Addeding an OCI referrer using aquasecurity/trivy-plugin-referrer fails with "goroutine stack exceeds 1000000000-byte limit" #4398

nicholasdille · 2023-05-15T14:52:04Z

nicholasdille
May 15, 2023

Description

I am following the demo about OCI 1.1 referrers from KubeCon EU 2023. Unfortunately, the following command fails:

trivy image --quiet "127.0.0.1:5000/ubuntu:22.04" --scanners vuln --format cyclonedx | trivy referrer put

The output is as follows:

runtime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0xc0205004f0 stack=[0xc020500000, 0xc040500000]
fatal error: stack overflow

runtime stack:
runtime.throw({0x9e50b7?, 0xdb1f40?})
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/panic.go:1047 +0x5d fp=0xc000091e18 sp=0xc000091de8 pc=0x43537d
runtime.newstack()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/stack.go:1105 +0x5bd fp=0xc000091fc8 sp=0xc000091e18 pc=0x44e93d
runtime.morestack()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:574 +0x8b fp=0xc000091fd0 sp=0xc000091fc8 pc=0x464f8b

goroutine 1 [running]:
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0x48?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:199 +0x3e5 fp=0xc020500500 sp=0xc0205004f8 pc=0x8797e5
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020500808 sp=0xc020500500 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020500b10 sp=0xc020500808 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020500e18 sp=0xc020500b10 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020501120 sp=0xc020500e18 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020501428 sp=0xc020501120 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020501730 sp=0xc020501428 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020501a38 sp=0xc020501730 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020501d40 sp=0xc020501a38 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020502048 sp=0xc020501d40 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020502350 sp=0xc020502048 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020502658 sp=0xc020502350 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020502960 sp=0xc020502658 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020502c68 sp=0xc020502960 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020502f70 sp=0xc020502c68 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020503278 sp=0xc020502f70 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020503580 sp=0xc020503278 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020503888 sp=0xc020503580 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020503b90 sp=0xc020503888 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020503e98 sp=0xc020503b90 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205041a0 sp=0xc020503e98 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205044a8 sp=0xc0205041a0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205047b0 sp=0xc0205044a8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020504ab8 sp=0xc0205047b0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020504dc0 sp=0xc020504ab8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205050c8 sp=0xc020504dc0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205053d0 sp=0xc0205050c8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205056d8 sp=0xc0205053d0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205059e0 sp=0xc0205056d8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020505ce8 sp=0xc0205059e0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020505ff0 sp=0xc020505ce8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205062f8 sp=0xc020505ff0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020506600 sp=0xc0205062f8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020506908 sp=0xc020506600 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020506c10 sp=0xc020506908 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020506f18 sp=0xc020506c10 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020507220 sp=0xc020506f18 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020507528 sp=0xc020507220 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020507830 sp=0xc020507528 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020507b38 sp=0xc020507830 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020507e40 sp=0xc020507b38 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020508148 sp=0xc020507e40 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020508450 sp=0xc020508148 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020508758 sp=0xc020508450 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020508a60 sp=0xc020508758 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020508d68 sp=0xc020508a60 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020509070 sp=0xc020508d68 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020509378 sp=0xc020509070 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020509680 sp=0xc020509378 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020509988 sp=0xc020509680 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020509c90 sp=0xc020509988 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020509f98 sp=0xc020509c90 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050a2a0 sp=0xc020509f98 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050a5a8 sp=0xc02050a2a0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050a8b0 sp=0xc02050a5a8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050abb8 sp=0xc02050a8b0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050aec0 sp=0xc02050abb8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050b1c8 sp=0xc02050aec0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050b4d0 sp=0xc02050b1c8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050b7d8 sp=0xc02050b4d0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050bae0 sp=0xc02050b7d8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050bde8 sp=0xc02050bae0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050c0f0 sp=0xc02050bde8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050c3f8 sp=0xc02050c0f0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050c700 sp=0xc02050c3f8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050ca08 sp=0xc02050c700 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050cd10 sp=0xc02050ca08 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050d018 sp=0xc02050cd10 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050d320 sp=0xc02050d018 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050d628 sp=0xc02050d320 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050d930 sp=0xc02050d628 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050dc38 sp=0xc02050d930 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050df40 sp=0xc02050dc38 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050e248 sp=0xc02050df40 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050e550 sp=0xc02050e248 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050e858 sp=0xc02050e550 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050eb60 sp=0xc02050e858 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050ee68 sp=0xc02050eb60 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050f170 sp=0xc02050ee68 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050f478 sp=0xc02050f170 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050f780 sp=0xc02050f478 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050fa88 sp=0xc02050f780 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc02050fd90 sp=0xc02050fa88 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020510098 sp=0xc02050fd90 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205103a0 sp=0xc020510098 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205106a8 sp=0xc0205103a0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205109b0 sp=0xc0205106a8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020510cb8 sp=0xc0205109b0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020510fc0 sp=0xc020510cb8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205112c8 sp=0xc020510fc0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205115d0 sp=0xc0205112c8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205118d8 sp=0xc0205115d0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020511be0 sp=0xc0205118d8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020511ee8 sp=0xc020511be0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205121f0 sp=0xc020511ee8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0205124f8 sp=0xc0205121f0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020512800 sp=0xc0205124f8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020512b08 sp=0xc020512800 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0280?, 0xc0003a0690?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020512e10 sp=0xc020512b08 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010120, {0xc0003a0690?, 0xc0003a0280?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020513118 sp=0xc020512e10 pc=0x879706
...additional frames elided...

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004efb0 sp=0xc00004ef90 pc=0x438096
runtime.goparkunlock(...)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:387
runtime.forcegchelper()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:305 +0xb0 fp=0xc00004efe0 sp=0xc00004efb0 pc=0x437ed0
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004efe8 sp=0xc00004efe0 pc=0x466f21
created by runtime.init.6
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:293 +0x25

goroutine 3 [GC sweep wait]:
runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004f780 sp=0xc00004f760 pc=0x438096
runtime.goparkunlock(...)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:387
runtime.bgsweep(0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgcsweep.go:319 +0xde fp=0xc00004f7c8 sp=0xc00004f780 pc=0x423ffe
runtime.gcenable.func1()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:178 +0x26 fp=0xc00004f7e0 sp=0xc00004f7c8 pc=0x419286
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004f7e8 sp=0xc00004f7e0 pc=0x466f21
created by runtime.gcenable
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:178 +0x6b

goroutine 4 [GC scavenge wait]:
runtime.gopark(0xc00006c000?, 0xaaf850?, 0x0?, 0x0?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004ff70 sp=0xc00004ff50 pc=0x438096
runtime.goparkunlock(...)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:387
runtime.(*scavengerState).park(0xe00cc0)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgcscavenge.go:400 +0x53 fp=0xc00004ffa0 sp=0xc00004ff70 pc=0x421ef3
runtime.bgscavenge(0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgcscavenge.go:633 +0x65 fp=0xc00004ffc8 sp=0xc00004ffa0 pc=0x4224e5
runtime.gcenable.func2()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:179 +0x26 fp=0xc00004ffe0 sp=0xc00004ffc8 pc=0x419226
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004ffe8 sp=0xc00004ffe0 pc=0x466f21
created by runtime.gcenable
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:179 +0xaa

goroutine 5 [finalizer wait]:
runtime.gopark(0x438412?, 0x7fd53084cc28?, 0x0?, 0x0?, 0xc00004e770?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004e628 sp=0xc00004e608 pc=0x438096
runtime.runfinq()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mfinal.go:193 +0x107 fp=0xc00004e7e0 sp=0xc00004e628 pc=0x4182c7
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004e7e8 sp=0xc00004e7e0 pc=0x466f21
created by runtime.createfing
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mfinal.go:163 +0x45

goroutine 6 [GC worker (idle)]:
runtime.gopark(0x3351e7cc8d7d?, 0x0?, 0x0?, 0x0?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc000050750 sp=0xc000050730 pc=0x438096
runtime.gcBgMarkWorker()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:1275 +0xf1 fp=0xc0000507e0 sp=0xc000050750 pc=0x41aff1
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000507e8 sp=0xc0000507e0 pc=0x466f21
created by runtime.gcBgMarkStartWorkers
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:1199 +0x25

goroutine 17 [GC worker (idle)]:
runtime.gopark(0x3351fd43f13e?, 0x3?, 0xa?, 0xed?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004a750 sp=0xc00004a730 pc=0x438096
runtime.gcBgMarkWorker()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:1275 +0xf1 fp=0xc00004a7e0 sp=0xc00004a750 pc=0x41aff1
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004a7e8 sp=0xc00004a7e0 pc=0x466f21
created by runtime.gcBgMarkStartWorkers
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:1199 +0x25
Error: plugin error: plugin exec: exit status 2
Usage:
  trivy referrer [flags]

Flags:
  -h, --help   help for referrer

Global Flags:
      --cache-dir string          cache directory (default "/home/dillen/.cache/trivy")
  -c, --config string             config path (default "trivy.yaml")
  -d, --debug                     debug mode
      --generate-default-config   write the default config to trivy-default.yaml
      --insecure                  allow insecure server connections
  -q, --quiet                     suppress progress bar and log output
      --timeout duration          timeout (default 5m0s)
  -v, --version                   show version

2023-05-15T16:42:18.919+0200    FATAL   plugin error: plugin exec: exit status 2

I was able to reproduce this but in multiple versions of trivy (0.41.0, 0.40.0, 0.39.1, 0.39.0, 0.38.3)

Something similar was fixed in #3993.

Desired Behavior

trivy and the referrer plugin should add a referrer to the image in the registry.

Actual Behavior

trivy or the referrer plugin die.

Reproduction Steps

1. `docker container run --detach --name registry --publish "${REGISTRY}:5000" ghcr.io/oras-project/registry:v1.0.0-rc.4`
2. `docker pull "ubuntu:22.04"`
3. `docker tag "ubuntu:22.04" "127.0.0.1:5000/ubuntu:22.04"`
4. `docker push "127.0.0.1:5000/ubuntu:22.04"`
5. `trivy image --quiet "127.0.0.1:5000/ubuntu:22.04" --scanners vuln --format cyclonedx | trivy referrer put`
...

Target

Container Image

Scanner

Vulnerability

Output Format

CycloneDX

Mode

Standalone

Debug Output

$ trivy image --quiet "127.0.0.1:5000/ubuntu:22.04" --scanners vuln --format cyclonedx | trivy --debug referrer put
2023-05-15T16:49:48.543+0200    DEBUG   Unmarshaling CycloneDX JSON...
runtime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0xc0203f44f0 stack=[0xc0203f4000, 0xc0403f4000]
fatal error: stack overflow

runtime stack:
runtime.throw({0x9e50b7?, 0xdb1f40?})
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/panic.go:1047 +0x5d fp=0xc00005fe18 sp=0xc00005fde8 pc=0x43537d
runtime.newstack()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/stack.go:1105 +0x5bd fp=0xc00005ffc8 sp=0xc00005fe18 pc=0x44e93d
runtime.morestack()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:574 +0x8b fp=0xc00005ffd0 sp=0xc00005ffc8 pc=0x464f8b

goroutine 1 [running]:
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0x48?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:199 +0x3e5 fp=0xc0203f4500 sp=0xc0203f44f8 pc=0x8797e5
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f4808 sp=0xc0203f4500 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f4b10 sp=0xc0203f4808 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f4e18 sp=0xc0203f4b10 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f5120 sp=0xc0203f4e18 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f5428 sp=0xc0203f5120 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f5730 sp=0xc0203f5428 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f5a38 sp=0xc0203f5730 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f5d40 sp=0xc0203f5a38 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f6048 sp=0xc0203f5d40 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f6350 sp=0xc0203f6048 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f6658 sp=0xc0203f6350 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f6960 sp=0xc0203f6658 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f6c68 sp=0xc0203f6960 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f6f70 sp=0xc0203f6c68 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f7278 sp=0xc0203f6f70 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f7580 sp=0xc0203f7278 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f7888 sp=0xc0203f7580 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f7b90 sp=0xc0203f7888 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f7e98 sp=0xc0203f7b90 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f81a0 sp=0xc0203f7e98 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f84a8 sp=0xc0203f81a0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f87b0 sp=0xc0203f84a8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f8ab8 sp=0xc0203f87b0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f8dc0 sp=0xc0203f8ab8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f90c8 sp=0xc0203f8dc0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f93d0 sp=0xc0203f90c8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f96d8 sp=0xc0203f93d0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f99e0 sp=0xc0203f96d8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f9ce8 sp=0xc0203f99e0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203f9ff0 sp=0xc0203f9ce8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fa2f8 sp=0xc0203f9ff0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fa600 sp=0xc0203fa2f8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fa908 sp=0xc0203fa600 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fac10 sp=0xc0203fa908 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203faf18 sp=0xc0203fac10 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fb220 sp=0xc0203faf18 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fb528 sp=0xc0203fb220 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fb830 sp=0xc0203fb528 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fbb38 sp=0xc0203fb830 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fbe40 sp=0xc0203fbb38 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fc148 sp=0xc0203fbe40 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fc450 sp=0xc0203fc148 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fc758 sp=0xc0203fc450 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fca60 sp=0xc0203fc758 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fcd68 sp=0xc0203fca60 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fd070 sp=0xc0203fcd68 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fd378 sp=0xc0203fd070 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fd680 sp=0xc0203fd378 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fd988 sp=0xc0203fd680 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fdc90 sp=0xc0203fd988 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fdf98 sp=0xc0203fdc90 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fe2a0 sp=0xc0203fdf98 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fe5a8 sp=0xc0203fe2a0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203fe8b0 sp=0xc0203fe5a8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203febb8 sp=0xc0203fe8b0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203feec0 sp=0xc0203febb8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203ff1c8 sp=0xc0203feec0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203ff4d0 sp=0xc0203ff1c8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203ff7d8 sp=0xc0203ff4d0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203ffae0 sp=0xc0203ff7d8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0203ffde8 sp=0xc0203ffae0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204000f0 sp=0xc0203ffde8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204003f8 sp=0xc0204000f0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020400700 sp=0xc0204003f8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020400a08 sp=0xc020400700 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020400d10 sp=0xc020400a08 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020401018 sp=0xc020400d10 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020401320 sp=0xc020401018 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020401628 sp=0xc020401320 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020401930 sp=0xc020401628 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020401c38 sp=0xc020401930 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020401f40 sp=0xc020401c38 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020402248 sp=0xc020401f40 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020402550 sp=0xc020402248 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020402858 sp=0xc020402550 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020402b60 sp=0xc020402858 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020402e68 sp=0xc020402b60 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020403170 sp=0xc020402e68 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020403478 sp=0xc020403170 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020403780 sp=0xc020403478 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020403a88 sp=0xc020403780 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020403d90 sp=0xc020403a88 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020404098 sp=0xc020403d90 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204043a0 sp=0xc020404098 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204046a8 sp=0xc0204043a0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204049b0 sp=0xc0204046a8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020404cb8 sp=0xc0204049b0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020404fc0 sp=0xc020404cb8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204052c8 sp=0xc020404fc0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204055d0 sp=0xc0204052c8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204058d8 sp=0xc0204055d0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020405be0 sp=0xc0204058d8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020405ee8 sp=0xc020405be0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204061f0 sp=0xc020405ee8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc0204064f8 sp=0xc0204061f0 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020406800 sp=0xc0204064f8 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020406b08 sp=0xc020406800 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0000fff40?, 0xc0002b89b0?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020406e10 sp=0xc020406b08 pc=0x879706
github.com/aquasecurity/trivy/pkg/sbom/cyclonedx.(*CycloneDX).walkDependencies(0xc000010060, {0xc0002b89b0?, 0xc0000fff40?})
        /home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/sbom/cyclonedx/unmarshal.go:221 +0x306 fp=0xc020407118 sp=0xc020406e10 pc=0x879706
...additional frames elided...

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004efb0 sp=0xc00004ef90 pc=0x438096
runtime.goparkunlock(...)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:387
runtime.forcegchelper()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:305 +0xb0 fp=0xc00004efe0 sp=0xc00004efb0 pc=0x437ed0
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004efe8 sp=0xc00004efe0 pc=0x466f21
created by runtime.init.6
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:293 +0x25

goroutine 3 [GC sweep wait]:
runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004f780 sp=0xc00004f760 pc=0x438096
runtime.goparkunlock(...)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:387
runtime.bgsweep(0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgcsweep.go:319 +0xde fp=0xc00004f7c8 sp=0xc00004f780 pc=0x423ffe
runtime.gcenable.func1()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:178 +0x26 fp=0xc00004f7e0 sp=0xc00004f7c8 pc=0x419286
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004f7e8 sp=0xc00004f7e0 pc=0x466f21
created by runtime.gcenable
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:178 +0x6b

