Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error in 0.20.0 - panic: runtime error: index out of range [0] with length 0 #354

Open
ziv-airis opened this issue May 8, 2024 · 5 comments

Comments

@ziv-airis
Copy link

Hey,

I'm using the latest version of trivy-action

 - name: Scan for vulnerabilities
      uses: aquasecurity/trivy-action@master

Something happened today(maybe the new version) which is causing our action to failed

panic: runtime error: index out of range [0] with length 0

goroutine 26 [running]:
github.com/aquasecurity/trivy/pkg/dependency/parser/conda/environment.(*Parser).parseDependency(0xd495301?, {0x0, 0x0})
	/home/runner/work/trivy/trivy/pkg/dependency/parser/conda/environment/parse.go:89 +0x28c
github.com/aquasecurity/trivy/pkg/dependency/parser/conda/environment.(*Parser).toLibrary(0xc0009a5248, {{0x0?, 0x7478360?}, 0x1?})
	/home/runner/work/trivy/trivy/pkg/dependency/parser/conda/environment/parse.go:59 +0x58
github.com/aquasecurity/trivy/pkg/dependency/parser/conda/environment.(*Parser).Parse(0xc0009a5248, {0x9ae8e30, 0xc0033845f0})
	/home/runner/work/trivy/trivy/pkg/dependency/parser/conda/environment/parse.go:46 +0x2f1
github.com/aquasecurity/trivy/pkg/fanal/analyzer/language.Parse({0x833dc48, 0x11}, {0xc00383d[29](https://github.com/airis-labs/airis-banias/actions/runs/8998970710/job/24720201127#step:10:30)0, 0x28}, {0x9a488e0?, 0xc0033845f0?}, {0x9a5d520, 0xc0009a5248})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/language/analyze.go:52 +0xd7
github.com/aquasecurity/trivy/pkg/fanal/analyzer/language.Analyze({0x833dc48?, 0x11?}, {0xc00383d290, 0x28}, {0x9ae8e[30](https://github.com/airis-labs/airis-banias/actions/runs/8998970710/job/24720201127#step:10:31)?, 0xc0033845f0?}, {0x9a5d520?, 0xc0009a5248?})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/language/analyze.go:20 +0x73
github.com/aquasecurity/trivy/pkg/fanal/analyzer/language/conda/environment.environmentAnalyzer.Analyze({}, {0x0?, 0x0?}, {{0x7ffeb7a3d9df, 0x1}, {0xc00383d290, 0x28}, {0x9b05268, 0xc00383ed00}, {0x9ae8e30, ...}, ...})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/language/conda/environment/environment.go:25 +0x8e
github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x9afa688?, 0xd500f20}, {0x9af8650?, 0xc0033845f0?})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:4[32](https://github.com/airis-labs/airis-banias/actions/runs/8998970710/job/24720201127#step:10:33) +0x245
created by github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.AnalyzeFile in goroutine 1
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:427 +0x52e
@afdesk
Copy link

afdesk commented May 8, 2024

is this runtime error reproducible locally with trivy 0.51.1?

@afdesk
Copy link

afdesk commented May 8, 2024

it looks like the latest trivy has a bug with Conda, and it's known issue: aquasecurity/trivy#6659

@ziv-airis
Copy link
Author

ziv-airis commented May 8, 2024

Thank you for the quick response.
Is there an option to run trivy-action with the previous version?

@simar7
Copy link
Member

simar7 commented May 9, 2024

Thank you for the quick response.
Is there an option to run trivy-action with the previous version?

You can pin to the last release:

 - name: Scan for vulnerabilities
      uses: aquasecurity/[email protected]

@DmitriyLewen
Copy link
Contributor

FYI - fix for this problem has been merged - aquasecurity/trivy#6675

@simar7 simar7 closed this as completed May 14, 2024
@simar7 simar7 reopened this May 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants