Harbor scan giving error for fluent/fluentd:v1.16.2-windows-ltsc2019-1.0

[psandeep09]

Getting below error while scanning

NOTE: time out increased to 10min

• harbor version: v2.9.0-6d1ad65c
• docker engine version:
• Client:
  Version: 20.10.21
  API version: 1.41
  Go version: go1.18.1
  Git commit: 20.10.21-0ubuntu1~18.04.3
  Built: Thu Apr 27 05:50:21 2023
  OS/Arch: linux/amd64
  Context: default
  Experimental: true

Server:
Engine:
Version: 20.10.21
API version: 1.41 (minimum version 1.12)
Go version: go1.18.1
Git commit: 20.10.21-0ubuntu118.04.3
Built: Thu Apr 27 05:36:22 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.9-0ubuntu118.04.2
GitCommit:
runc:
Version: 1.1.4-0ubuntu1~18.04.2
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:

• docker-compose version: 1.29.2, build 5becea4c

2023-09-29T06:10:06Z [INFO] [/pkg/scan/job.go:387]: { "uuid": "2519c55f-1ba6-11ec-9ea7-0242ac190004", "name": "Trivy", "description": "The Trivy scanner adapter", "url": "http://trivy-adapter:8080", "disabled": false, "is_default": true, "health": "healthy", "auth": "", "access_credential": "[HIDDEN]", "skip_certVerify": false, "use_internal_addr": true, "adapter": "Trivy", "vendor": "Aqua Security", "version": "v0.44.0", "create_time": "2021-09-22T13:08:14.261233Z", "update_time": "2021-09-22T13:08:14.261236Z" } 2023-09-29T06:10:06Z [INFO] [/pkg/scan/job.go:387]: { "registry": { "url": "http://core:8080", "authorization": "[HIDDEN]" }, "artifact": { "namespace_id": 2, "repository": "generic/fluentd", "tag": "v1.16.2-windows-ltsc2019-1.0", "digest": "sha256:626e545cd261d03664150519020268c56575fab85658a6b9875c93dd0d281dc3", "mime_type": "application/vnd.docker.distribution.manifest.v2+json" } } 2023-09-29T06:10:06Z [INFO] [/pkg/scan/job.go:167]: Report mime types: [application/vnd.security.vulnerability.report; version=1.1] 2023-09-29T06:10:06Z [INFO] [/pkg/scan/job.go:224]: Get report for mime type: application/vnd.security.vulnerability.report; version=1.1 2023-09-29T06:10:08Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2023-09-29T06:10:13Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2023-09-29T06:10:18Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2023-09-29T06:10:23Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2023-09-29T06:10:28Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2023-09-29T06:10:33Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2023-09-29T06:10:38Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2023-09-29T06:10:43Z [ERROR] [/pkg/scan/job.go:294]: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2023-09-29T06:10:08.504Z �[34mINFO�[0m Need to update DB 2023-09-29T06:10:08.504Z �[34mINFO�[0m DB Repository: ghcr.io/aquasecurity/trivy-db 2023-09-29T06:10:08.504Z �[34mINFO�[0m Downloading DB... 2023-09-29T06:10:10.639Z �[34mINFO�[0m Vulnerability scanning is enabled 2023-09-29T06:10:22.567Z �[34mINFO�[0m JAR files found 2023-09-29T06:10:22.567Z �[34mINFO�[0m Java DB Repository: ghcr.io/aquasecurity/trivy-java-db:1 2023-09-29T06:10:22.567Z �[34mINFO�[0m Downloading the Java DB... 2023-09-29T06:10:36.705Z �[34mINFO�[0m The Java DB is cached for 3 days. If you want to update the database more frequently, the '--reset' flag clears the DB cache. 2023-09-29T06:10:36.706Z �[34mINFO�[0m Analyzing JAR files takes a while... 2023-09-29T06:10:41.163Z �[31mFATAL�[0m image scan error: scan error: scan failed: failed analysis: analyze error: pipeline error: failed to analyze layer (sha256:3815419b43d609eaa84829f57b0cc883960894f363d2fdd87c6a6c25b0383701): post analysis error: post analysis error: walk dir error: file open error: open /tmp/analyzer-fs-1350997865/file-1777464628: permission denied : general response handler: unexpected status code: 500, expected: 200

[stonezdj]

Could you please provide the trivy log when this error happen?

[zyyw]

This may not be an issue related to using trivy within Harbor but a trivy issue itself. Reason:
Tried to scan fluent/fluentd:v1.16.2-windows-ltsc2019-1.0 with trivy CLI standalone, it errors out with the same error.

ubuntu@localhost:~/Misc$ trivy image fluent/fluentd:v1.16.2-windows-ltsc2019-1.0
2023-10-10T06:36:58.310Z	INFO	Need to update DB
2023-10-10T06:36:58.310Z	INFO	DB Repository: ghcr.io/aquasecurity/trivy-db
2023-10-10T06:36:58.310Z	INFO	Downloading DB...
40.28 MiB / 40.28 MiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 9.73 MiB p/s 4.3s
2023-10-10T06:37:03.440Z	INFO	Vulnerability scanning is enabled
2023-10-10T06:37:03.440Z	INFO	Secret scanning is enabled
2023-10-10T06:37:03.440Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-10-10T06:37:03.440Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.45/docs/scanner/secret/#recommendation for faster secret detection
2023-10-10T06:37:39.517Z	INFO	JAR files found
2023-10-10T06:37:39.517Z	INFO	Java DB Repository: ghcr.io/aquasecurity/trivy-java-db:1
2023-10-10T06:37:39.517Z	INFO	Downloading the Java DB...
469.54 MiB / 469.54 MiB [--------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 30.12 MiB p/s 16s
2023-10-10T06:37:56.066Z	INFO	The Java DB is cached for 3 days. If you want to update the database more frequently, the '--reset' flag clears the DB cache.
2023-10-10T06:37:56.066Z	INFO	Analyzing JAR files takes a while...
2023-10-10T06:37:58.382Z	FATAL	image scan error: scan error: scan failed: failed analysis: analyze error: pipeline error: failed to analyze layer (sha256:3815419b43d609eaa84829f57b0cc883960894f363d2fdd87c6a6c25b0383701): post analysis error: post analysis error: walk dir error: file open error: open /tmp/analyzer-fs-3765960447/file-2262339407: permission denied
ubuntu@localhost:~/Misc$

While there is no issue when running the following command within the same env:

trivy image nginx:1.23.3

@psandeep09 , you may open an issue in the trivy repository:

• https://github.com/aquasecurity/trivy/issues

[github-actions]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[github-actions]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.