goroutine 4 [sleep]:
runtime.gopark(0xc00007a000?, 0x33bb29e90470?, 0x0?, 0x0?, 0xa2d920?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004ff30 sp=0xc00004ff10 pc=0x438096
runtime.goparkunlock(...)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:387
runtime.(*scavengerState).sleep(0xe00cc0, 0x4139106300000000)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgcscavenge.go:479 +0x125 fp=0xc00004ffa0 sp=0xc00004ff30 pc=0x422105
runtime.bgscavenge(0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgcscavenge.go:637 +0x7f fp=0xc00004ffc8 sp=0xc00004ffa0 pc=0x4224ff
runtime.gcenable.func2()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:179 +0x26 fp=0xc00004ffe0 sp=0xc00004ffc8 pc=0x419226
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004ffe8 sp=0xc00004ffe0 pc=0x466f21
created by runtime.gcenable
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:179 +0xaa

goroutine 17 [finalizer wait]:
runtime.gopark(0x438412?, 0x7f9fe72a4c28?, 0x0?, 0x0?, 0xc00004e770?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004e628 sp=0xc00004e608 pc=0x438096
runtime.runfinq()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mfinal.go:193 +0x107 fp=0xc00004e7e0 sp=0xc00004e628 pc=0x4182c7
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004e7e8 sp=0xc00004e7e0 pc=0x466f21
created by runtime.createfing
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mfinal.go:163 +0x45

goroutine 18 [GC worker (idle)]:
runtime.gopark(0xe32140?, 0x2?, 0x3b?, 0x4?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc00004a750 sp=0xc00004a730 pc=0x438096
runtime.gcBgMarkWorker()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:1275 +0xf1 fp=0xc00004a7e0 sp=0xc00004a750 pc=0x41aff1
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00004a7e8 sp=0xc00004a7e0 pc=0x466f21
created by runtime.gcBgMarkStartWorkers
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:1199 +0x25

goroutine 5 [GC worker (idle)]:
runtime.gopark(0x33bac7bc8114?, 0x3?, 0xc7?, 0x44?, 0x0?)
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/proc.go:381 +0xd6 fp=0xc000050750 sp=0xc000050730 pc=0x438096
runtime.gcBgMarkWorker()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:1275 +0xf1 fp=0xc0000507e0 sp=0xc000050750 pc=0x41aff1
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000507e8 sp=0xc0000507e0 pc=0x466f21
created by runtime.gcBgMarkStartWorkers
        /opt/hostedtoolcache/go/1.20.3/x64/src/runtime/mgc.go:1199 +0x25
Error: plugin error: plugin exec: exit status 2
Usage:
  trivy referrer [flags]

Flags:
  -h, --help   help for referrer

Global Flags:
      --cache-dir string          cache directory (default "/home/dillen/.cache/trivy")
  -c, --config string             config path (default "trivy.yaml")
  -d, --debug                     debug mode
      --generate-default-config   write the default config to trivy-default.yaml
      --insecure                  allow insecure server connections
  -q, --quiet                     suppress progress bar and log output
      --timeout duration          timeout (default 5m0s)
  -v, --version                   show version

2023-05-15T16:49:49.053+0200    FATAL   plugin error: plugin exec: exit status 2

Operating System

Ubuntu 22.04

Version

$ trivy --version
Version: 0.41.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-05-15 12:08:57.778758972 +0000 UTC
  NextUpdate: 2023-05-15 18:08:57.778758572 +0000 UTC
  DownloadedAt: 2023-05-15 12:33:02.724700401 +0000 UTC

Checklist

Run trivy --reset
Read the troubleshooting

knqyf263 · 2023-05-16T02:32:32Z

knqyf263
May 16, 2023
Maintainer

Thanks for raising an issue. It is an error from the plugin. Could you open it here?

1 reply

nicholasdille May 16, 2023
Author

Will do. Thanks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Addeding an OCI referrer using aquasecurity/trivy-plugin-referrer fails with "goroutine stack exceeds 1000000000-byte limit" #4398

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Addeding an OCI referrer using aquasecurity/trivy-plugin-referrer fails with "goroutine stack exceeds 1000000000-byte limit" #4398

nicholasdille May 15, 2023

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 1 comment · 1 reply

knqyf263 May 16, 2023 Maintainer

nicholasdille May 16, 2023 Author

nicholasdille
May 15, 2023

Replies: 1 comment 1 reply

knqyf263
May 16, 2023
Maintainer

nicholasdille May 16, 2023
Author