Closed adamw-linadm closed 1 month ago
Describe the bug Ignoring patterns not working correctly
To Reproduce I have this config:
ignoreFailedGracefulShutdown: true ignoreContainerNames: - b24depot-container-cron ignorePodNames: - scan-vulnerabilityreport-.* alert: slack: webhook: https://hooks.slack.com/services/XXX app: clusterName: testowy disableStartupMessage: true logFormatter: json namespaces: - "!trivy-system" reasons: - "!Completed"
and still I have alert trigger from ignored namespace and with ignored reason. Log with reason: Complited
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:41:35Z"} {"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:41:36Z"} {"level":"info","msg":"container only issue app-crawlers-project-0-c-0 app-crawlers-project-0-7b9cf895b4-8t666 app-crawlers-project-0-7b9cf895b4 Completed 0","time":"2024-06-03T07:41:38Z"} {"level":"info","msg":"sending event: {PodName:app-crawlers-project-0-7b9cf895b4-8t666 ContainerName:app-crawlers-project-0-c-0 Namespace:parser Reason:Completed Events:[2024-06-03 07:41:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:41:37 +0000 UTC] Created Created container app-crawlers-project-0-c-0\n[2024-06-03 07:41:37 +0000 UTC] Started Started container app-crawlers-project-0-c-0 Logs: Labels:map[app:app-crawlers-project-0 app.kubernetes.io/app-instance:app app/network-policy.allowed-egress:true app/network-policy.allowed-egress-internal:true app/network-policy.allowed-egress-world:true pod-template-hash:7b9cf895b4]}","time":"2024-06-03T07:41:38Z"} {"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:41:50Z"} {"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:41:50Z"}
Log from namespace trivy-system and also from ignored pod name:
{"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:20Z"} {"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:21Z"} {"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:25Z"} {"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:25Z"} {"level":"info","msg":"skip namespace trivy-system as in namespace forbid list","time":"2024-06-03T07:56:26Z"} {"level":"info","msg":"container only issue pl--initial-loads--initial-loads-1-c-2 scan-vulnerabilityreport-b865bd4db-bbxpq scan-vulnerabilityreport-b865bd4db Error 2","time":"2024-06-03T07:56:26Z"} {"level":"info","msg":"sending event: {PodName:scan-vulnerabilityreport-b865bd4db-bbxpq ContainerName:pl--initial-loads--initial-loads-1-c-2 Namespace:trivy-system Reason:Error Events:[2024-06-03 07:51:26 +0000 UTC] Pulled Container image \"ghcr.io/aquasecurity/trivy:0.49.1\" already present on machine\n[2024-06-03 07:51:26 +0000 UTC] Created Created container c6e328d8-a6ae-475b-9c27-febcd8147636\n[2024-06-03 07:51:26 +0000 UTC] Started Started container c6e328d8-a6ae-475b-9c27-febcd8147636\n[2024-06-03 07:51:27 +0000 UTC] Pulled Container image \"ghcr.io/aquasecurity/trivy:0.49.1\" already present on machine\n[2024-06-03 07:51:27 +0000 UTC] Created Created container e66b6981-92f5-41d0-b068-1dd71fc51cda\n[2024-06-03 07:51:27 +0000 UTC] Started Started container e66b6981-92f5-41d0-b068-1dd71fc51cda\n[2024-06-03 07:51:36 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:36 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-0\n[2024-06-03 07:51:36 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-0\n[2024-06-03 07:51:36 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:36 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-1\n[2024-06-03 07:51:36 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-1\n[2024-06-03 07:51:36 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:36 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-2\n[2024-06-03 07:51:37 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-2\n[2024-06-03 07:51:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:37 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-3\n[2024-06-03 07:51:37 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-3\n[2024-06-03 07:51:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:37 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-4\n[2024-06-03 07:51:37 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-4\n[2024-06-03 07:51:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine\n[2024-06-03 07:51:37 +0000 UTC] Created Created container pl--initial-loads--initial-loads-1-c-5\n[2024-06-03 07:51:37 +0000 UTC] Started Started container pl--initial-loads--initial-loads-1-c-5\n[2024-06-03 07:51:37 +0000 UTC] Pulled Container image \"masked/image:version\" already present on machine Logs: Labels:map[app.kubernetes.io/managed-by:trivy-operator batch.kubernetes.io/controller-uid:64a783a2-1249-4ee1-b36e-318f678e4e84 batch.kubernetes.io/job-name:scan-vulnerabilityreport-b865bd4db controller-uid:64a783a2-1249-4ee1-b36e-318f678e4e84 job-name:scan-vulnerabilityreport-b865bd4db resource-spec-hash:6cff5bff94 trivy-operator.resource.kind:ReplicaSet trivy-operator.resource.name:pl--initial-loads--initial-loads-1-6cc4486775 trivy-operator.resource.namespace:parser vulnerabilityReport.scanner:Trivy]}","time":"2024-06-03T07:56:26Z"}
Expected behavior Not trigger alert, when event is from ignored namespace/reason or pod name
Actual behavior As logs showed, sends an alert from an event with a few ignored fields
Version/Commit 0.9.2
@adamw-linadm Should be fixed in Release v0.9.3
@abahmed working well now, thanks :)
Describe the bug Ignoring patterns not working correctly
To Reproduce I have this config:
and still I have alert trigger from ignored namespace and with ignored reason. Log with reason: Complited
Log from namespace trivy-system and also from ignored pod name:
Expected behavior Not trigger alert, when event is from ignored namespace/reason or pod name
Actual behavior As logs showed, sends an alert from an event with a few ignored fields
Version/Commit 0.9.2