search

anchore / anchore-engine

A service that analyzes docker images and scans for vulnerabilities
Apache License 2.0
1.58k stars 271 forks source link

history grype_db files were not be removed after the new grype_db synced #1381

Open gntsyt2003 opened 2 years ago

gntsyt2003 commented 2 years ago

Is this a request for help?:

Is this a BUG REPORT or a FEATURE REQUEST? (choose one): BUG REPORT

Version of Anchore Engine and Anchore CLI if applicable: anchore-engine:v1.0.0

What happened: On container "root_policy-engine_1", the disk usage will increase day by day due to history grype_db files were not be cleaned after it was synced everyday. Each grype_db size is more than 700MB, it will used up the disk spaces quickly. Like: [root@node# docker exec -it root_policy-engine_1 bash [anchore@9ea08ec6594b anchore-engine]$ cd /anchore_service/grype_db/ [anchore@9ea08ec6594b grype_db]$ ls -ltr total 0 drwxr-xr-x 3 anchore anchore 15 May 19 09:25 sha256:19d5a2715798be58a1878cceab2625ff9a2ab4cf345a2f1e11b17fc2ef2d9e44 drwxr-xr-x 3 anchore anchore 15 May 20 21:26 sha256:e1d5d54e49b037b96aa3e6385a9ba56b180435882ce9aeb6f550be853329b550 drwxr-xr-x 3 anchore anchore 15 May 21 09:26 sha256:070c0e9a456e5fc4064bf120c0374126ae7cc195d14e70166c21d68f7cfe0809 drwxr-xr-x 3 anchore anchore 15 May 22 09:27 sha256:d6f0340e0137e9bb75a3b31b931caeeb21108b5cd0b4e08a7fe9e7ab78749e54 drwxr-xr-x 3 anchore anchore 15 May 23 09:28 sha256:e1cfde6eb713be1fe0a24ee5c9f926f8d043dbb913ea8e0015f8b4148ae038f4 drwxr-xr-x 3 anchore anchore 15 May 24 09:28 sha256:6e6975f12a507b35fbc682ff2cfde80b2ee98bd8fabd2d941920d1320d553e85 drwxr-xr-x 3 anchore anchore 15 May 25 09:29 sha256:91d1937def20c13e4d5d50e2d1cfb8f845dae158500cd5374c7def607e5e0def

[anchore@9ea08ec6594b grype_db]$ du -hs * 734M sha256:070c0e9a456e5fc4064bf120c0374126ae7cc195d14e70166c21d68f7cfe0809 732M sha256:19d5a2715798be58a1878cceab2625ff9a2ab4cf345a2f1e11b17fc2ef2d9e44 736M sha256:6e6975f12a507b35fbc682ff2cfde80b2ee98bd8fabd2d941920d1320d553e85 736M sha256:91d1937def20c13e4d5d50e2d1cfb8f845dae158500cd5374c7def607e5e0def 734M sha256:d6f0340e0137e9bb75a3b31b931caeeb21108b5cd0b4e08a7fe9e7ab78749e54 734M sha256:e1cfde6eb713be1fe0a24ee5c9f926f8d043dbb913ea8e0015f8b4148ae038f4 734M sha256:e1d5d54e49b037b96aa3e6385a9ba56b180435882ce9aeb6f550be853329b550

What did you expect to happen: Remove the history grype_db files automatically. Or replace the original grype_db file with new one during the Grype's vulnerability database update.

Any relevant log output from /var/log/anchore: No

What docker images are you using: anchore-engine v1.0.0

How to reproduce the issue: Just run anchore-engine as default

Anything else we need to know: None

shawngmc commented 2 years ago

I'm running into the same issue using anchore-engine v1.1.0; it actually filled the disk on my home server.

Is there any config setting to adjust this behavior?

Running anchore-cli system feeds sync --flush does not appear to clean these out.