You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GitHub updated the GHA runner's docker from 24 to 26 in actions/runner-images@619f9fd. Since then the trivy workflows in our repo broke.
Desired Behavior
Trivy working without the above patch.
Actual Behavior
2024-06-14T19:21:21+02:00 INFO Vulnerability scanning is enabled
2024-06-14T19:21:21+02:00 INFO Secret scanning is enabled
2024-06-14T19:21:21+02:00 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-14T19:21:21+02:00 INFO Please see also https://aquasecurity.github.io/trivy/dev/docs/scanner/secret/#recommendation for faster secret detection
2024-06-14T19:21:21+02:00 FATAL Fatal error image scan error: scan error: scan failed: failed analysis: unable to get the image's config file: failed parsing crea
ted : parsing time "" as "2006-01-02T15:04:05Z07:00": cannot parse "" as "2006"
Reproduction Steps
Check out e.g. https://github.com/TraceMachina/nativelink/commit/bf9edc9c0a034cfedaa51f039123cb29278d3f7e, enter the nix environment and run `local-image-test`.
This effectively creates a container image with an erased timestamp that triggers the failure.
Target
Container Image
Scanner
Vulnerability
Output Format
None
Mode
Standalone
Debug Output
2024-06-14T22:15:27+02:00 DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-06-14T22:15:27+02:00 DEBUG Ignore statuses statuses=[]
2024-06-14T22:15:27+02:00 DEBUG Cache dir dir="/home/aaron/.cache/trivy"
2024-06-14T22:15:27+02:00 DEBUG DB update was skipped because the local DB is the latest
2024-06-14T22:15:27+02:00 DEBUG DB info schema=2 updated_at=2024-06-14T18:11:12.454689304Z next_update=2024-06-15T00:11:12.454689174Z downloaded_at=2024-06-14T20:00:1
3.760242809Z
2024-06-14T22:15:27+02:00 INFO Vulnerability scanning is enabled
2024-06-14T22:15:27+02:00 DEBUG Vulnerability type type=[os library]
2024-06-14T22:15:27+02:00 INFO Secret scanning is enabled
2024-06-14T22:15:27+02:00 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-14T22:15:27+02:00 INFO Please see also https://aquasecurity.github.io/trivy/dev/docs/scanner/secret/#recommendation for faster secret detection
2024-06-14T22:15:27+02:00 DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json ter
raformplan-snapshot]
2024-06-14T22:15:27+02:00 DEBUG [secret] No secret config detected config_path="trivy-secret.yaml"
2024-06-14T22:15:27+02:00 DEBUG [nuget] The nuget packages directory couldn't be found. License search disabled2024-06-14T22:15:27+02:00 DEBUG [secret] No secret config detected config_path="trivy-secret.yaml"2024-06-14T22:15:27+02:00 DEBUG [image] Detected image ID image_id="sha256:5be469194a73a54dd0c065b816107c82f0d3f7a7b069a61389eb80dc9a2c55aa"2024-06-14T22:15:27+02:00 FATAL Fatal error - image scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.Run github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:422 - scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:266 - scan failed: github.com/aquasecurity/trivy/pkg/commands/artifact.scan github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:693 - failed analysis: github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact github.com/aquasecurity/trivy/pkg/scanner/scan.go:148 - unable to get the image's config file:
github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect
github.com/aquasecurity/trivy/pkg/fanal/artifact/image/image.go:85
- failed parsing created :
github.com/aquasecurity/trivy/pkg/fanal/image/daemon.(*image).ConfigFile
github.com/aquasecurity/trivy/pkg/fanal/image/daemon/image.go:115
- parsing time"" as "2006-01-02T15:04:05.999999999Z07:00": cannot parse "" as "2006"
Operating System
Linux 6.9.2-gentoo x86_64 GNU/Linux
Version
Version: v0.52.2
Vulnerability DB:
Version: 2
UpdatedAt: 2024-06-14 18:11:12.454689304 +0000 UTC
NextUpdate: 2024-06-15 00:11:12.454689174 +0000 UTC
DownloadedAt: 2024-06-14 20:00:13.760242809 +0000 UTC
Discussed in #6944
Originally posted by aaronmondal June 15, 2024
Description
GitHub updated the GHA runner's docker from 24 to 26 in actions/runner-images@619f9fd. Since then the trivy workflows in our repo broke.
Desired Behavior
Trivy working without the above patch.
Actual Behavior
Reproduction Steps
Check out e.g. https://github.com/TraceMachina/nativelink/commit/bf9edc9c0a034cfedaa51f039123cb29278d3f7e, enter the nix environment and run `local-image-test`. This effectively creates a container image with an erased timestamp that triggers the failure.
Target
Container Image
Scanner
Vulnerability
Output Format
None
Mode
Standalone
Debug Output
Operating System
Linux 6.9.2-gentoo x86_64 GNU/Linux
Version
Checklist
trivy image --reset
The text was updated successfully, but these errors were encountered: