Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: Image scanning panics when using certain combination of options #6613

Closed
2 tasks done
simar7 opened this issue May 2, 2024 Discussed in #6610 · 3 comments · Fixed by #6619
Closed
2 tasks done

bug: Image scanning panics when using certain combination of options #6613

simar7 opened this issue May 2, 2024 Discussed in #6610 · 3 comments · Fixed by #6619
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning

Comments

@simar7
Copy link
Member

simar7 commented May 2, 2024

Discussed in #6610

Originally posted by psg18dhc May 2, 2024

Description

When trying to scan a container image on the ClI with 0.50. i cannot combine these cli parameters as it crashes. - when combined with --compliance docker-cis

trivy image $Registry/$ImageName --compliance docker-cis --scanners misconfig --scanners license

Desired Behavior

Expect trivy to scan for misconfiguration and oss licences together

Actual Behavior

Scanning docker.io/alpine:latest using Vulns, Secret Scanning, CIS Compliance and Misconfigurations
2024-05-02T17:25:20.519+0100 INFO Container image config scanners: ["misconfig" "secret"]
2024-05-02T17:25:20.519+0100 INFO Vulnerability scanning is enabled
2024-05-02T17:25:20.519+0100 INFO Misconfiguration scanning is enabled
2024-05-02T17:25:20.682+0100 INFO Detected OS: alpine
2024-05-02T17:25:20.683+0100 INFO Detecting Alpine vulnerabilities...
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x1c0 pc=0x4cd23cd]

goroutine 1 [running]:
go.etcd.io/bbolt.(*DB).beginTx(0x0)
/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:730 +0x2d
go.etcd.io/bbolt.(*DB).Begin(0xc001cdf680?, 0xa0?)
/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:723 +0x25
go.etcd.io/bbolt.(*DB).View(0x20?, 0xc003c6ce68)
/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:901 +0x30
github.com/aquasecurity/trivy-db/pkg/db.Config.forEach({}, {0xc003275880?, 0x2, 0x2})
/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/db.go:186 +0xe5
github.com/aquasecurity/trivy-db/pkg/db.Config.ForEachAdvisory(...)
/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/advisory.go:20
github.com/aquasecurity/trivy-db/pkg/db.Config.GetAdvisories({}, {0xc000bf4d10, 0xb}, {0xc000de1bc0, 0x11})
/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/advisory.go:24 +0xd9
github.com/aquasecurity/trivy-db/pkg/vulnsrc/alpine.VulnSrc.Get({{0x96300a8?, 0xcc9a940?}}, {0xc000bf4c9c?, 0xc00274e000?}, {0xc000de1bc0, 0x11})
/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/vulnsrc/alpine/alpine.go:119 +0xa7
github.com/aquasecurity/trivy/pkg/detector/ospkg/alpine.(*Scanner).Detect(0xc0017c03a0, {0xc00033a006, 0x6}, 0xc00033a000?, {0xc001e78000, 0xf, 0xc00274e000?})
/home/runner/work/trivy/trivy/pkg/detector/ospkg/alpine/alpine.go:91 +0x478
github.com/aquasecurity/trivy/pkg/detector/ospkg.Detect({0x96073f0, 0xc00133c770}, {0x0?, 0x3afe?}, {0xc00033a000, 0x6}, {0xc00033a006, 0x6}, 0xc001e70120?, {0x0, ...}, ...)
/home/runner/work/trivy/trivy/pkg/detector/ospkg/detect.go:76 +0xfb
github.com/aquasecurity/trivy/pkg/scanner/ospkg.(*scanner).Scan(, {, }, {{0x7ffdcb2be0c6, 0x17}, {{0xc00033a000, 0x6}, {0xc00033a006, 0x6}, 0x0, ...}, ...}, ...)
/home/runner/work/trivy/trivy/pkg/scanner/ospkg/scan.go:54 +0x17d
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.scanVulnerabilities({{, }, {, }, {, }, {{, }}}, {0x96073f0, 0xc00133c770}, ...)
/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:176 +0x165
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.ScanTarget({{, }, {, }, {, }, {{, }}}, {0x96073f0, 0xc00133c770}, ...)
/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:124 +0x51e
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.Scan({{0x9558e20, 0xc00391ecf0}, {0x9579f20, 0xcc9a940}, {, }, {{, }}}, {0x96073f0, 0xc00133c770}, ...)
/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:101 +0xcbe
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{, }, {, }}, {, }, {{0xc003274560, 0x2, 0x2}, {0xc00391ea80, ...}, ...})
/home/runner/work/trivy/trivy/pkg/scanner/scan.go:156 +0x2d7
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({, }, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0xc00335d340, ...}, ...}, ...}, ...)
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:708 +0x397
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(, {, }, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...}, ...)
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:267 +0xac
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanImage(, {, }, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, ...}, ...})
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:187 +0x134
github.com/aquasecurity/trivy/pkg/commands/artifact.Run({, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x45d964b800, {0xc00335d340, ...}, ...}, ...}, ...)
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:424 +0xbad
github.com/aquasecurity/trivy/pkg/commands.NewImageCommand.func2(0xc000005200, {0xc00132e310?, 0x1?, 0x7?})
/home/runner/work/trivy/trivy/pkg/commands/app.go:307 +0xf2
github.com/spf13/cobra.(*Command).execute(0xc000005200, {0xc00132e2a0, 0x7, 0x7})
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:983 +0xabc
github.com/spf13/cobra.(*Command).ExecuteC(0xc000004f00)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1115 +0x3ff
github.com/spf13/cobra.(*Command).Execute(0x7fe77d0?)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1039 +0x13
main.run()
/home/runner/work/trivy/trivy/cmd/trivy/main.go:35 +0x198
main.main()
/home/runner/work/trivy/trivy/cmd/trivy/main.go:17 +0x13

Reproduction Steps

trivy image docker.io/ubuntu --compliance docker-cis  --scanners misconfig --scanners license

Target

Container Image

Scanner

License

Output Format

Table

Mode

Standalone

Debug Output

$ trivy image docker.io/ubuntu --compliance docker-cis  --scanners misconfig --scanners license --debug
2024-05-02T17:29:00.878+0100	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-05-02T17:29:00.884+0100	DEBUG	Ignore statuses	{"statuses": null}
2024-05-02T17:29:00.887+0100	DEBUG	cache dir:  /home/admin/.cache/trivy
2024-05-02T17:29:00.887+0100	INFO	Container image config scanners: ["misconfig" "secret"]
2024-05-02T17:29:00.887+0100	INFO	Vulnerability scanning is enabled
2024-05-02T17:29:00.887+0100	DEBUG	Vulnerability type:  [os library]
2024-05-02T17:29:00.887+0100	INFO	Misconfiguration scanning is enabled
2024-05-02T17:29:00.887+0100	DEBUG	Policies successfully loaded from disk
2024-05-02T17:29:00.887+0100	DEBUG	Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-05-02T17:29:00.900+0100	DEBUG	The nuget packages directory couldn't be found. License search disabled
2024-05-02T17:29:00.951+0100	DEBUG	Image ID: sha256:ca2b0f26964cf2e80ba3e084d5983dab293fdb87485dc6445f3f7bbfc89d7459
2024-05-02T17:29:00.951+0100	DEBUG	Diff IDs: [sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591]
2024-05-02T17:29:00.951+0100	DEBUG	Base Layers: []
2024-05-02T17:29:00.996+0100	INFO	Detected OS: ubuntu
2024-05-02T17:29:00.996+0100	INFO	Detecting Ubuntu vulnerabilities...
2024-05-02T17:29:00.996+0100	DEBUG	ubuntu: os version: 22.04
2024-05-02T17:29:00.996+0100	DEBUG	ubuntu: the number of packages: 101
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x1c0 pc=0x4cd23cd]

