fix(helm): properly handle multiple archived dependencies #7781
Labels
kind/bug
Categorizes issue or PR as related to a bug.
scan/misconfiguration
Issues relating to misconfiguration scanning
Milestone
Discussed in #7778
Originally posted by prezha October 23, 2024
Description
i think i found a bug in trivy that is causing a
file does not exist
issue while scanning tar-ed helm charts with with newer (ie, 0.55.0+) trivy versions - tl;dr:the bug was probably introduced in commit e95152f as part of the #7289, where a check was removed, which further means that it was probably introduced in trivy v0.55.0 but it was working in v0.54.1
btw, i have a pr proposal that might fix this issue, if you'd like to review, just let me know
Desired Behavior
trivy does not error while processing tar-ed helm charts
Actual Behavior
trivy errors with
file does not exist
while processing tar-ed helm chartsReproduction Steps
1. add eg, https://github.com/bitnami/charts/tree/main/bitnami/common v2.26.0 2. add eg, https://github.com/open-telemetry/opentelemetry-helm-charts/releases/tag/opentelemetry-collector-0.108.0 3. run 'trivy fs --scanners misconfig --debug --quiet=false .'
Target
Filesystem
Scanner
Misconfiguration
Output Format
None
Mode
Standalone
Debug Output
Operating System
openSUSE Tumbleweed, Ubuntu 22.04, macOS Sonoma 14.7
Version
Checklist
trivy clean --all
The text was updated successfully, but these errors were encountered: