-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
goroutine stack exceeds 1000000000-byte limit - trivy sbom 0.39.0 #3993
Comments
Hello @johanngyger I created #3998 to fix this problem( i wrote in discription why this happens). Regards, Dmitriy. |
This issue is not a regression in Trivy 0.39.0. I can reproduce it at least back to Trivy 0.36.0. |
v0.39.1 includes this fix. |
I am stll experiencing this issue: aquasecurity/trivy-operator#1938 |
Hello @KateFiroozi We updated the SBOM logic in version 0.50.0. Can you try using this version? Regards, Dmitriy |
Is it available in trivy-operator helm chart? https://artifacthub.io/packages/helm/trivy-operator/trivy-operator Trivy-operator:
|
I have also scan-vuln jobs that fail due to: |
No, can you use `aquasec/trivy:0.50.0 image? |
I need this updates available in trivy-operator image then |
This error may appear if the Rego file for filtering results is empty. |
I have identical values file/configuration for 3 pretty similar cluster in their workload clusters. I have ignore list for few CVEs and some policies. This has worked before in all 3 and still woks just fine in 2 others clusters (If I understand your comment correctly).
|
You can see this error if you rego file is empty: ➜ cat trivy.rego
➜ trivy -q image --ignore-policy ./trivy.rego alpine
2024-03-27T11:23:25.484+0600 FATAL filter error: filtering error: unable to filter vulnerabilities: failed to apply the policy: unable to prepare for eval: 1 error occurred: trivy.rego:0: rego_parse_error: empty module |
But how do I solve this issue then? |
This is due to the |
Hi folks. I've tried 0.50 recently and bumped on the similar issue when collecting sbom from a root fs directory. Command line
|
Hello @snoskov-amzn |
SBOM is not created (i.e. created with zero size) in that case, because trivy panics, so I can't scan this one. But I didn't see panics with other SBOMs. |
I need to see wrong SBOM file to fix this panic.
I checked your log: We have removed |
I've checked it with the latest version - 0.50.1 and I don't see stack overflows now. Thank you and sorry for the confusion! |
I have created following: aquasecurity/trivy-operator#1984 |
Description
trivy sbom leads to stack overflow
What did you expect to happen?
No stack overflow
What happened instead?
Trivy crashed with a stack overflow
Output of run with
-debug
:Output of
trivy -v
:Additional details (base image name, container registry info...):
Various SBOMs are affected. They have been generated with
trivy image --format cyclonedx
.The text was updated successfully, but these errors were encountered: