Closed christian-weiss closed 3 years ago
I did not spot the -d
in my command line (a to long command line ;-) )
This kind of debug messages seams to be introduced in 0.18.2.
Guessing that this message was triggered at: https://github.com/aquasecurity/trivy/blob/main/pkg/github/github.go#L106
@knqyf263 please have a look. I am not sure if this error effects scanning or reporting of issues.
Which message are you talking about?
Messages like: Analysis error: unable to parse xyz: failed to parse xyzl: EOF
(See log above)
That's simply why you enable debug mode. No mistake there. But it might be noisy. We may suppress the messages.
After investigating https://github.com/aquasecurity/trivy/issues/1143 i found why "my first guess" was wrong
To reproduce run:
docker run --rm --name reproduceError -v $(pwd):/data aquasec/trivy:0.19.2 -d --no-progress --format json --output /data/report.json --input /data/this.tar
(see issue above for prepartion steps)When i run trivy
0.19.2
i wonder about its stdout output:Executed command:
docker run --rm --name reproduceError -v $(pwd):/data aquasec/trivy:0.19.2 -d --no-progress --format json --output /data/report.json --input /data/this.tar
I wonder about:
--debug
is not set!)Analysis error: unable to parse xyz: failed to parse xyzl: EOF
(parsing issue)that i see a deprecaten notice
DEPRECATED: the current JSON schema is deprecated, check https://github.com/aquasecurity/trivy/discussions/1050 for more information.
Another message would guide me moreDEPRECATION NOTICE: output format (JSON schema) will change in version 0.20.0. See migration hints at: https://github.com/aquasecurity/trivy/discussions/1050
These stuff was made me think that something was wrong with
0.19.2
. You already pointed out that "not finding security issues" is not a bug.The above messages make me think that you maybe released a development version as a stable release by mistake. You may want to disable the debug mode in a stable release.
Parsing issues got introcuded in trivy version
0.18.2
(was not existing in0.18.1
and before).