goroutine 1 [running]:
go.etcd.io/bbolt.(*DB).beginTx(0x0)
	/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:730 +0x2d
go.etcd.io/bbolt.(*DB).Begin(0xc002f84570?, 0x0?)
	/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:723 +0x25
go.etcd.io/bbolt.(*DB).View(0x20?, 0xc0037bae80)
	/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:901 +0x30
github.com/aquasecurity/trivy-db/pkg/db.Config.forEach({}, {0xc003a7f8e0?, 0x2, 0x2})
	/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/db.go:186 +0xe5
github.com/aquasecurity/trivy-db/pkg/db.Config.ForEachAdvisory(...)
	/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/advisory.go:20
github.com/aquasecurity/trivy-db/pkg/db.Config.GetAdvisories({}, {0xc0038bea10, 0xc}, {0xc003bd4060, 0x7})
	/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/advisory.go:24 +0xd9
github.com/aquasecurity/trivy-db/pkg/vulnsrc/ubuntu.VulnSrc.Get({0x88754c0?, {0x96300a8?, 0xcc9a940?}}, {0xc003bd4016?, 0xff?}, {0xc003bd4060, 0x7})
	/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/vulnsrc/ubuntu/ubuntu.go:142 +0xb5
github.com/aquasecurity/trivy/pkg/detector/ospkg/ubuntu.(*Scanner).Detect(0xc0017b81c8, {0xc003bd4016, 0x5}, 0xc003bd4010?, {0xc00112a000, 0x65, 0xc0013304e8?})
	/home/runner/work/trivy/trivy/pkg/detector/ospkg/ubuntu/ubuntu.go:87 +0x28f
github.com/aquasecurity/trivy/pkg/detector/ospkg.Detect({0x96073f0, 0xc0017ce000}, {0x0?, 0x3afc?}, {0xc003bd4010, 0x6}, {0xc003bd4016, 0x5}, 0xc0035f2e10?, {0x0, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/detector/ospkg/detect.go:76 +0xfb
github.com/aquasecurity/trivy/pkg/scanner/ospkg.(*scanner).Scan(_, {_, _}, {{0x7ffcb3c7c0c5, 0x10}, {{0xc003bd4010, 0x6}, {0xc003bd4016, 0x5}, 0x0, ...}, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/scanner/ospkg/scan.go:54 +0x17d
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.scanVulnerabilities({{_, _}, {_, _}, {_, _}, {{_, _}}}, {0x96073f0, 0xc0017ce000}, ...)
	/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:176 +0x165
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.ScanTarget({{_, _}, {_, _}, {_, _}, {{_, _}}}, {0x96073f0, 0xc0017ce000}, ...)
	/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:124 +0x51e
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.Scan({{0x9558e20, 0xc003594b90}, {0x9579f20, 0xcc9a940}, {_, _}, {{_, _}}}, {0x96073f0, 0xc0017ce000}, ...)
	/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:101 +0xcbe
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{_, _}, {_, _}}, {_, _}, {{0xc003a7e840, 0x2, 0x2}, {0xc003594820, ...}, ...})
	/home/runner/work/trivy/trivy/pkg/scanner/scan.go:156 +0x2d7
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({_, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0xc003600ae0, ...}, ...}, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:708 +0x397
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(_, {_, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:267 +0xac
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanImage(_, {_, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...})
	/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:187 +0x134
github.com/aquasecurity/trivy/pkg/commands/artifact.Run({_, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0xc003600ae0, ...}, ...}, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:424 +0xbad
github.com/aquasecurity/trivy/pkg/commands.NewImageCommand.func2(0xc000ac7200, {0xc00386f580?, 0x1?, 0x8?})
	/home/runner/work/trivy/trivy/pkg/commands/app.go:307 +0xf2
github.com/spf13/cobra.(*Command).execute(0xc000ac7200, {0xc00386f500, 0x8, 0x8})
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:983 +0xabc
github.com/spf13/cobra.(*Command).ExecuteC(0xc000005b00)
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1115 +0x3ff
github.com/spf13/cobra.(*Command).Execute(0x7fe77d0?)
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1039 +0x13
main.run()
	/home/runner/work/trivy/trivy/cmd/trivy/main.go:35 +0x198
main.main()
	/home/runner/work/trivy/trivy/cmd/trivy/main.go:17 +0x13


After resetting it still fails

$ trivy image --reset
2024-05-02T17:35:48.500+0100	INFO	Removing DB file...
2024-05-02T17:35:48.660+0100	INFO	Removing artifact caches...
[gse-admin@gse-jenkins-agent01 ~]$ trivy image docker.io/ubuntu --compliance docker-cis  --scanners misconfig --scanners license --debug
2024-05-02T17:35:54.364+0100	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-05-02T17:35:54.364+0100	DEBUG	Ignore statuses	{"statuses": null}
2024-05-02T17:35:54.371+0100	DEBUG	cache dir:  /home/admin/.cache/trivy
2024-05-02T17:35:54.371+0100	INFO	Container image config scanners: ["misconfig" "secret"]
2024-05-02T17:35:54.371+0100	INFO	Vulnerability scanning is enabled
2024-05-02T17:35:54.372+0100	DEBUG	Vulnerability type:  [os library]
2024-05-02T17:35:54.372+0100	INFO	Misconfiguration scanning is enabled
2024-05-02T17:35:54.372+0100	DEBUG	Failed to open the policy metadata: open /home/admin/.cache/trivy/policy/metadata.json: no such file or directory
2024-05-02T17:35:54.372+0100	INFO	Need to update the built-in policies
2024-05-02T17:35:54.372+0100	INFO	Downloading the built-in policies...
2024-05-02T17:35:54.372+0100	DEBUG	Using URL: ghcr.io/aquasecurity/trivy-policies:0 to load policy bundle
50.41 KiB / 50.41 KiB [----------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s 100ms
2024-05-02T17:35:54.789+0100	DEBUG	Digest of the built-in policies: sha256:aa1640957b796d93a0ffc5d91237ee6b7ed9467b8f1825279384d29f91b9e590
2024-05-02T17:35:54.790+0100	DEBUG	Policies successfully loaded from disk
2024-05-02T17:35:54.790+0100	DEBUG	Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-05-02T17:35:54.905+0100	DEBUG	The nuget packages directory couldn't be found. License search disabled
2024-05-02T17:35:54.917+0100	DEBUG	Image ID: sha256:ca2b0f26964cf2e80ba3e084d5983dab293fdb87485dc6445f3f7bbfc89d7459
2024-05-02T17:35:54.918+0100	DEBUG	Diff IDs: [sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591]
2024-05-02T17:35:54.918+0100	DEBUG	Base Layers: []
2024-05-02T17:35:54.963+0100	DEBUG	Missing image ID in cache: sha256:ca2b0f26964cf2e80ba3e084d5983dab293fdb87485dc6445f3f7bbfc89d7459
2024-05-02T17:35:54.963+0100	DEBUG	Missing diff ID in cache: sha256:5498e8c22f6996f25ef193ee58617d5b37e2a96decf22e72de13c3b34e147591
2024-05-02T17:35:59.169+0100	DEBUG	Skipping directory: dev
2024-05-02T17:35:59.176+0100	DEBUG	Skipping directory: proc
2024-05-02T17:35:59.176+0100	DEBUG	Skipping directory: sys
2024-05-02T17:35:59.748+0100	DEBUG	No secrets found in container image config
2024-05-02T17:35:59.749+0100	DEBUG	Scanning Dockerfile files for misconfigurations...
2024-05-02T17:35:59.753+0100	DEBUG	[misconf] 35:59.753534968 dockerfile.scanner.rego          Overriding filesystem for policies!
2024-05-02T17:36:00.064+0100	DEBUG	[misconf] 36:00.064962321 dockerfile.scanner.rego          Loaded 194 policies from disk.
2024-05-02T17:36:00.066+0100	DEBUG	[misconf] 36:00.066149933 dockerfile.scanner.rego          Overriding filesystem for data!
2024-05-02T17:36:01.856+0100	DEBUG	[misconf] 36:01.856524306 dockerfile.scanner.rego          Scanning 1 inputs...
2024-05-02T17:36:02.022+0100	INFO	Detected OS: ubuntu
2024-05-02T17:36:02.023+0100	INFO	Detecting Ubuntu vulnerabilities...
2024-05-02T17:36:02.023+0100	DEBUG	ubuntu: os version: 22.04
2024-05-02T17:36:02.023+0100	DEBUG	ubuntu: the number of packages: 101
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x1c0 pc=0x4cd23cd]

