Giters

aquasecurity / starboard

Moved to https://github.com/aquasecurity/trivy-operator

Home Page:https://aquasecurity.github.io/starboard/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

manifest unknown when running vulnerability scan with trivy

nilesh-akhade opened this issue · comments

commented

What steps did you take and what happened:
Tried to scan a pod from local minikube cluster. The image was built and deployed locally.

[A clear and concise description of what the bug is, and what commands you ran.]
Vulnerability scanner (Trivy) was not able to scan pod with error - "MANIFEST unknown"

What did you expect to happen:
Successful vulnerability scan

Anything else you would like to add:

[Miscellaneous information that will assist in solving the issue.]

$ kubectl starboard scan vulnerabilityreports mypod-cc48d696b-nn7pg
E0125 13:17:21.434830  245449 runnable_job.go:162] Container mypod terminated with Error: 2022-01-25T07:47:05.985Z	FATAL	scan error: unable to initialize a scanner: unable to initialize a docker scanner: 3 errors occurred:
	* unable to inspect the image (index.docker.io/myorg/abc-img:4837): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
	* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* GET https://index.docker.io/v2/myorg/abc-img/manifests/4837: MANIFEST_UNKNOWN: manifest unknown; unknown tag=4837


error: running scan job: warning event received: Job has reached the specified backoff limit (BackoffLimitExceeded)

Environment:

  • Starboard version (use starboard version):

    Starboard Version: {Version:0.13.2 Commit:7a8a51ce332fed834d16c17de5390c97ffac62be Date:2021-12-17T17:35:16Z}

  • Kubernetes version (use kubectl version):

    Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.3", GitCommit:"ca643a4d1f7bfe34773c74f79527be4afd95bf39", GitTreeState:"clean", BuildDate:"2021-07-15T21:04:39Z", GoVersion:"go1.16.6", Compiler:"gc", Platform:"linux/amd64"}
    Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}

  • OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc):

    Ubuntu 20.04.3 LTS

commented

Trivy plugin scans images from a remote registry. It cannot scan images cached by container runtime on a cluster node (yet).