Docker image mis-configuration scanning not working #5728

nikpivkin · 2023-12-05T11:08:34Z

Discussed in #5723

^{Originally posted by raesene December 5, 2023}

Description

In the latest version of Trivy the mis-configuration scanning of Docker images does not appear to be working. Running the image mis-configuration scanner just produces an empty list.

Running with trivy 0.43 worked as expected

trivy version
Version: 0.43.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-07-03 06:12:33.132202782 +0000 UTC
  NextUpdate: 2023-07-03 12:12:33.132202482 +0000 UTC
  DownloadedAt: 2023-07-03 07:50:17.020284669 +0000 UTC

rorym in 🌐 cuilean in  ⛵ kind-kind () ~
trivy image --image-config-scanners config alpine:3.17
2023-12-05T08:17:14.202Z	INFO	Need to update DB
2023-12-05T08:17:14.202Z	INFO	DB Repository: ghcr.io/aquasecurity/trivy-db
2023-12-05T08:17:14.202Z	INFO	Downloading DB...
41.10 MiB / 41.10 MiB [-------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 11.42 MiB p/s 3.8s
2023-12-05T08:17:18.870Z	INFO	Container image config scanners: ["config"]
2023-12-05T08:17:18.870Z	INFO	Vulnerability scanning is enabled
2023-12-05T08:17:18.870Z	INFO	Misconfiguration scanning is enabled
2023-12-05T08:17:18.870Z	INFO	Need to update the built-in policies
2023-12-05T08:17:18.870Z	INFO	Downloading the built-in policies...
44.66 KiB / 44.66 KiB [--------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s 100ms
2023-12-05T08:17:19.893Z	INFO	Secret scanning is enabled
2023-12-05T08:17:19.894Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-05T08:17:19.894Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.43/docs/scanner/secret/#recommendation for faster secret detection
2023-12-05T08:17:22.845Z	INFO	Detected OS: alpine
2023-12-05T08:17:22.845Z	INFO	Detecting Alpine vulnerabilities...
2023-12-05T08:17:22.846Z	INFO	Number of language-specific files: 0
2023-12-05T08:17:22.846Z	INFO	Detected config files: 1

alpine:3.17 (alpine 3.17.6)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


alpine:3.17 (dockerfile)

Tests: 26 (SUCCESSES: 23, FAILURES: 3, EXCEPTIONS: 0)
Failures: 3 (UNKNOWN: 0, LOW: 2, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

But running the same command with 0.47 doesn't find the Docker config

trivy image --image-config-scanners config alpine:3.17
2023-12-05T08:19:09.990Z	INFO	Container image config scanners: ["config"]
2023-12-05T08:19:09.990Z	INFO	Vulnerability scanning is enabled
2023-12-05T08:19:09.991Z	INFO	Misconfiguration scanning is enabled
2023-12-05T08:19:09.991Z	INFO	Secret scanning is enabled
2023-12-05T08:19:09.991Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-05T08:19:09.991Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.47/docs/scanner/secret/#recommendation for faster secret detection
2023-12-05T08:19:11.647Z	INFO	Detected OS: alpine
2023-12-05T08:19:11.647Z	INFO	Detecting Alpine vulnerabilities...
2023-12-05T08:19:11.648Z	INFO	Number of language-specific files: 0

alpine:3.17 (alpine 3.17.6)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Desired Behavior

Ideally the docker mis-configuration scans should run and find things like image running as root

Actual Behavior

mis-configuration scanners did not run.

Reproduction Steps

1. download trivy 0.47
2. run `trivy image --image-config-scanners config alpine:3.17`
3. observe no findings :)
...

Target

Container Image

Scanner

Misconfiguration

Output Format

Table

Mode

Standalone

Debug Output

trivy image --image-config-scanners config alpine:3.17 --debug
2023-12-05T08:23:56.251Z	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-12-05T08:23:56.252Z	DEBUG	Ignore statuses	{"statuses": null}
2023-12-05T08:23:56.252Z	DEBUG	cache dir:  /home/rorym/.cache/trivy
2023-12-05T08:23:56.252Z	DEBUG	DB update was skipped because the local DB is the latest
2023-12-05T08:23:56.252Z	DEBUG	DB Schema: 2, UpdatedAt: 2023-12-05 06:11:59.667121446 +0000 UTC, NextUpdate: 2023-12-05 12:11:59.667121065 +0000 UTC, DownloadedAt: 2023-12-05 08:17:18.870408006 +0000 UTC
2023-12-05T08:23:56.252Z	INFO	Container image config scanners: ["config"]
2023-12-05T08:23:56.252Z	INFO	Vulnerability scanning is enabled
2023-12-05T08:23:56.252Z	DEBUG	Vulnerability type:  [os library]
2023-12-05T08:23:56.252Z	INFO	Misconfiguration scanning is enabled
2023-12-05T08:23:56.252Z	DEBUG	Policies successfully loaded from disk
2023-12-05T08:23:56.253Z	INFO	Secret scanning is enabled
2023-12-05T08:23:56.253Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-12-05T08:23:56.253Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.47/docs/scanner/secret/#recommendation for faster secret detection
2023-12-05T08:23:57.267Z	DEBUG	No secret config detected: trivy-secret.yaml
2023-12-05T08:23:57.267Z	DEBUG	The nuget packages directory couldn't be found. License search disabled
2023-12-05T08:23:57.291Z	DEBUG	No secret config detected: trivy-secret.yaml
2023-12-05T08:23:57.523Z	DEBUG	Image ID: sha256:7997ad530b088ce1ef0b5e4a705600db0e62a2fd399e3639722b81ebe596d67d
2023-12-05T08:23:57.523Z	DEBUG	Diff IDs: [sha256:617df26c9e2bec4e63eed45acaa78b253ac74e1cd0dd74da35b050f3ef707d47]
2023-12-05T08:23:57.523Z	DEBUG	Base Layers: []
2023-12-05T08:23:57.537Z	INFO	Detected OS: alpine
2023-12-05T08:23:57.537Z	INFO	Detecting Alpine vulnerabilities...
2023-12-05T08:23:57.537Z	DEBUG	alpine: os version: 3.17
2023-12-05T08:23:57.537Z	DEBUG	alpine: package repository: 3.17
2023-12-05T08:23:57.537Z	DEBUG	alpine: the number of packages: 15
2023-12-05T08:23:57.538Z	INFO	Number of language-specific files: 0

alpine:3.17 (alpine 3.17.6)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)



### Operating System

Linux Ubuntu 22.04

### Version

```bash
trivy --version
Version: 0.47.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-12-05 06:11:59.667121446 +0000 UTC
  NextUpdate: 2023-12-05 12:11:59.667121065 +0000 UTC
  DownloadedAt: 2023-12-05 08:17:18.870408006 +0000 UTC
Policy Bundle:
  Digest: sha256:1df8ade71efc830877ca3b1130f83e0c6368e3a45b0d4c0f0418955501644054
  DownloadedAt: 2023-12-05 08:17:19.890227541 +0000 UTC



### Checklist

- [X] Run `trivy image --reset`
- [X] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)</div>

The text was updated successfully, but these errors were encountered:

nikpivkin added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Dec 5, 2023

nikpivkin mentioned this issue Dec 5, 2023

fix(misconf): add an image misconf to result #5731

Merged

6 tasks

simar7 added this to the v0.49.0 milestone Dec 5, 2023

simar7 assigned simar7 and nikpivkin Dec 5, 2023

knqyf263 closed this as completed in #5731 Dec 6, 2023

simar7 mentioned this issue Jan 23, 2024

chore(deps): Update misconfig deps #5956

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Docker image mis-configuration scanning not working #5728

Docker image mis-configuration scanning not working #5728

nikpivkin commented Dec 5, 2023

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Docker image mis-configuration scanning not working #5728

Docker image mis-configuration scanning not working #5728

Comments

nikpivkin commented Dec 5, 2023

Discussed in #5723

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output