"failed to fetch APKINDEX archive" error occured in the trivy-scanner container
smd134 opened this issue · comments
What steps did you take and what happened:
In the AKS cluster(UDR) which is restricted internet access, I enabled Image Cleaner add-on.
az aks update -g aks-egress-rg -n aks-egress --enable-image-cleaner
After enabling, I deployed alpine pods and removed for business needs.
Eraser pods are running and completed okay, but when I checked the logs of trivy-scanner container in the pod "eraser-aks-agentpool-xxxxx", I could see the below error log.
2023/06/09 06:03:38 failed to fetch APKINDEX archive: Get "https://raw.githubusercontent.com/knqyf263/apkIndex-archive/master/alpine/v3.18/main/x86_64/history.json": EOF
It seems that eraser pod is trying to access to "raw.githubusercontent.com" but failed due to restricted internet access in this cluster.
But, actually, alpine image was detected and removed by remover container.
Below is the remover container logs.
kubectl logs eraser-aks-nodepool1-28965175-vmss000000-s6q5l remover -n kube-system
{"level":"info","ts":1686290637.6923318,"logger":"remover","msg":"successfully created imagelist from scanned non-compliant images"}
**{"level":"info","ts":1686290637.7401874,"logger":"remover","msg":"removed image","given":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","imageID":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","name":{"image_id":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","names":["docker.io/library/alpine:latest"],"digests":["sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11"]}}**
{"level":"info","ts":1686290637.7402663,"logger":"remover","msg":"image is running","given":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","imageID":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","name":{"image_id":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","names":["mcr.microsoft.com/oss/eraser/eraser-trivy-scanner:v1.1.0"],"digests":["sha256:d694836249bad6d7f24bfc04582700b2428e5e6bfebe2cda44a4daaddb2dcb85"]}}
Is this just a bad login? Or is there some bug?
What did you expect to happen:
Working fine without this error log.
Anything else you would like to add:
I attached all logs of trivy-scanner, collector and remover containers in the pod "eraser-aks-agentpool-xxxxx".
remover container logs
kubectl logs eraser-aks-nodepool1-28965175-vmss000000-s6q5l remover -n kube-system
{"level":"info","ts":1686290637.6923318,"logger":"remover","msg":"successfully created imagelist from scanned non-compliant images"}
{"level":"info","ts":1686290637.7401874,"logger":"remover","msg":"removed image","given":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","imageID":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","name":{"image_id":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","names":["docker.io/library/alpine:latest"],"digests":["sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11"]}}
{"level":"info","ts":1686290637.7402663,"logger":"remover","msg":"image is running","given":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","imageID":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","name":{"image_id":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","names":["mcr.microsoft.com/oss/eraser/eraser-trivy-scanner:v1.1.0"],"digests":["sha256:d694836249bad6d7f24bfc04582700b2428e5e6bfebe2cda44a4daaddb2dcb85"]}}
collector container logs
kubectl logs eraser-aks-nodepool1-28965175-vmss000000-s6q5l collector -n kube-system
{"level":"info","ts":1686290602.4738061,"logger":"collector","msg":"images collected","finalImages:":[{"image_id":"sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6","names":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18"]},{"image_id":"sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423","names":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14"]},{"image_id":"sha256:7c2350135f572345e6ccbb44ce9b18621984e1278d8cd088624006c63c9fc5f4","names":["mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.2"]},{"image_id":"sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94","names":["mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4"]},{"image_id":"sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271","names":["mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1"]},{"image_id":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","names":["docker.io/library/alpine:latest"],"digests":["sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11"]},{"image_id":"sha256:73f60a46695772b312ad0488b5d4f905c5a0f62cd017b5a341c00c0038d14bfe","names":["mcr.microsoft.com/oss/cilium/operator-generic:1.12.8"]},{"image_id":"sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11","names":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20"]},{"image_id":"sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e","names":["mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1","mcr.microsoft.com/aks/aks-node-ca-watcher:static"]},{"image_id":"sha256:846921f0fe0e57df9e4d4961c0c4af481bf545966b5f61af68e188837363530e","names":["mcr.microsoft.com/oss/kubernetes/defaultbackend:1.4"]},{"image_id":"sha256:9311829ca226782807f6a875db2d2c3edb256c44d163e3b63b582d7dec1a8967","names":["mcr.microsoft.com/oss/calico/typha:v3.8.9"]},{"image_id":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","names":["mcr.microsoft.com/oss/eraser/eraser-trivy-scanner:v1.1.0"],"digests":["sha256:d694836249bad6d7f24bfc04582700b2428e5e6bfebe2cda44a4daaddb2dcb85"]},{"image_id":"sha256:950cf6f3fcdb01de7652b69beb8cc4a96425342d94d152a337af740cce2b3e71","names":["mcr.microsoft.com/oss/eraser/remover:v1.1.0"],"digests":["sha256:ad7d25cd3bc88d6375202bd7b20fa9e28cab227041543443108e831559e36eeb"]},{"image_id":"sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59","names":["mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1"]},{"image_id":"sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f","names":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4"]},{"image_id":"sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b","names":["mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0"]},{"image_id":"sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52","names":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8"]},{"image_id":"sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1","names":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10"]},{"image_id":"sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0","names":["mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1"]}]}
trivy-scanner container logs
kubectl logs eraser-aks-nodepool1-28965175-vmss000000-s6q5l trivy-scanner -n kube-system
{"level":"info","ts":1686290603.2391517,"logger":"scanner","msg":"config","provider":"trivy","config":"/config/controller_manager_config.yaml"}
{"level":"info","ts":1686290607.4193542,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6","refs":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18"]}
{"level":"info","ts":1686290607.4193916,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18"}
{"level":"info","ts":1686290607.425092,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:fc2b8ce536233c0871db316071c967814b50b258033523a4ccfb150cb2ed18c6","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.18"}
{"level":"info","ts":1686290608.7036514,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290608.7037222,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290608.703899,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290608.7039213,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290608.7103288,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423","refs":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14"]}
{"level":"info","ts":1686290608.710358,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14"}
{"level":"info","ts":1686290608.7142806,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:f991c79fb51a7129bc3b807918ec43781b571ef521e6e640d031e2bf60193423","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14"}
{"level":"info","ts":1686290609.9748013,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290609.9748452,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290609.9748933,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290609.9749,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290609.9776125,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:7c2350135f572345e6ccbb44ce9b18621984e1278d8cd088624006c63c9fc5f4","refs":["mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.2"]}
{"level":"info","ts":1686290609.9776392,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.2"}
{"level":"info","ts":1686290609.9813223,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:7c2350135f572345e6ccbb44ce9b18621984e1278d8cd088624006c63c9fc5f4","ref":"mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.2"}
{"level":"info","ts":1686290613.235057,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290613.2351084,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290613.2353287,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94","refs":["mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4"]}
{"level":"info","ts":1686290613.235345,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4"}
{"level":"info","ts":1686290613.2401502,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:ae6923f82e470496af83e3b9cdc1163a1ba8dfc08afac020f01297709e172e94","ref":"mcr.microsoft.com/containernetworking/cni-dropgz:v0.0.4"}
{"level":"info","ts":1686290615.629072,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290615.6291106,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290615.629458,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271","refs":["mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1"]}
{"level":"info","ts":1686290615.6294773,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1"}
{"level":"info","ts":1686290615.6335454,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:a0a819d519f697fba86b2c4a8f9a3b162157d5ecd9c3cff53a75e32371e7d271","ref":"mcr.microsoft.com/oss/open-policy-agent/gatekeeper:v3.11.1"}
{"level":"info","ts":1686290617.864938,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290617.8649824,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290617.865028,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290617.8650339,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290617.8678157,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","refs":["sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11","docker.io/library/alpine:latest"]}
{"level":"info","ts":1686290617.8678427,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11"}
{"level":"info","ts":1686290617.871763,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","ref":"sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11"}
**2023/06/09 06:03:38 failed to fetch APKINDEX archive: Get "https://raw.githubusercontent.com/knqyf263/apkIndex-archive/master/alpine/v3.18/main/x86_64/history.json": EOF**
{"level":"info","ts":1686290618.886209,"caller":"local/scan.go:249","msg":"Detected OS: alpine"}
{"level":"info","ts":1686290618.8862503,"caller":"alpine/alpine.go:183","msg":"This OS version is not on the EOL list: alpine 3.18"}
{"level":"info","ts":1686290618.8862605,"caller":"alpine/alpine.go:85","msg":"Detecting Alpine vulnerabilities..."}
{"level":"info","ts":1686290618.8876429,"caller":"local/scan.go:274","msg":"Number of language-specific files: 0"}
{"level":"info","ts":1686290618.8878152,"logger":"scanner","msg":"vulnerable image found","provider":"trivy","img":{"image_id":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","names":["docker.io/library/alpine:latest"],"digests":["sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11"]}}
{"level":"info","ts":1686290618.887858,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:73f60a46695772b312ad0488b5d4f905c5a0f62cd017b5a341c00c0038d14bfe","refs":["mcr.microsoft.com/oss/cilium/operator-generic:1.12.8"]}
{"level":"info","ts":1686290618.887866,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/cilium/operator-generic:1.12.8"}
{"level":"info","ts":1686290618.89153,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:73f60a46695772b312ad0488b5d4f905c5a0f62cd017b5a341c00c0038d14bfe","ref":"mcr.microsoft.com/oss/cilium/operator-generic:1.12.8"}
{"level":"info","ts":1686290620.8158514,"caller":"local/scan.go:274","msg":"Number of language-specific files: 2"}
{"level":"info","ts":1686290620.8158932,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290620.8185885,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11","refs":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20"]}
{"level":"info","ts":1686290620.8186123,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20"}
{"level":"info","ts":1686290620.8225274,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:e014e11ba82731c2e7abe2110903c8a79b40a231892a02ade4b0a2d2fbf96a11","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.24.20"}
{"level":"info","ts":1686290621.965316,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290621.9653711,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290621.9654536,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290621.965469,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290621.968064,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e","refs":["mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1","mcr.microsoft.com/aks/aks-node-ca-watcher:static"]}
{"level":"info","ts":1686290621.968088,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1"}
{"level":"info","ts":1686290621.9797673,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:afa50b5f5d252c3b77c003e6ddfcddba856c9c955e13052d532149026df1235e","ref":"mcr.microsoft.com/aks/aks-node-ca-watcher:master.221011.1"}
{"level":"info","ts":1686290622.302385,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290622.3025022,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290622.3026323,"caller":"local/scan.go:274","msg":"Number of language-specific files: 0"}
{"level":"info","ts":1686290622.3037605,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:846921f0fe0e57df9e4d4961c0c4af481bf545966b5f61af68e188837363530e","refs":["mcr.microsoft.com/oss/kubernetes/defaultbackend:1.4"]}
{"level":"info","ts":1686290622.3038182,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/kubernetes/defaultbackend:1.4"}
{"level":"info","ts":1686290622.3079426,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:846921f0fe0e57df9e4d4961c0c4af481bf545966b5f61af68e188837363530e","ref":"mcr.microsoft.com/oss/kubernetes/defaultbackend:1.4"}
{"level":"info","ts":1686290622.4381735,"caller":"local/scan.go:274","msg":"Number of language-specific files: 0"}
{"level":"info","ts":1686290622.438315,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:9311829ca226782807f6a875db2d2c3edb256c44d163e3b63b582d7dec1a8967","refs":["mcr.microsoft.com/oss/calico/typha:v3.8.9"]}
{"level":"info","ts":1686290622.4383285,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/calico/typha:v3.8.9"}
{"level":"info","ts":1686290622.4435334,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:9311829ca226782807f6a875db2d2c3edb256c44d163e3b63b582d7dec1a8967","ref":"mcr.microsoft.com/oss/calico/typha:v3.8.9"}
{"level":"info","ts":1686290623.7967548,"caller":"local/scan.go:274","msg":"Number of language-specific files: 0"}
{"level":"info","ts":1686290623.7969048,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","refs":["sha256:d694836249bad6d7f24bfc04582700b2428e5e6bfebe2cda44a4daaddb2dcb85","mcr.microsoft.com/oss/eraser/eraser-trivy-scanner:v1.1.0"]}
{"level":"info","ts":1686290623.7969186,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"sha256:d694836249bad6d7f24bfc04582700b2428e5e6bfebe2cda44a4daaddb2dcb85"}
{"level":"info","ts":1686290623.8018582,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","ref":"sha256:d694836249bad6d7f24bfc04582700b2428e5e6bfebe2cda44a4daaddb2dcb85"}
{"level":"info","ts":1686290626.462329,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290626.462379,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290626.462572,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290626.462588,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290626.4696765,"logger":"scanner","msg":"vulnerable image found","provider":"trivy","img":{"image_id":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","names":["mcr.microsoft.com/oss/eraser/eraser-trivy-scanner:v1.1.0"],"digests":["sha256:d694836249bad6d7f24bfc04582700b2428e5e6bfebe2cda44a4daaddb2dcb85"]}}
{"level":"info","ts":1686290626.4697154,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:950cf6f3fcdb01de7652b69beb8cc4a96425342d94d152a337af740cce2b3e71","refs":["sha256:ad7d25cd3bc88d6375202bd7b20fa9e28cab227041543443108e831559e36eeb","mcr.microsoft.com/oss/eraser/remover:v1.1.0"]}
{"level":"info","ts":1686290626.469724,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"sha256:ad7d25cd3bc88d6375202bd7b20fa9e28cab227041543443108e831559e36eeb"}
{"level":"info","ts":1686290626.473503,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:950cf6f3fcdb01de7652b69beb8cc4a96425342d94d152a337af740cce2b3e71","ref":"sha256:ad7d25cd3bc88d6375202bd7b20fa9e28cab227041543443108e831559e36eeb"}
{"level":"info","ts":1686290627.5341158,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290627.5341601,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290627.5342093,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290627.5342157,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290627.536265,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59","refs":["mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1"]}
{"level":"info","ts":1686290627.5362852,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1"}
{"level":"info","ts":1686290627.5541885,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:6bad9738cb8b6625d51cb8c5e93db672ec4d5442d86793f338adf28804ce8b59","ref":"mcr.microsoft.com/azure-policy/policy-kubernetes-addon-prod:1.0.1"}
{"level":"info","ts":1686290630.9754455,"caller":"local/scan.go:249","msg":"Detected OS: cbl-mariner"}
{"level":"info","ts":1686290630.9754903,"caller":"mariner/mariner.go:30","msg":"Detecting CBL-Mariner vulnerabilities..."}
{"level":"info","ts":1686290630.9756708,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290630.9756894,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290630.9780097,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f","refs":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4"]}
{"level":"info","ts":1686290630.9780354,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4"}
{"level":"info","ts":1686290630.9820678,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:690dbf4f4d76fbef9ef5d46f8eb7f1bd8b912b83ae1da21c01238b5200c8431f","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4"}
{"level":"info","ts":1686290632.3437965,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290632.343841,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290632.3438897,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290632.3438964,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290632.346619,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b","refs":["mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0"]}
{"level":"info","ts":1686290632.346647,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0"}
{"level":"info","ts":1686290632.3502657,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:83d1f54dd91455e8512964339e15267e78ae993891a67d31f07b2b44afd55f6b","ref":"mcr.microsoft.com/oss/calico/pod2daemon-flexvol:v3.24.0"}
{"level":"info","ts":1686290632.7936802,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290632.7937524,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"warn","ts":1686290632.7938898,"caller":"compare/compare.go:34","msg":"version error ((devel)): malformed version: (devel)"}
{"level":"info","ts":1686290632.7941053,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52","refs":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8"]}
