search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
23.68k stars 2.33k forks source link

goroutine stack exceeds 1000000000-byte limit - trivy fs v0.28.1 #2202

Closed oauwils closed 2 years ago

oauwils commented 2 years ago

Description

When running trivy over a maven project with submodules and many dependencies, with the command trivy fs ., trivy uses all available memory and crash with the error :

runtime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0xc049800320 stack=[0xc049800000, 0xc069800000]
fatal error: stack overflow

What did you expect to happen?

Trivy should retrieve dependencies and vulnerabilities for the whole project (submodules included)

What happened instead?

Trivy uses all memory (RAM + swap) on the system and stop with the goroutine error

Output of run with -debug:

2022-05-30T14:41:42.157+0200    DEBUG   Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2022-05-30T14:41:42.162+0200    DEBUG   cache dir:  /home/user/.cache/trivy
2022-05-30T14:41:42.163+0200    INFO    Need to update DB
2022-05-30T14:41:42.163+0200    INFO    DB Repository: ghcr.io/aquasecurity/trivy-db
2022-05-30T14:41:42.163+0200    INFO    Downloading DB...
32.09 MiB / 32.09 MiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 3.01 MiB p/s 11s
2022-05-30T14:41:54.042+0200    DEBUG   Updating database metadata...
2022-05-30T14:41:54.042+0200    DEBUG   DB Schema: 2, UpdatedAt: 2022-05-30 12:07:30.181171493 +0000 UTC, NextUpdate: 2022-05-30 18:07:30.181171293 +0000 UTC, DownloadedAt: 2022-05-30 12:41:54.0425379 +0000 UTC
2022-05-30T14:41:54.042+0200    DEBUG   Vulnerability type:  [os library]
2022-05-30T14:41:54.043+0200    DEBUG   No secret config detected: trivy-secret.yaml
2022-05-30T14:41:54.374+0200    DEBUG   Resolving net.logstash.logback:logstash-logback-encoder:6.6...
2022-05-30T14:41:54.397+0200    DEBUG   Resolving com.fasterxml.jackson:jackson-bom:2.12.0...
2022-05-30T14:41:54.442+0200    DEBUG   Resolving org.junit:junit-bom:5.7.0...
2022-05-30T14:41:54.472+0200    DEBUG   Resolving ch.qos.logback:logback-classic:1.2.9...
2022-05-30T14:41:54.542+0200    DEBUG   Resolving ch.qos.logback:logback-core:1.2.9...
2022-05-30T14:41:54.559+0200    DEBUG   Resolving org.slf4j:slf4j-api:1.7.32...
2022-05-30T14:41:55.709+0200    DEBUG   Resolving net.logstash.logback:logstash-logback-encoder:6.6...
2022-05-30T14:41:55.711+0200    DEBUG   Resolving com.fasterxml.jackson:jackson-bom:2.12.0...
2022-05-30T14:41:55.715+0200    DEBUG   Resolving org.junit:junit-bom:5.7.0...
2022-05-30T14:41:55.716+0200    DEBUG   Resolving ch.qos.logback:logback-classic:1.2.9...
2022-05-30T14:41:55.718+0200    DEBUG   Resolving javax.validation:validation-api:2.0.1.Final...
2022-05-30T14:41:55.756+0200    DEBUG   Resolving com.fasterxml:classmate:1.5.1...
2022-05-30T14:41:55.777+0200    DEBUG   Resolving javax.inject:javax.inject:1...
2022-05-30T14:41:55.787+0200    DEBUG   Resolving com.fasterxml.jackson.datatype:jackson-datatype-hppc:2.12.4...
2022-05-30T14:41:55.900+0200    DEBUG   Resolving org.hibernate:hibernate-core:5.6.4.Final...
2022-05-30T14:41:55.905+0200    DEBUG   Resolving org.jboss.logging:jboss-logging:3.4.1.Final...
2022-05-30T14:41:55.926+0200    DEBUG   Resolving org.dom4j:dom4j:2.1.3...
2022-05-30T14:41:55.940+0200    DEBUG   Resolving org.slf4j:slf4j-api:1.7.32...
2022-05-30T14:41:55.941+0200    DEBUG   Resolving org.springframework.data:spring-data-jpa:2.6.1...
2022-05-30T14:41:55.992+0200    DEBUG   Resolving io.projectreactor:reactor-bom:2020.0.15...
