search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.72k stars 580 forks source link

Trivy Scanner Integration Fails #4132

Open tapmch opened 2 months ago

tapmch commented 2 months ago

Current Behavior

I have a Trivy scanner running in server mode. I verified that it is correctly set up: wget http://trivy.xyz/version trivy image --server http://trivy.xyz --token dummy -d alpine:3.10 Both give me correct results. I then tried to configure DTrack to use trivy as an analyzer as described in the documentation.

image

In the logs I see the following errors:

2024-09-06 11:02:18,504 WARN [TrivyAnalysisTask] Encountered retryable error for trivy-api; Will execute retry #1 in PT1S ...

2024-09-06 11:24:18,520 DEBUG [HttpClientPool] Stats: [leased: 3; pending: 0; available: 0; max: 200] ... 2024-09-06 11:26:52,100 ERROR [TrivyAnalysisTask] Max retry attempts exceeded for trivy-api after 10 attempts io.github.resilience4j.retry.MaxRetriesExceeded: max retries is reached out for the result predicate check

It seems that there is not even an http call going out. Also the HttpClientPool seems to always report 0 available. I am using trivy v0.55 (I also tried to use older versions with the same setup)

Steps to Reproduce

  1. Configure Trivy as above.

Expected Behavior

Trivy returns scan result

Dependency-Track Version

4.11.7

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

No response

Browser

Microsoft Edge

Checklist

jr-do commented 5 hours ago

Hi there... are You using a proxy? If yes, is trivy name in the proxy exclusion list?