{"level":"info","ts":1686290632.794126,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8"}
{"level":"info","ts":1686290632.798118,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:68ec63f39af036f8066cab99d8a54b7a1a8f4cb73315dfa038d0a60db144dc52","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.8"}
{"level":"info","ts":1686290634.2258606,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290634.2259042,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290634.2259507,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290634.2260928,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290634.2287092,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1","refs":["mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10"]}
{"level":"info","ts":1686290634.2287338,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10"}
{"level":"info","ts":1686290634.2327921,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:7022e60db4b185ddc9077c609568f6066c3314c9009c0f44919fbc14dd66c0e1","ref":"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10"}
{"level":"info","ts":1686290635.5530171,"caller":"local/scan.go:249","msg":"Detected OS: debian"}
{"level":"info","ts":1686290635.5530598,"caller":"debian/debian.go:78","msg":"Detecting Debian vulnerabilities..."}
{"level":"info","ts":1686290635.5531394,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290635.5531456,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290635.5557487,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0","refs":["mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1"]}
{"level":"info","ts":1686290635.5557718,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1"}
{"level":"info","ts":1686290635.5591457,"logger":"scanner","msg":"found image with id under reference","provider":"trivy","imageID":"sha256:7825719495768a27f4a9e4d7143ac4025805c9b9d7343c492d90ec236d1282b0","ref":"mcr.microsoft.com/azure-policy/policy-kubernetes-webhook:1.0.1"}
{"level":"info","ts":1686290636.7922168,"caller":"local/scan.go:249","msg":"Detected OS: cbl-mariner"}
{"level":"info","ts":1686290636.7922552,"caller":"mariner/mariner.go:30","msg":"Detecting CBL-Mariner vulnerabilities..."}
{"level":"info","ts":1686290636.7923172,"caller":"local/scan.go:274","msg":"Number of language-specific files: 1"}
{"level":"info","ts":1686290636.7923243,"caller":"local/scan.go:288","msg":"Detecting gobinary vulnerabilities..."}
{"level":"info","ts":1686290636.7940857,"logger":"scanner","msg":"Vulnerable","provider":"trivy","Images":[{"image_id":"sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e","names":["docker.io/library/alpine:latest"],"digests":["sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11"]},{"image_id":"sha256:6ac857019b37c85739dfc89924288e26ffc1225ebb27a6743dd68b5a2e8d7767","names":["mcr.microsoft.com/oss/eraser/eraser-trivy-scanner:v1.1.0"],"digests":["sha256:d694836249bad6d7f24bfc04582700b2428e5e6bfebe2cda44a4daaddb2dcb85"]}]}
{"level":"info","ts":1686290637.691855,"logger":"scanner","msg":"scanning complete, waiting for remover to finish...","provider":"trivy"}
{"level":"info","ts":1686290637.7405462,"logger":"scanner","msg":"scanning complete, exiting","provider":"trivy"}
{"level":"info","ts":1686290637.740566,"logger":"scanner","msg":"remover job completed, shutting down...","provider":"trivy"}
Environment:
Egress traffic AKS cluster (UDR)
https://learn.microsoft.com/en-us/azure/aks/limit-egress-traffic
Only allowed docker.io in Azure Firewall.
- Eraser version: v1.1.0
- Kubernetes version: (use
kubectl version): AKS 1.25.6 version
@smd134 thanks for the report! I believe this is a bug on eraser, it is looking at image misconfig (this is not in the scope of eraser)
https://github.com/aquasecurity/trivy/blob/9a279fa7bb5ccdcda642f99ac2dfd80551082ee2/pkg/fanal/analyzer/imgconf/apk/apk.go#L28-L29
@sozercan You merged other issue "#761" and it says it fixed.
I'm currently having the error "2023/06/09 06:03:38 failed to fetch APKINDEX archive: Get "https://raw.githubusercontent.com/knqyf263/apkIndex-archive/master/alpine/v3.18/main/x86_64/history.json": EOF" in the restricted internet access AKS cluster(UDR).
Does it work normally even if this error appears?
@smd134 it is fixed but we haven't cut a release yet. you can ignore the error since it is due to a error in a capability (image misconfig) that eraser doesn't use.
@sozercan Thanks! I have one more question.
If an image has a vulnerability, does the corresponding vulnerability CVE number appear in the trivy-scanner container's logs?
For me, I couldn't see any of CVE nubmer even though I have an image which has vulnerability and detected by remover container.
I wonder if the vulnerability CVE number doesn't appear is expected behavior or it's because of this issue.
@smd134 it is expected behavior, we just output a list of images that matched the config criteria today, and added a total count in the next release.
@sozercan Will the feature of showing the CVE numbers for detected vulnerabilities also be added in the next release?