Open sjgupta19 opened 2 years ago
@sjgupta19 What happens if you run Trivy locally? Is the failing case a "secret" issue?
It runs fine locally and detects no vulnerability but one secret.
I also started running into this issue today, and I think the issue is tied to the latest version of trivy: 0.29.2
.
Here are a few screenshots of the issue that I am seeing:
When I run Trivy locally, I am seeing no vulnerabilities and no secrets, however when I run this action, I am getting the failure message.
However, if I update the action to use the previous version of trivy: 0.29.1
, the scan works and passes successfully. Example configuration:
- name: Scan Docker Image
uses: azure/container-scan@v0.1
with:
image-name: test_docker_for_scan
username: USER
password: ${{ secrets.GITHUB_TOKEN }}
trivy-version: "0.29.1"
This issue is idle because it has been open for 14 days with no activity.
Hello,
It seems like we are encountering a similar issue where the container-scan step fails with
Error: Vulnerabilities were detected in the container image
but produces no output
This is a major pain point and blocker for us since the images cannot be pushed to the remote repository if the container-scan does not pass.
What is the path forward to address this issue?
This issue is idle because it has been open for 14 days with no activity.
Hi There. Currently experiencing the same issue. Have any solutions be found yet for this issue? Would also be happy with a specific trivy
version where this is not an issue. But as others this is a major pain point for me as well.
This issue is idle because it has been open for 14 days with no activity.
Hi, We are using this in our ci workflow for looking at vulnerable packages. We have remediated all the packages and currently there is no vulnerability but it is still throwing an error "Vulnerabilities were detected in the container image" and giving no information on the vulnerability.
Also tried v0 and v0.1