FS scanning doesn't work with Trivy version >= 0.23.0
chen-keinan opened this issue · comments
Trivy fs scanning in the same namespace does not work with the latest starboard. release. v0.15.4.
getting this error:
{"level":"error","ts":1651479039.0873706,"logger":"reconciler.vulnerabilityreport","msg":"Scan job container","job":"test-file/scan-vulnerabilityreport-dfcd666f8","container":"6ed20c40-482d-444b-b4b9-968439d67ee4","status.reason":"Error","s
tatus.message":"2022-05-02T08:10:09.436Z\t\u001b[34mINFO\u001b[0m\tNeed to update DB\n2022-05-02T08:10:09.436Z\t\u001b[34mINFO\u001b[0m\tDownloading DB...\n2022-05-02T08:10:38.658Z\t\u001b[31mFATAL\u001b[0m\tDB error: failed to download vulnerability DB: OCI artifact error: OCI artifact error: OCI repository error: Get \"https://ghcr.io/v2/\": dial tcp 140.82.121.34:443: i/o timeout\n","stacktrace":"github.com/aquasecurity/starboard/pkg/vulnerabilityreport.(*WorkloadController).reconcileJobs.func1\n\t/Users/test.file/Documents/GitHub/starboard/pkg/vulnerabilityreport/controller.go:32
starboard config :
vulnerabilityReports.scanJobsInSameNamespace : true
Expected result :
scan image
Actual result:
fail with error
Trivy version 0.23.0 introduced sub commands capability, it is required to change starboard to support it, when Trivy fs scanning job is initialized, trivy scan job is setting the init container with old Trivy convention command, without sub command, therefore the job its failing: initContainer
issue has been moved to [Trivy-Operator#49] (aquasecurity/trivy-operator#49)