You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Container scan fails with a permissions issue related to internal trivy directories:
> trivy --debug image factorhouse/kpow-ee:92.3
..
open /var/folders/sy/5ps2fmdj7t9bg8zbwvc3k27w0000gn/T/analyzer-fs-1955605263/file-2599813741: permission denied
Background
We push containers to ArtifactHub who scan them with trivy.
On 19/05/23 our containers (including historic ones that had previously scanned just fine) started to fail with this 'permission denied' error. See: artifacthub/hub#3152
Our container is fairly simple, it just contains a Java JAR file and little else.
Further, I find if I scan very old version of our container they work, up to version 73.
Discussed in #6076
Originally posted by d-t-w February 7, 2024
Description
Container scan fails with a permissions issue related to internal trivy directories:
Background
We push containers to ArtifactHub who scan them with trivy.
On 19/05/23 our containers (including historic ones that had previously scanned just fine) started to fail with this 'permission denied' error. See: artifacthub/hub#3152
Our container is fairly simple, it just contains a Java JAR file and little else.
Further, I find if I scan very old version of our container they work, up to version 73.
From version 74 they fail.
There is non significant difference in the dockerfile between v73 and v74.
Note: ArtifactHub very happily scanned version 74+ until they presumably updated their trivy dependency.
Related issues:
These are not my project, but appear to be the same root cause.
goharbor/harbor#18824
goharbor/harbor#19405
Desired Behavior
I expect trivy to scan the container successfully (as it has previously done).
Actual Behavior
Trivy no longer scans the container correctly
Reproduction Steps
Target
Container Image
Scanner
Vulnerability
Output Format
Table
Mode
Standalone
Debug Output
Operating System
macOS Monterey
Version
Checklist
trivy image --reset
The text was updated successfully, but these errors were encountered: