aquasecurity / trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Apache License 2.0
810 stars 233 forks source link

Scanning taking too long in Github actions #384

Open yalamarthisr opened 2 months ago

yalamarthisr commented 2 months ago

Recently we have beeing seeing trivy action taking lot of time to Initialize the aqyasecurity trivy action(Build container for action use: '/home/runner/work/_actions/aquasecurity/trivy-action/0.20.0/Dockerfile) and also running Trivy vulnerability scanner. It is sometimes failing out without displaying any errors.

test:
    runs-on: ubuntu-latest
    environment: dev
    needs: id
    env:
      FULLY_QUALIFIED_IMAGE: test.azurecr.io/myimage
    steps:
    - name: Checkout Code
      uses: actions/checkout@v4

    - name: Create docker images
      run: >
        docker build --file ./test/Dockerfile
        --tag  "${{ env.FULLY_QUALIFIED_IMAGE }}:${{ inputs.imagetag }}"
        --no-cache
        ./
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@0.20.0
      with:
        image-ref: '${{ env.FULLY_QUALIFIED_IMAGE }}:${{ inputs.imagetag }}'
        format: 'sarif'
        output: 'scan-results.sarif'
        severity: 'CRITICAL,HIGH'
    - name: Upload Trivy scan results to GitHub Security tab
      uses: github/codeql-action/upload-sarif@v3
      with:
        sarif_file: 'scan-results.sarif'
yalamarthisr commented 2 months ago

I see this issue but still it was taking more than 5 Minutes before I see this error. We are using github hosted runners. FATAL init error: DB error: failed to download vulnerability DB: database download error: oci download error: download error: failed to download: context deadline exceeded