Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

my trivy works in one region and fails another: aws ECR #1034

Closed
icecream-monster opened this issue Jun 1, 2021 · 1 comment
Closed

my trivy works in one region and fails another: aws ECR #1034

icecream-monster opened this issue Jun 1, 2021 · 1 comment
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@icecream-monster
Copy link

Description

What did you expect to happen?

Image can be scanned in both regions

What happened instead?

scan only works in us-east-1

Output of run with -debug:

trivy --debug image {aws_account_id}.dkr.ecr.us-west-2.amazonaws.com/{path}
2021-05-31T21:17:59.410-0700	DEBUG	Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2021-05-31T21:17:59.456-0700	DEBUG	cache dir:  /Users/estheray/Library/Caches/trivy
2021-05-31T21:17:59.457-0700	DEBUG	DB update was skipped because DB is the latest
2021-05-31T21:17:59.457-0700	DEBUG	DB Schema: 1, Type: 1, UpdatedAt: 2021-06-01 00:27:43.391427828 +0000 UTC, NextUpdate: 2021-06-01 12:27:43.391427428 +0000 UTC, DownloadedAt: 2021-06-01 03:36:18.378892 +0000 UTC
2021-05-31T21:17:59.459-0700	DEBUG	Vulnerability type:  [os library]
2021-05-31T21:18:00.444-0700	FATAL	scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.runWithTimeout
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:67
  - unable to initialize a scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:157
  - unable to initialize a docker scanner:
    github.com/aquasecurity/trivy/pkg/commands/artifact.dockerScanner
        /home/runner/work/trivy/trivy/pkg/commands/artifact/image.go:29
  - 3 errors occurred:
	* unable to inspect the image ({aws_account_id}.dkr.ecr.us-west-2.amazonaws.com/{path}): Error: No such image: {aws_account_id}.dkr.ecr.us-west-2.amazonaws.com/{path}
	* unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
	* GET https://{aws_account_id}.dkr.ecr.us-west-2.amazonaws.com/v2/{path}manifests/{tag}: DENIED: Your Authorization Token is invalid.

Output of trivy -v:

Version: 0.18.3
Vulnerability DB:
  Type: Light
  Version: 1
  UpdatedAt: 2021-06-01 00:27:43.391427828 +0000 UTC
  NextUpdate: 2021-06-01 12:27:43.391427428 +0000 UTC
  DownloadedAt: 2021-06-01 03:36:18.378892 +0000 UTC

Additional details (base image name, container registry info...):

AWS ECR

I have previous logged into aws ecr with:
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin {aws_account_id}.dkr.ecr.us-west-2.amazonaws.com/{path}
@icecream-monster icecream-monster added the kind/bug Categorizes issue or PR as related to a bug. label Jun 1, 2021
@icecream-monster icecream-monster mentioned this issue Jun 1, 2021
Closed
@icecream-monster
Copy link
Author

replica of: #1026

solved by setting default region in ~/.aws/config

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@icecream-monster