ArtifactHub 'Something went wrong scanning repository' Emails

[d-t-w]

On May 19th I started receiving emails from [email protected]

I have received hundreds of emails now, sometimes dozens in a day. Many of them relate to old versions of our chart. Can you stop emailing me please? I'm not sure that there is anything I can do to fix the trivy error they describe.

---

Title: Something went wrong scanning repository kpow

error scanning image operatr/kpow:89.2: error running trivy on image operatr/kpow:89.2: 2023-05-19T11:51:52.577Z [33mWARN [0m '--security-checks' is deprecated. Use '--scanners' instead.

2023-05-19T11:51:57.691Z [31mFATAL [0m image scan error: scan error: scan failed: failed analysis: analyze error: failed to analyze layer (sha256:9784e2e285b4352b08d784ee5e9c171681f81e6b1ed9c4af3704e98a2972ed03): post analysis error: post analysis error: walk dir error: file open error: open /tmp/layers-334468937/layer-file-2226061772: permission denied

(package kpow:1.0.37)

This is our helm chart https://artifacthub.io/packages/helm/kpow/kpow

[tegioz]

Hi @d-t-w 👋

You can opt out of those notifications from the control panel if you'd like.

Hope that helps 🙂

[d-t-w]

Thanks @tegioz I will just opt out.

Is this a sign of a deeper system bug though? None of our chart versions are being security scanned anymore (they all appear to be continuously failing to scan with the error in the email).

[tegioz]

No worries!

Do you mean a problem in AH affecting more packages? I don't think so because I've just checked quite a few and they all seem to have been scanned successfully within the last 24 hours as expected (I went through some in the top starred list).

Please keep in mind that the error you got comes directly from Trivy. You can actually reproduce it by running the following command locally:

$ trivy image operatr/kpow:89.2
2023-06-29T12:06:01.128+0200	FATAL	image scan error: scan error: scan failed: failed analysis: analyze error: pipeline error: failed to analyze layer (sha256:9784e2e285b4352b08d784ee5e9c171681f81e6b1ed9c4af3704e98a2972ed03): post analysis error: post analysis error: walk dir error: file open error: open /var/folders/xf/_lrkngc93b307_rchkx37bp40000gn/T/analyzer-fs-818305202/file-4176839629: permission denied

It'd be great if you could investigate this a bit further and, if there was a problem with Trivy, report it to them. It's possible that, if there was an issue in Trivy, it has already been fixed and we haven't upgraded to that version yet though.

[tegioz]

It's possible that, if there was an issue in Trivy, it has already been fixed and we haven't upgraded to that version yet though.

Although I just tried locally with Trivy 0.42.1, which I think it's the latest version available (but not the one used in AH in prod yet).

[tegioz]

Will close this one for now, please feel free to reopen if needed 🙂

If you find out what's causing the error when Trivy scans your images we'd appreciate if you could share it with us, just in case other users encounter the same problem 😇

[d-t-w]

Thanks @tegioz if I get to the bottom of it I'll add details here.

[d-t-w]

Resolved by aquasecurity/trivy#6373

[tegioz]

Awesome, thanks!