Open joshuai96 opened 5 days ago
To further clarify this, as this issue might seem a little bit constructed.
I was trying to run grype
on an arbitrary amount of projects in parallel in a CI/CD. This starts out with an empty $HOME/.cache
. When multiple grype
processes tried to download and write the database, some issues arose.
So i decided to use grype db update
in the bootstrapping phase, to have a single process to get the database.
This worked, until it didn't. I suspect some network hiccup that lead to an invalid database directory without grype db update
reporting an issue.
When grype
started to scan 84 seconds later, all scan processes failed with this message:
failed to load vulnerability db: vulnerability database is invalid (run db update to correct): database metadata not found: /home/scanner/.cache/grype/db/5
Trying to have an early stop to my CI/CD pipeline. I tried using grype db status
to catch an invalid db and don't execute the scans.
While trying to provoke an invalid database, I came across this issue.
What happened:
grype db status
does not validatevulnerability.db
hash.What you expected to happen:
grype db status
fully validates thevulnerability.db
and fails on an invalid db.How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Scans with
grype
, do not report a invalid DB either:Environment: