search

aquasecurity / trivy-operator

Kubernetes-native security toolkit
https://aquasecurity.github.io/trivy-operator/latest
Apache License 2.0
1.28k stars 211 forks source link

SBOM Volume Fails to create due object name character limit #2253

Open Hacks4Snacks opened 2 months ago

Hacks4Snacks commented 2 months ago

What steps did you take and what happened:

When kubernetes objects to be scanned have long names, scan jobs will fail when SBOM creation is enabled due to object name character lengths. The SBOM volume name adds a prefix of "sbomvol-" and does not account for the length of the cname object, leading cases where the volume name can exceed 63 characters.

What did you expect to happen:

Truncation of object names within defined limits to prevent object creation failures leading to scan job issue.

Anything else you would like to add:

Log Example:

{"level":"error","ts":"2024-09-06T18:46:57Z","msg":"Reconciler error","controller":"job","controllerGroup":"batch","controllerKind":"Job","Job":{"name":"3813e146-da61-4481-ad6f-1b0f035c0be5-action-bmmrunreadcmd","namespace":"nc-system"},"namespace":"nc-system","name":"3813e146-da61-4481-ad6f-1b0f035c0be5-action-bmmrunreadcmd","reconcileID":"d6629cac-e98d-46a9-817a-946e39289392","error":"creating scan job failed: test-system/scan-vulnerabilityreport-796d577555: Job.batch \"scan-vulnerabilityreport-796d577555\" is invalid: [spec.template.spec.volumes[2].name: Invalid value: \"sbomvol-3813e146-da61-4481-ad6f-1b0f035c0be5-action-testreadcmd\": must be no more than 63 characters, spec.template.spec.containers[0].volumeMounts[2].name: Not found: \"sbomvol-3813e146-da61-4481-ad6f-1b0f035c0be5-action-bmmrunreadcmd\"]","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:261\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.18.4/pkg/internal/controller/controller.go:222"}

Environment:

github-actions[bot] commented 1 week ago

This issue is stale because it has been labeled with inactivity.