Giters

eraser-dev / eraser

🧹 Cleaning up images from Kubernetes nodes

Home Page:https://eraser-dev.github.io/eraser/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

invalid DBRepo URL or Unreachable URL causes the scanner to halt and not scan but marks the job as Success

djsly opened this issue · comments

commented

What steps did you take and what happened:
[A clear and concise description of what the bug is.]

block network connectivity with a bad netpol ,or use a dummy DBRepo

What did you expect to happen:

the job should return a failure

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

{"level":"error","ts":1697559209.5491009,"logger":"scanner","msg":"error scanning image","provider":"trivy","imageID":"sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911","reference":"sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df","stderr":"2023-10-17T16:13:29.545Z\t\u001b[34mINFO\u001b[0m\tNeed to update DB\n2023-10-17T16:13:29.545Z\t\u001b[34mINFO\u001b[0m\tDB Repository: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db:2\n2023-10-17T16:13:29.545Z\t\u001b[34mINFO\u001b[0m\tDownloading DB...\n2023-10-17T16:13:29.545Z\t\u001b[31mFATAL\u001b[0m\tinit error: DB error: failed to download vulnerability DB: database download error: repository name error (mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db:2:2): could not parse reference: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db:2:2\n","error":"exit status 1","stacktrace":"main.(*ImageScanner).Scan\n\t/workspace/pkg/scanners/trivy/types.go:163\nmain.scan\n\t/workspace/pkg/scanners/trivy/trivy.go:183\nmain.main\n\t/workspace/pkg/scanners/trivy/trivy.go:108\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250"}

{"level":"info","ts":1697558919.406023,"logger":"scanner","msg":"trivy version","provider":"trivy","trivy version":"v0.43.0"}
{"level":"info","ts":1697558919.4060388,"logger":"scanner","msg":"config","provider":"trivy","config":"/config/controller_manager_config.yaml"}
{"level":"info","ts":1697558919.4067178,"logger":"scanner","msg":"scanning image with id","provider":"trivy","imageID":"sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911","refs":["sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df","mcr.microsoft.com/oss/kubernetes/pause:3.6"]}
{"level":"info","ts":1697558919.4067297,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df"}
{"level":"error","ts":1697558924.8531585,"logger":"scanner","msg":"error scanning image","provider":"trivy","imageID":"sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911","reference":"sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df","stderr":"2023-10-17T16:08:39.841Z\t\u001b[34mINFO\u001b[0m\tNeed to update DB\n2023-10-17T16:08:39.841Z\t\u001b[34mINFO\u001b[0m\tDB Repository: mcr2.microsoft.com/mirror/ghcr/aquasecurity/trivy-db\n2023-10-17T16:08:39.841Z\t\u001b[34mINFO\u001b[0m\tDownloading DB...\n2023-10-17T16:08:44.849Z\t\u001b[31mFATAL\u001b[0m\tinit error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred:\n\t* Get \"https://mcr2.microsoft.com/v2/\": dial tcp: lookup mcr2.microsoft.com on 192.168.0.10:53: no such host\n\n\n","error":"exit status 1","stacktrace":"main.(*ImageScanner).Scan\n\t/workspace/pkg/scanners/trivy/types.go:163\nmain.scan\n\t/workspace/pkg/scanners/trivy/trivy.go:183\nmain.main\n\t/workspace/pkg/scanners/trivy/trivy.go:108\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250"}
{"level":"info","ts":1697558924.8532302,"logger":"scanner","msg":"scanning image with ref","provider":"trivy","ref":"mcr.microsoft.com/oss/kubernetes/pause:3.6"}
{"level":"error","ts":1697558925.2983234,"logger":"scanner","msg":"error scanning image","provider":"trivy","imageID":"sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911","reference":"mcr.microsoft.com/oss/kubernetes/pause:3.6","stderr":"2023-10-17T16:08:45.286Z\t\u001b[34mINFO\u001b[0m\tNeed to update DB\n2023-10-17T16:08:45.286Z\t\u001b[34mINFO\u001b[0m\tDB Repository: mcr2.microsoft.com/mirror/ghcr/aquasecurity/trivy-db\n2023-10-17T16:08:45.286Z\t\u001b[34mINFO\u001b[0m\tDownloading DB...\n2023-10-17T16:08:45.294Z\t\u001b[31mFATAL\u001b[0m\tinit error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred:\n\t* Get \"https://mcr2.microsoft.com/v2/\": dial tcp: lookup mcr2.microsoft.com on 192.168.0.10:53: no such host\n\n\n","error":"exit status 1","stacktrace":"main.(*ImageScanner).Scan\n\t/workspace/pkg/scanners/trivy/types.go:163\nmain.scan\n\t/workspace/pkg/scanners/trivy/trivy.go:183\nmain.main\n\t/workspace/pkg/scanners/trivy/trivy.go:108\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:250"}
{"level":"info","ts":1697558925.2984028,"logger":"scanner","msg":"Vulnerable","provider":"trivy","Images":[],"Total count":0}
{"level":"info","ts":1697558925.2984288,"logger":"scanner","msg":"Failed","provider":"trivy","Images":[{"image_id":"sha256:7b178dc69474dd40a6471673c620079746e086c341b373fa723c09e043a5b911","names":["mcr.microsoft.com/oss/kubernetes/pause:3.6"],"digests":["sha256:b4b669f27933146227c9180398f99d8b3100637e4a0a1ccf804f8b12f4b9b8df"]}]}
{"level":"info","ts":1697558925.3444731,"logger":"scanner","msg":"scanning complete, waiting for remover to finish...","provider":"trivy"}
{"level":"info","ts":1697558925.3525577,"logger":"scanner","msg":"scanning complete, exiting","provider":"trivy"}
{"level":"info","ts":1697558925.3525686,"logger":"scanner","msg":"remover job completed, shutting down...","provider":"trivy"}

Environment:

  • Eraser version: 1.2.1
  • Kubernetes version: (use kubectl version): 1.26.X