search

aquasecurity / fanal

Static Analysis Library for Containers
Apache License 2.0
199 stars 100 forks source link

fix(analyzer): ignore permission errors #477

Closed knqyf263 closed 2 years ago

knqyf263 commented 2 years ago

We should skip permission errors and warn it.

$ trivy --cache-dir /tmp fs /
2022-04-21T08:42:23.598Z        FATAL   scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.runWithTimeout
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:94
  - image scan failed:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:259
  - failed analysis:
    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:111
  - walk filesystem:
    github.com/aquasecurity/fanal/artifact/local.Artifact.Inspect
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220414083417-61bfa9f92483/artifact/local/fs.go:105
  - walk error:
    github.com/aquasecurity/fanal/walker.FS.Walk
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220414083417-61bfa9f92483/walker/fs.go:60
  - unknown error with /:
    github.com/aquasecurity/fanal/walker.FS.Walk.func2
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220414083417-61bfa9f92483/walker/fs.go:54
  - unknown error with //run:
    github.com/aquasecurity/fanal/walker.FS.Walk.func2
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220414083417-61bfa9f92483/walker/fs.go:54
  - unknown error with //run/cloud-init:
    github.com/aquasecurity/fanal/walker.FS.Walk.func2
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220414083417-61bfa9f92483/walker/fs.go:54
  - failed to analyze file:
    github.com/aquasecurity/fanal/walker.FS.Walk.func1
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220414083417-61bfa9f92483/walker/fs.go:42
  - analyze file (run/cloud-init/instance-data-sensitive.json):
    github.com/aquasecurity/fanal/artifact/local.Artifact.Inspect.func1
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220414083417-61bfa9f92483/artifact/local/fs.go:100
  - unable to open run/cloud-init/instance-data-sensitive.json:
    github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220414083417-61bfa9f92483/analyzer/analyzer.go:245
  - open /run/cloud-init/instance-data-sensitive.json: permission denied