Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Images with deleted timestamps break with Docker 26 #6947

Closed
2 tasks done
DmitriyLewen opened this issue Jun 17, 2024 Discussed in #6944 · 0 comments · Fixed by #6948
Closed
2 tasks done

Images with deleted timestamps break with Docker 26 #6947

DmitriyLewen opened this issue Jun 17, 2024 Discussed in #6944 · 0 comments · Fixed by #6948
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@DmitriyLewen
Copy link
Contributor

Discussed in #6944

Originally posted by aaronmondal June 15, 2024

Description

GitHub updated the GHA runner's docker from 24 to 26 in actions/runner-images@619f9fd. Since then the trivy workflows in our repo broke.

Desired Behavior

Trivy working without the above patch.

Actual Behavior

2024-06-14T19:21:21+02:00       INFO    Vulnerability scanning is enabled
2024-06-14T19:21:21+02:00       INFO    Secret scanning is enabled
2024-06-14T19:21:21+02:00       INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-14T19:21:21+02:00       INFO    Please see also https://aquasecurity.github.io/trivy/dev/docs/scanner/secret/#recommendation for faster secret detection
2024-06-14T19:21:21+02:00       FATAL   Fatal error     image scan error: scan error: scan failed: failed analysis: unable to get the image's config file: failed parsing crea
ted : parsing time "" as "2006-01-02T15:04:05Z07:00": cannot parse "" as "2006"

Reproduction Steps

Check out e.g. https://github.com/TraceMachina/nativelink/commit/bf9edc9c0a034cfedaa51f039123cb29278d3f7e, enter the nix environment and run `local-image-test`.

This effectively creates a container image with an erased timestamp that triggers the failure.

Target

Container Image

Scanner

Vulnerability

Output Format

None

Mode

Standalone

Debug Output

2024-06-14T22:15:27+02:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-06-14T22:15:27+02:00       DEBUG   Ignore statuses statuses=[]
2024-06-14T22:15:27+02:00       DEBUG   Cache dir       dir="/home/aaron/.cache/trivy"
2024-06-14T22:15:27+02:00       DEBUG   DB update was skipped because the local DB is the latest
2024-06-14T22:15:27+02:00       DEBUG   DB info schema=2 updated_at=2024-06-14T18:11:12.454689304Z next_update=2024-06-15T00:11:12.454689174Z downloaded_at=2024-06-14T20:00:1
3.760242809Z
2024-06-14T22:15:27+02:00       INFO    Vulnerability scanning is enabled
2024-06-14T22:15:27+02:00       DEBUG   Vulnerability type      type=[os library]
2024-06-14T22:15:27+02:00       INFO    Secret scanning is enabled
2024-06-14T22:15:27+02:00       INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-14T22:15:27+02:00       INFO    Please see also https://aquasecurity.github.io/trivy/dev/docs/scanner/secret/#recommendation for faster secret detection
2024-06-14T22:15:27+02:00       DEBUG   Enabling misconfiguration scanners      scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json ter
raformplan-snapshot]
2024-06-14T22:15:27+02:00       DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2024-06-14T22:15:27+02:00       DEBUG   [nuget] The nuget packages directory couldn't be found. License search disabled
2024-06-14T22:15:27+02:00       DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2024-06-14T22:15:27+02:00       DEBUG   [image] Detected image ID       image_id="sha256:5be469194a73a54dd0c065b816107c82f0d3f7a7b069a61389eb80dc9a2c55aa"
2024-06-14T22:15:27+02:00       FATAL   Fatal error
  - image scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:422
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:266
  - scan failed:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:693
  - failed analysis:
    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
        github.com/aquasecurity/trivy/pkg/scanner/scan.go:148
  - unable to get the image's config file:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect
        github.com/aquasecurity/trivy/pkg/fanal/artifact/image/image.go:85
  - failed parsing created :
    github.com/aquasecurity/trivy/pkg/fanal/image/daemon.(*image).ConfigFile
        github.com/aquasecurity/trivy/pkg/fanal/image/daemon/image.go:115
  - parsing time "" as "2006-01-02T15:04:05.999999999Z07:00": cannot parse "" as "2006"

Operating System

Linux 6.9.2-gentoo x86_64 GNU/Linux

Version

Version: v0.52.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-06-14 18:11:12.454689304 +0000 UTC
  NextUpdate: 2024-06-15 00:11:12.454689174 +0000 UTC
  DownloadedAt: 2024-06-14 20:00:13.760242809 +0000 UTC

Checklist

@DmitriyLewen DmitriyLewen added the kind/bug Categorizes issue or PR as related to a bug. label Jun 17, 2024
@DmitriyLewen DmitriyLewen self-assigned this Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant