Open vitelize1 opened 2 years ago
I'm experiencing similar errors.
2023-02-23T18:57:25.742Z FATAL filesystem scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:428
- scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:263
- scan failed:
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:655
- failed analysis:
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
/home/runner/work/trivy/trivy/pkg/scanner/scan.go:146
- walk filesystem:
github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect
/home/runner/work/trivy/trivy/pkg/fanal/artifact/local/fs.go:139
- walk error:
github.com/aquasecurity/trivy/pkg/fanal/walker.walkFast
/home/runner/work/trivy/trivy/pkg/fanal/walker/fs.go:82
- lstat /home/vsts/work/1/s/Application-Source-Code/src/Web: no such file or directory
I'm running Trivy using an Azure Pipeline. I'm trying to use the official Azure DevOps Extension, with the following:
- task: AquaSecurityOfficial.trivy-official.custom-build-release-task.trivy@1
displayName: Run AquaSec Trivy Filesystem Scan
inputs:
version: 'latest'
debug: true
path: $(System.DefaultWorkingDirectory)/Application-Source-Code/src/Web/
NOTE: Within the task, I tried using
trivy@1
like the Marketplace example shows, but encountered the following error. Note that it makes reference to 2 different Trivy tasks, even though only the single Azure DevOps Extension is installed.
Error: Job TrivyJob: Step task reference is invalid. The task name trivy is ambiguous. Specify one of the following identifiers to resolve the ambiguity: AquaSecurityOfficial.trivy-official.custom-build-release-task.trivy, securedevelopmentteam.vss-secure-development-tools.build-task-trivy.Trivy
This last error, about the abiguous trivy
task name, was due to having the Microsoft Secure Development Tools (Guardian) extension installed, which is odd because Trivy is not listed in the tools for that extension.
I'm having the same issue :
/usr/bin/docker run --rm -v /home/vsts/.docker:/root/.docker -v /tmp:/tmp -v /home/vsts/work/1/s:/src --workdir /src aquasec/trivy:latest --debug fs --exit-code 0 --format json --output /tmp/trivy-results-0.9334618675689792.json --security-checks vuln,config,secret /home/vsts/work/1/s
2023-04-19T14:00:57.938Z WARN '--security-checks' is deprecated. Use '--scanners' instead.
2023-04-19T14:00:57.942Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-04-19T14:00:57.945Z DEBUG cache dir: /root/.cache/trivy
2023-04-19T14:00:57.945Z INFO Need to update DB
2023-04-19T14:00:57.945Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2023-04-19T14:00:57.945Z INFO Downloading DB...
2023-04-19T14:00:57.945Z DEBUG no metadata file
36.64 MiB / 36.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?36.64 MiB / 36.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?36.64 MiB / 36.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?36.64 MiB / 36.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?36.64 MiB / 36.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?36.64 MiB / 36.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?36.64 MiB / 36.64 MiB [----------------------------------------------------------->] 100.00% ? p/s ?36.64 MiB / 36.64 MiB [-------------------------------------------------] 100.00% 29.00 MiB p/s 1.5s2023-04-19T14:01:00.190Z DEBUG Updating database metadata...
2023-04-19T14:01:00.190Z DEBUG DB Schema: 2, UpdatedAt: 2023-04-19 12:09:06.654926416 +0000 UTC, NextUpdate: 2023-04-19 18:09:06.654926216 +0000 UTC, DownloadedAt: 2023-04-19 14:01:00.190557558 +0000 UTC
2023-04-19T14:01:00.190Z INFO Vulnerability scanning is enabled
2023-04-19T14:01:00.190Z DEBUG Vulnerability type: [os library]
2023-04-19T14:01:00.190Z INFO Misconfiguration scanning is enabled
2023-04-19T14:01:00.191Z DEBUG Failed to open the policy metadata: open /root/.cache/trivy/policy/metadata.json: no such file or directory
2023-04-19T14:01:00.191Z INFO Need to update the built-in policies
2023-04-19T14:01:00.191Z INFO Downloading the built-in policies...
40.47 KiB / 40.47 KiB [-----------------------------------------------------------] 100.00% ? p/s 0s2023-04-19T14:01:00.943Z DEBUG Digest of the built-in policies: sha256:d19c4c0d48ed4641862e020ff7eba7fd3ba449f66b532b09d79a6023bc65bd5b
2023-04-19T14:01:00.943Z DEBUG Policies successfully loaded from disk
2023-04-19T14:01:00.943Z INFO Secret scanning is enabled
2023-04-19T14:01:00.943Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-04-19T14:01:00.944Z INFO Please see also https://aquasecurity.github.io/trivy/v0.40/docs/secret/scanning/#recommendation for faster secret detection
2023-04-19T14:01:00.947Z DEBUG No secret config detected: trivy-secret.yaml
2023-04-19T14:01:00.947Z DEBUG Walk the file tree rooted at '/home/vsts/work/1/s' in parallel
2023-04-19T14:01:00.956Z FATAL filesystem scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:431
- scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:266
- scan failed:
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:679
- failed analysis:
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
/home/runner/work/trivy/trivy/pkg/scanner/scan.go:146
- walk filesystem:
github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect
/home/runner/work/trivy/trivy/pkg/fanal/artifact/local/fs.go:156
- walk error:
github.com/aquasecurity/trivy/pkg/fanal/walker.walkFast
/home/runner/work/trivy/trivy/pkg/fanal/walker/fs.go:82
- lstat /home/vsts/work/1/s: no such file or directory
Publishing JSON results...
Done!
Finishing: trivy
Here is my pipeline definition :
- task: trivy@1
inputs:
# $(Build.SourcesDirectory) == /home/vsts/work/1/s
path: $(Build.SourcesDirectory)
debug: true
# Avoids pipeline failing if trivy fails
exitCode: 0
I'm probably wrong but isn't there a problem in the docker command ?
Since it's mounting the correct path /home/vsts/work/1/s
to /src
in container but then executing on /home/vsts/work/1/s
again at the end.
Full docker command used by trivy below:
/usr/bin/docker run --rm -v /home/vsts/.docker:/root/.docker -v /tmp:/tmp -v /home/vsts/work/1/s:/src --workdir /src aquasec/trivy:latest --debug fs --exit-code 0 --format json --output /tmp/trivy-results-0.9334618675689792.json --security-checks vuln,config,secret /home/vsts/work/1/s
Hi ! I'm trying this product and i'm stuck by those errors (seems it want to call something not there ?) What did i do wrong ?
Here is build yml