option is no longer needed, and now enabled by default; the old (github.com/docker/docker/client) module did have it as opt-in, but current versions of github.com/moby/moby/client enable it by default, so it's now a no-opt; https://github.com/moby/moby/blob/client/v0.4.1/client/client_options.go#L381-L395

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jotka @wagoodman @thaJeztah