goroutine 1 [running]:
go.etcd.io/bbolt.(*DB).beginTx(0x0)
	/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:730 +0x2d
go.etcd.io/bbolt.(*DB).Begin(0xc002927110?, 0x0?)
	/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:723 +0x25
go.etcd.io/bbolt.(*DB).View(0x20?, 0xc003760e80)
	/home/runner/go/pkg/mod/go.etcd.io/[email protected]/db.go:901 +0x30
github.com/aquasecurity/trivy-db/pkg/db.Config.forEach({}, {0xc0000152c0?, 0x2, 0x2})
	/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/db.go:186 +0xe5
github.com/aquasecurity/trivy-db/pkg/db.Config.ForEachAdvisory(...)
	/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/advisory.go:20
github.com/aquasecurity/trivy-db/pkg/db.Config.GetAdvisories({}, {0xc001c78020, 0xc}, {0xc000ed2619, 0x7})
	/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/db/advisory.go:24 +0xd9
github.com/aquasecurity/trivy-db/pkg/vulnsrc/ubuntu.VulnSrc.Get({0x88754c0?, {0x96300a8?, 0xcc9a940?}}, {0xc000ed20f0?, 0xc0037613ff?}, {0xc000ed2619, 0x7})
	/home/runner/go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/vulnsrc/ubuntu/ubuntu.go:142 +0xb5
github.com/aquasecurity/trivy/pkg/detector/ospkg/ubuntu.(*Scanner).Detect(0xc000d58c30, {0xc000ed20f0, 0x5}, 0xc000ed20c8?, {0xc002f86000, 0x65, 0xc002cf4ea8?})
	/home/runner/work/trivy/trivy/pkg/detector/ospkg/ubuntu/ubuntu.go:87 +0x28f
github.com/aquasecurity/trivy/pkg/detector/ospkg.Detect({0x96073f0, 0xc001883f10}, {0x0?, 0x3afc?}, {0xc000ed20c8, 0x6}, {0xc000ed20f0, 0x5}, 0xc001df1e60?, {0x0, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/detector/ospkg/detect.go:76 +0xfb
github.com/aquasecurity/trivy/pkg/scanner/ospkg.(*scanner).Scan(_, {_, _}, {{0x7ffe16e9d0c5, 0x10}, {{0xc000ed20c8, 0x6}, {0xc000ed20f0, 0x5}, 0x0, ...}, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/scanner/ospkg/scan.go:54 +0x17d
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.scanVulnerabilities({{_, _}, {_, _}, {_, _}, {{_, _}}}, {0x96073f0, 0xc001883f10}, ...)
	/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:176 +0x165
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.ScanTarget({{_, _}, {_, _}, {_, _}, {{_, _}}}, {0x96073f0, 0xc001883f10}, ...)
	/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:124 +0x51e
github.com/aquasecurity/trivy/pkg/scanner/local.Scanner.Scan({{0x9558e20, 0xc004072480}, {0x9579f20, 0xcc9a940}, {_, _}, {{_, _}}}, {0x96073f0, 0xc001883f10}, ...)
	/home/runner/work/trivy/trivy/pkg/scanner/local/scan.go:101 +0xcbe
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{_, _}, {_, _}}, {_, _}, {{0xc000556f80, 0x2, 0x2}, {0xc004072630, ...}, ...})
	/home/runner/work/trivy/trivy/pkg/scanner/scan.go:156 +0x2d7
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({_, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0xc001ec5160, ...}, ...}, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:708 +0x397
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact(_, {_, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:267 +0xac
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).ScanImage(_, {_, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, ...}, ...})
	/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:187 +0x134
github.com/aquasecurity/trivy/pkg/commands/artifact.Run({_, _}, {{{0x7f7f64c, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x45d964b800, {0xc001ec5160, ...}, ...}, ...}, ...)
	/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:424 +0xbad
github.com/aquasecurity/trivy/pkg/commands.NewImageCommand.func2(0xc000881b00, {0xc002658980?, 0x1?, 0x8?})
	/home/runner/work/trivy/trivy/pkg/commands/app.go:307 +0xf2
github.com/spf13/cobra.(*Command).execute(0xc000881b00, {0xc002658900, 0x8, 0x8})
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:983 +0xabc
github.com/spf13/cobra.(*Command).ExecuteC(0xc000881800)
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1115 +0x3ff
github.com/spf13/cobra.(*Command).Execute(0x7fe77d0?)
	/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1039 +0x13
main.run()
	/home/runner/work/trivy/trivy/cmd/trivy/main.go:35 +0x198
main.main()
	/home/runner/work/trivy/trivy/cmd/trivy/main.go:17 +0x13

 ls -la /home/admin/.cache/trivy/policy/metadata.json. - exists.

Operating System

Linux centos.8

Version

Trivy on CentOS.

$ trivy version
Version: 0.50.4
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-05-02 12:12:32.908385138 +0000 UTC
  NextUpdate: 2024-05-02 18:12:32.908384848 +0000 UTC
  DownloadedAt: 2024-05-02 16:15:01.959039491 +0000 UTC
Policy Bundle:
  Digest: sha256:aa1640957b796d93a0ffc5d91237ee6b7ed9467b8f1825279384d29f91b9e590
  DownloadedAt: 2024-05-02 16:11:30.734006795 +0000 UTC

Checklist
@simar7 simar7 added kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning labels May 2, 2024
@simar7
Copy link
Member Author

simar7 commented May 2, 2024

cc @DmitriyLewen does license scanner do anything special with the DB? I haven't investigated but the panic stack trace looks interesting.

@psg18dhc
Copy link

psg18dhc commented May 3, 2024
edited
Loading

Thanks guys. If there's anything I can do to help let me know #ExAquarian #askKevBeedle

@DmitriyLewen
Copy link
Contributor

Hello @simar7 , @psg18dhc
I investigated this.
Trivy always uses default scanners -

trivy/pkg/commands/artifact/run.go

Lines 547 to 552 in 770b141

opts.Scanners = types.Scanners{types.VulnerabilityScanner}
opts.ImageConfigScanners = types.Scanners{
types.MisconfigScanner,
types.SecretScanner,
}
}

I will create a PR to disable the option to change scanners (with notification).

@DmitriyLewen DmitriyLewen mentioned this issue May 3, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/license Issues relating to license scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

refactor: move setting scanners when using compliance reports to flag parsing DmitriyLewen/trivy
3 participants
@simar7 @DmitriyLewen @psg18dhc