2022-05-30T14:41:55.999+0200    DEBUG   Resolving org.springframework:spring-framework-bom:5.3.15...
2022-05-30T14:41:56.006+0200    DEBUG   Resolving org.jetbrains.kotlin:kotlin-bom:1.5.32...
2022-05-30T14:41:56.019+0200    DEBUG   Resolving org.jetbrains.kotlinx:kotlinx-coroutines-bom:1.5.2...
2022-05-30T14:41:56.024+0200    DEBUG   Resolving com.fasterxml.jackson:jackson-bom:2.13.1...
2022-05-30T14:41:56.059+0200    DEBUG   Resolving org.junit:junit-bom:5.8.2...
2022-05-30T14:41:56.079+0200    DEBUG   Resolving org.testcontainers:testcontainers-bom:1.16.2...
2022-05-30T14:41:56.094+0200    DEBUG   Resolving org.springframework.boot:spring-boot-starter-web:2.6.3...
2022-05-30T14:41:56.115+0200    DEBUG   Resolving org.apache.httpcomponents:httpclient:4.5.13...
2022-05-30T14:41:56.150+0200    DEBUG   Resolving org.mapstruct:mapstruct-jdk8:1.1.0.Final...
2022-05-30T14:41:56.174+0200    DEBUG   Resolving org.jboss.arquillian:arquillian-bom:1.0.2.Final...
2022-05-30T14:41:56.208+0200    DEBUG   Resolving org.jboss.shrinkwrap:shrinkwrap-bom:1.0.1...
2022-05-30T14:41:56.238+0200    DEBUG   Resolving org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom:1.0.0-beta-7...
2022-05-30T14:41:56.250+0200    DEBUG   Resolving org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-bom:2.0.0-alpha-3...
2022-05-30T14:41:56.257+0200    DEBUG   Resolving commons-validator:commons-validator:1.6...
2022-05-30T14:41:56.319+0200    DEBUG   Resolving org.apache.commons:commons-lang3:3.6...
2022-05-30T14:41:56.333+0200    DEBUG   Resolving commons-beanutils:commons-beanutils:1.9.4...
2022-05-30T14:41:56.388+0200    DEBUG   Resolving commons-codec:commons-codec:1.13...
2022-05-30T14:41:56.402+0200    DEBUG   Resolving commons-io:commons-io:2.8.0...
2022-05-30T14:41:56.421+0200    DEBUG   Resolving ch.qos.logback:logback-core:1.2.9...
2022-05-30T14:41:56.422+0200    DEBUG   Resolving com.fasterxml.jackson.core:jackson-core:2.12.4...
2022-05-30T14:41:56.423+0200    DEBUG   Resolving com.fasterxml.jackson.core:jackson-databind:2.12.4...
2022-05-30T14:41:56.425+0200    DEBUG   Resolving com.carrotsearch:hppc:0.8.1...
2022-05-30T14:41:56.438+0200    DEBUG   Resolving javax.persistence:javax.persistence-api:2.2...
2022-05-30T14:41:56.444+0200    DEBUG   Resolving net.bytebuddy:byte-buddy:1.12.7...
2022-05-30T14:41:56.463+0200    DEBUG   Resolving antlr:antlr:2.7.7...
2022-05-30T14:41:56.474+0200    DEBUG   Resolving org.jboss.spec.javax.transaction:jboss-transaction-api_1.2_spec:1.1.1.Final...
2022-05-30T14:41:56.498+0200    DEBUG   Resolving org.jboss:jandex:2.4.2.Final...
2022-05-30T14:41:56.627+0200    DEBUG   Resolving javax.activation:javax.activation-api:1.2.0...
2022-05-30T14:41:56.634+0200    DEBUG   Resolving org.hibernate.common:hibernate-commons-annotations:5.1.2.Final...
2022-05-30T14:41:56.681+0200    DEBUG   Resolving javax.xml.bind:jaxb-api:2.3.1...
2022-05-30T14:41:56.707+0200    DEBUG   Resolving org.glassfish.jaxb:jaxb-runtime:2.3.1...
2022-05-30T14:41:56.752+0200    DEBUG   Resolving org.springframework.data.build:spring-data-commons:2.6.1...
2022-05-30T14:41:57.941+0200    DEBUG   org.springframework.data.build:spring-data-commons:2.6.1 was not found in local/remote repositories
2022-05-30T14:41:57.941+0200    DEBUG   Resolving org.springframework:spring-orm:5.3.15...
2022-05-30T14:41:57.942+0200    DEBUG   Resolving org.springframework:spring-context:5.3.15...
2022-05-30T14:41:57.945+0200    DEBUG   Resolving org.springframework:spring-aop:5.3.15...
2022-05-30T14:41:57.947+0200    DEBUG   Resolving org.springframework:spring-tx:5.3.15...
2022-05-30T14:41:57.949+0200    DEBUG   Resolving org.springframework:spring-beans:5.3.15...
2022-05-30T14:41:57.965+0200    DEBUG   Resolving org.springframework:spring-core:5.3.15...
2022-05-30T14:41:57.974+0200    DEBUG   Resolving org.springframework.boot:spring-boot-starter:2.6.3...
2022-05-30T14:41:57.977+0200    DEBUG   Resolving org.springframework.boot:spring-boot-starter-json:2.6.3...
2022-05-30T14:41:57.979+0200    DEBUG   Resolving org.springframework.boot:spring-boot-starter-tomcat:2.6.3...
2022-05-30T14:41:58.097+0200    DEBUG   Resolving org.springframework:spring-web:5.3.15...
2022-05-30T14:41:58.099+0200    DEBUG   Resolving org.springframework:spring-webmvc:5.3.15...
2022-05-30T14:41:58.107+0200    DEBUG   Resolving org.apache.httpcomponents:httpcore:4.4.13...
2022-05-30T14:41:58.127+0200    DEBUG   Resolving commons-logging:commons-logging:1.2...
2022-05-30T14:41:58.144+0200    DEBUG   Resolving commons-digester:commons-digester:1.8.1...
2022-05-30T14:41:58.152+0200    DEBUG   Resolving commons-collections:commons-collections:3.2.2...
2022-05-30T14:41:58.166+0200    DEBUG   Resolving com.hazelcast:hazelcast:3.12.10...
2022-05-30T14:41:58.173+0200    DEBUG   Resolving com.fasterxml.jackson.core:jackson-annotations:2.12.4...
2022-05-30T14:41:58.181+0200    DEBUG   Resolving net.java:txw2:5...
2022-05-30T14:41:58.920+0200    DEBUG   net.java:txw2:5 was not found in local/remote repositories
2022-05-30T14:41:58.920+0200    DEBUG   Resolving com.sun.istack:istack-commons-runtime:3.0.7...
2022-05-30T14:41:58.966+0200    DEBUG   Resolving org.jvnet.staxex:stax-ex:1.8...
2022-05-30T14:41:59.025+0200    DEBUG   Resolving com.sun.xml.fastinfoset:FastInfoset:1.2.15...
2022-05-30T14:41:59.032+0200    DEBUG   Resolving org.springframework:spring-jdbc:5.3.15...
2022-05-30T14:41:59.033+0200    DEBUG   Resolving org.springframework:spring-expression:5.3.15...
2022-05-30T14:41:59.034+0200    DEBUG   Resolving org.springframework:spring-jcl:5.3.15...
2022-05-30T14:41:59.035+0200    DEBUG   Resolving org.springframework.boot:spring-boot:2.6.3...
2022-05-30T14:41:59.036+0200    DEBUG   Resolving org.springframework.boot:spring-boot-autoconfigure:2.6.3...
2022-05-30T14:41:59.037+0200    DEBUG   Resolving org.springframework.boot:spring-boot-starter-logging:2.6.3...
2022-05-30T14:41:59.038+0200    DEBUG   Resolving jakarta.annotation:jakarta.annotation-api:1.3.5...
2022-05-30T14:41:59.043+0200    DEBUG   Resolving org.yaml:snakeyaml:1.29...
2022-05-30T14:41:59.069+0200    DEBUG   Resolving com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.1...
2022-05-30T14:41:59.074+0200    DEBUG   Resolving com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.13.1...
2022-05-30T14:41:59.097+0200    DEBUG   Resolving com.fasterxml.jackson.module:jackson-module-parameter-names:2.13.1...
2022-05-30T14:41:59.103+0200    DEBUG   Resolving org.apache.tomcat.embed:tomcat-embed-core:9.0.56...
2022-05-30T14:41:59.254+0200    DEBUG   Resolving org.apache.tomcat.embed:tomcat-embed-el:9.0.56...
2022-05-30T14:41:59.315+0200    DEBUG   Resolving org.apache.tomcat.embed:tomcat-embed-websocket:9.0.56...
2022-05-30T14:41:59.356+0200    DEBUG   Resolving javax.activation:activation:1.1...
2022-05-30T14:41:59.373+0200    DEBUG   Resolving org.apache.logging.log4j:log4j-to-slf4j:2.17.1...
2022-05-30T14:41:59.404+0200    DEBUG   Resolving org.slf4j:jul-to-slf4j:1.7.33...
runtime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0xc049800320 stack=[0xc049800000, 0xc069800000]
fatal error: stack overflow

runtime stack:
runtime.throw({0x2abb4e0?, 0x46f5380?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/runtime/panic.go:992 +0x71
runtime.newstack()
        /opt/hostedtoolcache/go/1.18.2/x64/src/runtime/stack.go:1101 +0x5cc
runtime.morestack()
        /opt/hostedtoolcache/go/1.18.2/x64/src/runtime/asm_amd64.s:547 +0x8b

goroutine 322 [running]:
regexp.(*inputString).step(0xc0000f26b0?, 0x0?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/regexp.go:389 +0x8d fp=0xc049800330 sp=0xc049800328 pc=0x56f3cd
regexp.(*Regexp).tryBacktrack(0xc00089cdc0, 0xc0000f2630, {0x31d5790?, 0xc0000f26b0}, 0x0?, 0x0?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/backtrack.go:218 +0xb42 fp=0xc0498003f0 sp=0xc049800330 pc=0x5687c2
regexp.(*Regexp).backtrack(0xc00089cdc0, {0x0, 0x0, 0x0}, {0xc0018480a8, 0x12}, 0x0, 0x0?, {0x49454c0, 0x0, ...})
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/backtrack.go:353 +0x325 fp=0xc049800470 sp=0xc0498003f0 pc=0x568d05
regexp.(*Regexp).doExecute(0x47071e?, {0x0?, 0x0}, {0x0, 0x0, 0x0}, {0xc0018480a8, 0x12}, 0x56798c?, 0x4, ...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/exec.go:535 +0x272 fp=0xc049800520 sp=0xc049800470 pc=0x56afb2
regexp.(*Regexp).allMatches(0xc00089cdc0, {0xc0018480a8, 0x12}, {0x0, 0x0, 0x0}, 0x13, 0xc049800650)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/regexp.go:782 +0x131 fp=0xc0498005f8 sp=0xc049800520 pc=0x571571
regexp.(*Regexp).FindAllStringSubmatch(0x0?, {0xc0018480a8?, 0x0?}, 0x0?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/regexp.go:1199 +0x7a fp=0xc049800680 sp=0xc0498005f8 pc=0x57437a
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc0018480a8, 0x12}, 0xc0018480aa?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:98 +0xca fp=0xc049800840 sp=0xc049800680 pc=0x14b6fea
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc0018480a8, 0x12}, 0xc0018480aa?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7 fp=0xc049800a00 sp=0xc049800840 pc=0x14b7107
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc0018480a8, 0x12}, 0xc0018480aa?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7 fp=0xc049800bc0 sp=0xc049800a00 pc=0x14b7107
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc0018480a8, 0x12}, 0xc0018480aa?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7 fp=0xc049800d80 sp=0xc049800bc0 pc=0x14b7107
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc0018480a8, 0x12}, 0xc0018480aa?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7 fp=0xc049800f40 sp=0xc049800d80 pc=0x14b7107
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc0018480a8, 0x12}, 0xc0018480aa?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7 fp=0xc049801100 sp=0xc049800f40 pc=0x14b7107
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc0018480a8, 0x12}, 0xc0018480aa?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7 fp=0xc0498012c0 sp=0xc049801100 pc=0x14b7107
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc0018480a8, 0x12}, 0xc0018480aa?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7 fp=0xc049801480 sp=0xc0498012c0 pc=0x14b7107
...
...additional frames elided...
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

goroutine 1 [semacquire]:
sync.runtime_Semacquire(0xc0000021a0?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/runtime/sema.go:56 +0x25
sync.(*WaitGroup).Wait(0x1?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/sync/waitgroup.go:136 +0x52
golang.org/x/sync/errgroup.(*Group).Wait(0xc000db2440)
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:40 +0x27
github.com/saracen/walker.WalkWithContext({0x31d1660?, 0xc000050098?}, {0x7ffff65d53a8, 0x1}, 0xc001739230, {0xc00179b8c0, 0x1, 0x0?})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:61 +0x336
github.com/saracen/walker.Walk(...)
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:15
github.com/aquasecurity/fanal/walker.FS.Walk({{{0x0, 0x0, 0x0}, {0xc000db2340, 0x3, 0x4}}}, {0x7ffff65d53a8, 0x1}, 0xc000db23c0)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/walker/fs.go:59 +0x174
github.com/aquasecurity/fanal/artifact/local.Artifact.Inspect({{0x7ffff65d53a8, 0x1}, {0x7f93aaab2240, 0xc000deaa80}, {{{0x0, 0x0, 0x0}, {0xc000db2340, 0x3, 0x4}}}, ...}, ...)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/artifact/local/fs.go:84 +0x245
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact({{_, _}, {_, _}}, {_, _}, {{0xc0015546e0, 0x2, 0x2}, {0xc001554720, ...}, ...})
        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:110 +0x103
github.com/aquasecurity/trivy/pkg/commands/artifact.scan({_, _}, {{0xc00103a700, 0xc0001a87d0, {0x31a9768, 0x6}, 0x0, 0x1, {0xc00168d000, 0x19}}, ...}, ...)
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:462 +0x3fe
github.com/aquasecurity/trivy/pkg/commands/artifact.(*Runner).Scan(_, {_, _}, {{0xc00103a700, 0xc0001a87d0, {0x31a9768, 0x6}, 0x0, 0x1, {0xc00168d000, ...}}, ...}, ...)
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:180 +0xc7
github.com/aquasecurity/trivy/pkg/commands/artifact.(*Runner).scanFS(_, {_, _}, {{0xc00103a700, 0xc0001a87d0, {0x31a9768, 0x6}, 0x0, 0x1, {0xc00168d000, ...}}, ...})
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:166 +0xcd
github.com/aquasecurity/trivy/pkg/commands/artifact.(*Runner).ScanFilesystem(...)
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:146
github.com/aquasecurity/trivy/pkg/commands/artifact.run({_, _}, {{0xc00103a700, 0xc0001a87d0, {0x31a9768, 0x6}, 0x0, 0x1, {0xc00168d000, 0x19}}, ...}, ...)
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:325 +0x450
github.com/aquasecurity/trivy/pkg/commands/artifact.Run(0xc00103a700, {0x2a672ba, 0x2})
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:296 +0x168
github.com/aquasecurity/trivy/pkg/commands/artifact.FilesystemRun(0xc000fedc20?)
        /home/runner/work/trivy/trivy/pkg/commands/artifact/fs.go:32 +0x25
github.com/urfave/cli/v2.(*Command).Run(0xc000fedc20, 0xc001547b80)
        /home/runner/go/pkg/mod/github.com/urfave/cli/v2@v2.5.1/command.go:163 +0x5bb
github.com/urfave/cli/v2.(*App).RunContext(0xc000219040, {0x31d1660?, 0xc000050098}, {0xc00004c0c0, 0x4, 0x4})
        /home/runner/go/pkg/mod/github.com/urfave/cli/v2@v2.5.1/app.go:313 +0xb48
github.com/urfave/cli/v2.(*App).Run(...)
        /home/runner/go/pkg/mod/github.com/urfave/cli/v2@v2.5.1/app.go:224
main.main()
        /home/runner/work/trivy/trivy/cmd/trivy/main.go:16 +0x4f

goroutine 3375 [select]:
net/http.(*persistConn).readLoop(0xc03335e480)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2213 +0xda5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1750 +0x173e

goroutine 2426 [select]:
net/http.(*persistConn).writeLoop(0xc00ddec000)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2392 +0xf5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1751 +0x1791

goroutine 3441 [IO wait]:
internal/poll.runtime_pollWait(0x7f93aa910190, 0x72)
        /opt/hostedtoolcache/go/1.18.2/x64/src/runtime/netpoll.go:302 +0x89
internal/poll.(*pollDesc).wait(0xc032ba4100?, 0xc018374600?, 0x0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_poll_runtime.go:83 +0x32
internal/poll.(*pollDesc).waitRead(...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_poll_runtime.go:88
internal/poll.(*FD).Read(0xc032ba4100, {0xc018374600, 0x12f4, 0x12f4})
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_unix.go:167 +0x25a
net.(*netFD).Read(0xc032ba4100, {0xc018374600?, 0xc00ab80b60?, 0xc018374605?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/fd_posix.go:55 +0x29
net.(*conn).Read(0xc002c72060, {0xc018374600?, 0x4876dd0?, 0x1?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/net.go:183 +0x45
crypto/tls.(*atLeastReader).Read(0xc013d5c060, {0xc018374600?, 0x0?, 0x0?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:784 +0x3d
bytes.(*Buffer).ReadFrom(0xc0012e4cf8, {0x31b0160, 0xc013d5c060})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/buffer.go:204 +0x98
crypto/tls.(*Conn).readFromUntil(0xc0012e4a80, {0x31b5d40?, 0xc002c72060}, 0x6cf?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:806 +0xe5
crypto/tls.(*Conn).readRecordOrCCS(0xc0012e4a80, 0x0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:613 +0x116
crypto/tls.(*Conn).readRecord(...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:581
crypto/tls.(*Conn).Read(0xc0012e4a80, {0xc018e44000, 0x1000, 0x0?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:1284 +0x16f
net/http.(*persistConn).Read(0xc00cdc7680, {0xc018e44000?, 0xc030cc8420?, 0xc011a49d30?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1929 +0x4e
bufio.(*Reader).fill(0xc06a00b5c0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/bufio/bufio.go:106 +0x103
bufio.(*Reader).Peek(0xc06a00b5c0, 0x1)
        /opt/hostedtoolcache/go/1.18.2/x64/src/bufio/bufio.go:144 +0x5d
net/http.(*persistConn).readLoop(0xc00cdc7680)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2093 +0x1ac
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1750 +0x173e

goroutine 93 [IO wait]:
internal/poll.runtime_pollWait(0x7f93aa910280, 0x72)
        /opt/hostedtoolcache/go/1.18.2/x64/src/runtime/netpoll.go:302 +0x89
internal/poll.(*pollDesc).wait(0xc000fc6800?, 0xc001862000?, 0x0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_poll_runtime.go:83 +0x32
internal/poll.(*pollDesc).waitRead(...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_poll_runtime.go:88
internal/poll.(*FD).Read(0xc000fc6800, {0xc001862000, 0xdbde, 0xdbde})
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_unix.go:167 +0x25a
net.(*netFD).Read(0xc000fc6800, {0xc001862000?, 0xc0015548e0?, 0xc001866070?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/fd_posix.go:55 +0x29
net.(*conn).Read(0xc0001a81e8, {0xc001862000?, 0x9bc8?, 0xc0015548e0?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/net.go:183 +0x45
crypto/tls.(*atLeastReader).Read(0xc000db0138, {0xc001862000?, 0x0?, 0xe6?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:784 +0x3d
bytes.(*Buffer).ReadFrom(0xc00101e978, {0x31b0160, 0xc000db0138})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/buffer.go:204 +0x98
crypto/tls.(*Conn).readFromUntil(0xc00101e700, {0x31b5d40?, 0xc0001a81e8}, 0x9b73?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:806 +0xe5
crypto/tls.(*Conn).readRecordOrCCS(0xc00101e700, 0x0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:613 +0x116
crypto/tls.(*Conn).readRecord(...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:581
crypto/tls.(*Conn).Read(0xc00101e700, {0xc000303000, 0x1000, 0x743500?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:1284 +0x16f
bufio.(*Reader).Read(0xc00181a060, {0xc0018ac900, 0x9, 0x75fec2?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bufio/bufio.go:236 +0x1b4
io.ReadAtLeast({0x31afe80, 0xc00181a060}, {0xc0018ac900, 0x9, 0x9}, 0x9)
        /opt/hostedtoolcache/go/1.18.2/x64/src/io/io.go:331 +0x9a
io.ReadFull(...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/io/io.go:350
net/http.http2readFrameHeader({0xc0018ac900?, 0x9?, 0xc000d9f8c0?}, {0x31afe80?, 0xc00181a060?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/h2_bundle.go:1566 +0x6e
net/http.(*http2Framer).ReadFrame(0xc0018ac8c0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/h2_bundle.go:1830 +0x95
net/http.(*http2clientConnReadLoop).run(0xc00183bf98)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/h2_bundle.go:8815 +0x130
net/http.(*http2ClientConn).readLoop(0xc001018900)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/h2_bundle.go:8711 +0x6f
created by net/http.(*http2Transport).newClientConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/h2_bundle.go:7439 +0xa65

goroutine 3846 [select]:
golang.org/x/sync/semaphore.(*Weighted).Acquire(0xc00189b360, {0x31d1698, 0xc000fe9140}, 0x1)
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/semaphore/semaphore.go:60 +0x345
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile({{0xc0012e9200, 0x1e, 0x20}, {0x0, 0x0, 0x0}}, {0x31d1698?, 0xc000fe9140}, 0xc000d8f7a0, 0xc00189b360, ...)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:301 +0x245
github.com/aquasecurity/fanal/artifact/local.Artifact.Inspect.func1({0xc01c465c70?, 0xc01c465c70?}, {0x31d6c40, 0xc030bfb930}, 0x44?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/artifact/local/fs.go:100 +0x2b4
github.com/aquasecurity/fanal/walker.FS.Walk.func1({0xc01c465bd0?, 0xc01a52f200?}, {0x31d6c40, 0xc030bfb930})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/walker/fs.go:41 +0x127
github.com/saracen/walker.(*walker).walk(0xc000db2480, {0xc01a52f200, 0x38}, {0x31d6c40, 0xc030bfb930})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:76 +0x8d
github.com/saracen/walker.(*walker).readdir(0xc000db2480?, {0xc01a52f200, 0x38})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker_unix.go:46 +0x3c7
github.com/saracen/walker.(*walker).gowalk(0xc000db2480, {0xc01a52f200, 0x38})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:118 +0x28
github.com/saracen/walker.(*walker).walk.func1()
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:103 +0x25
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:54 +0x8d

goroutine 84 [select]:
net/http.(*persistConn).writeLoop(0xc0010339e0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2392 +0xf5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1751 +0x1791

goroutine 158 [select]:
go.opencensus.io/stats/view.(*worker).start(0xc001668280)
        /home/runner/go/pkg/mod/go.opencensus.io@v0.23.0/stats/view/worker.go:276 +0xad
created by go.opencensus.io/stats/view.init.0
        /home/runner/go/pkg/mod/go.opencensus.io@v0.23.0/stats/view/worker.go:34 +0x8d

goroutine 159 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0xc00133aff0?)
        /home/runner/go/pkg/mod/k8s.io/klog/v2@v2.30.0/klog.go:1181 +0x6a
created by k8s.io/klog/v2.init.0
        /home/runner/go/pkg/mod/k8s.io/klog/v2@v2.30.0/klog.go:420 +0xf6

goroutine 83 [IO wait]:
internal/poll.runtime_pollWait(0x7f93aa910460, 0x72)
        /opt/hostedtoolcache/go/1.18.2/x64/src/runtime/netpoll.go:302 +0x89
internal/poll.(*pollDesc).wait(0xc000fc7500?, 0xc001094000?, 0x0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_poll_runtime.go:83 +0x32
internal/poll.(*pollDesc).waitRead(...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_poll_runtime.go:88
internal/poll.(*FD).Read(0xc000fc7500, {0xc001094000, 0x1335, 0x1335})
        /opt/hostedtoolcache/go/1.18.2/x64/src/internal/poll/fd_unix.go:167 +0x25a
net.(*netFD).Read(0xc000fc7500, {0xc001094000?, 0xc001554200?, 0xc001094005?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/fd_posix.go:55 +0x29
net.(*conn).Read(0xc0005ba018, {0xc001094000?, 0xc000614cc0?, 0xc000614cf0?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/net.go:183 +0x45
crypto/tls.(*atLeastReader).Read(0xc000f86810, {0xc001094000?, 0x0?, 0x0?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:784 +0x3d
bytes.(*Buffer).ReadFrom(0xc0012e4278, {0x31b0160, 0xc000f86810})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/buffer.go:204 +0x98
crypto/tls.(*Conn).readFromUntil(0xc0012e4000, {0x31b5d40?, 0xc0005ba018}, 0x2?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:806 +0xe5
crypto/tls.(*Conn).readRecordOrCCS(0xc0012e4000, 0x0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:613 +0x116
crypto/tls.(*Conn).readRecord(...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:581
crypto/tls.(*Conn).Read(0xc0012e4000, {0xc0010a3000, 0x1000, 0x0?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/crypto/tls/conn.go:1284 +0x16f
net/http.(*persistConn).Read(0xc0010339e0, {0xc0010a3000?, 0x448580?, 0xc0000eaec8?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1929 +0x4e
bufio.(*Reader).fill(0xc000103680)
        /opt/hostedtoolcache/go/1.18.2/x64/src/bufio/bufio.go:106 +0x103
bufio.(*Reader).Peek(0xc000103680, 0x1)
        /opt/hostedtoolcache/go/1.18.2/x64/src/bufio/bufio.go:144 +0x5d
net/http.(*persistConn).readLoop(0xc0010339e0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2093 +0x1ac
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1750 +0x173e

goroutine 3943 [runnable]:
strings.ToLower({0x2a6f90c, 0x5})
        /opt/hostedtoolcache/go/1.18.2/x64/src/strings/strings.go:584 +0x25a
github.com/aquasecurity/fanal/secret.(*Rule).MatchKeywords(0x0?, {0xc097aab800, 0x720, 0x800})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:169 +0xe8
github.com/aquasecurity/fanal/secret.Scanner.Scan({0xc001896d20}, {{0xc01cd8e410, 0x4a}, {0xc097aab800, 0x720, 0x800}})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:352 +0x52b
github.com/aquasecurity/fanal/analyzer/secret.SecretAnalyzer.Analyze({{0xc001896d20?}, {0x2ad059a?, 0x277e440?}}, {0x2a0b0e0?, 0x0?}, {{0x7ffff65d53a8, 0x1}, {0xc01cd8e410, 0x4a}, {0x31d6c40, ...}, ...})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/secret/secret.go:78 +0x1d1
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x31d3768, 0xc001739218}, {0x31d3490?, 0xc0001a8128})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:311 +0x253
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

goroutine 3774 [select]:
golang.org/x/sync/semaphore.(*Weighted).Acquire(0xc00189b360, {0x31d1698, 0xc000fe9140}, 0x1)
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/semaphore/semaphore.go:60 +0x345
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile({{0xc0012e9200, 0x1e, 0x20}, {0x0, 0x0, 0x0}}, {0x31d1698?, 0xc000fe9140}, 0xc000d8f7a0, 0xc00189b360, ...)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:301 +0x245
github.com/aquasecurity/fanal/artifact/local.Artifact.Inspect.func1({0xc0333f0140?, 0xc0333f0140?}, {0x31d6c40, 0xc06ab4ec30}, 0x49?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/artifact/local/fs.go:100 +0x2b4
github.com/aquasecurity/fanal/walker.FS.Walk.func1({0xc0333f00a0?, 0xc019060600?}, {0x31d6c40, 0xc06ab4ec30})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/walker/fs.go:41 +0x127
github.com/saracen/walker.(*walker).walk(0xc000db2480, {0xc019060600, 0x37}, {0x31d6c40, 0xc06ab4ec30})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:76 +0x8d
github.com/saracen/walker.(*walker).readdir(0xc000db2480?, {0xc019060600, 0x37})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker_unix.go:46 +0x3c7
github.com/saracen/walker.(*walker).gowalk(0xc000db2480, {0xc019060600, 0x37})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:118 +0x28
github.com/saracen/walker.(*walker).walk.func1()
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:103 +0x25
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:54 +0x8d

goroutine 1966 [select]:
net/http.(*persistConn).readLoop(0xc01064f7a0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2213 +0xda5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1750 +0x173e

goroutine 2716 [select]:
net/http.(*persistConn).readLoop(0xc006f0c5a0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2213 +0xda5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1750 +0x173e

goroutine 3714 [runnable]:
bytes.Map(0x2d20ed8, {0xc0a6c2c000, 0x14f001, 0x156000})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/bytes.go:560 +0x45
bytes.ToLower({0xc0a6c2c000?, 0x14f001?, 0x14f001?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/bytes.go:672 +0x70
github.com/aquasecurity/fanal/secret.(*Rule).MatchKeywords(0x0?, {0xc0a6c2c000, 0x14f001, 0x156000})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:169 +0xc7
github.com/aquasecurity/fanal/secret.Scanner.Scan({0xc001896d20}, {{0xc01ad2a040, 0x39}, {0xc0a6c2c000, 0x14f001, 0x156000}})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:352 +0x52b
github.com/aquasecurity/fanal/analyzer/secret.SecretAnalyzer.Analyze({{0xc001896d20?}, {0x2ad059a?, 0x277e440?}}, {0x2a0b0e0?, 0x279cb00?}, {{0x7ffff65d53a8, 0x1}, {0xc01ad2a040, 0x39}, {0x31d6c40, ...}, ...})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/secret/secret.go:78 +0x1d1
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x31d3768, 0xc001739218}, {0x31d3490?, 0xc002c72188})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:311 +0x253
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

goroutine 1042 [runnable]:
regexp.(*Regexp).FindAllStringSubmatch.func1({0xc0a32445a0, 0x4, 0x0?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/regexp.go:1203 +0xa7
regexp.(*Regexp).allMatches(0xc00089cdc0, {0xc015958cf0, 0x12}, {0x0, 0x0, 0x0}, 0x13, 0xc074602790)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/regexp.go:813 +0x2e2
regexp.(*Regexp).FindAllStringSubmatch(0x0?, {0xc015958cf0?, 0x0?}, 0x0?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/regexp.go:1199 +0x7a
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc015958cf0, 0x12}, 0xc015958cf2?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:98 +0xca
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc015958cf0, 0x12}, 0xc015958cf2?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc015958cf0, 0x12}, 0xc015958cf2?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7
github.com/aquasecurity/go-dep-parser/pkg/java/pom.evaluateVariable({0xc015958cf0, 0x12}, 0xc015958cf2?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/go-dep-parser@v0.0.0-20220503151658-d316f5cc2cff/pkg/java/pom/artifact.go:108 +0x1e7
...
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

goroutine 3925 [runnable]:
bytes.ToLower({0xc034680000, 0x4638e, 0x4638e?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/bytes.go:662 +0x98
github.com/aquasecurity/fanal/secret.(*Rule).MatchKeywords(0x0?, {0xc034680000, 0x4638e, 0x56000})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:169 +0xc7
github.com/aquasecurity/fanal/secret.Scanner.Scan({0xc001896d20}, {{0xc00dafefc0, 0x3c}, {0xc034680000, 0x4638e, 0x56000}})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:352 +0x52b
github.com/aquasecurity/fanal/analyzer/secret.SecretAnalyzer.Analyze({{0xc001896d20?}, {0x2ad059a?, 0x277e440?}}, {0x2a0b0e0?, 0x0?}, {{0x7ffff65d53a8, 0x1}, {0xc00dafefc0, 0x3c}, {0x31d6c40, ...}, ...})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/secret/secret.go:78 +0x1d1
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x31d3768, 0xc001739218}, {0x31d3490?, 0xc0005ba178})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:311 +0x253
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

goroutine 2425 [select]:
net/http.(*persistConn).readLoop(0xc00ddec000)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2213 +0xda5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1750 +0x173e

goroutine 3280 [select]:
net/http.(*persistConn).readLoop(0xc01bf065a0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2213 +0xda5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1750 +0x173e

goroutine 1967 [select]:
net/http.(*persistConn).writeLoop(0xc01064f7a0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2392 +0xf5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1751 +0x1791

goroutine 3917 [runnable]:
bytes.ToLower({0xc043d00000?, 0x21af6?, 0x21af6?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/bytes.go:651 +0x39
github.com/aquasecurity/fanal/secret.(*Rule).MatchKeywords(0x0?, {0xc043d00000, 0x21af6, 0x2a000})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:169 +0xc7
github.com/aquasecurity/fanal/secret.Scanner.Scan({0xc001896d20}, {{0xc01066ba40, 0x41}, {0xc043d00000, 0x21af6, 0x2a000}})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:352 +0x52b
github.com/aquasecurity/fanal/analyzer/secret.SecretAnalyzer.Analyze({{0xc001896d20?}, {0x2ad059a?, 0x277e440?}}, {0x2a0b0e0?, 0xc009d40100?}, {{0x7ffff65d53a8, 0x1}, {0xc01066ba40, 0x41}, {0x31d6c40, ...}, ...})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/secret/secret.go:78 +0x1d1
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x31d3768, 0xc001739218}, {0x31d3490?, 0xc00105e0a8})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:311 +0x253
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

goroutine 3715 [select]:
golang.org/x/sync/semaphore.(*Weighted).Acquire(0xc00189b360, {0x31d1698, 0xc000fe9140}, 0x1)
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/semaphore/semaphore.go:60 +0x345
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile({{0xc0012e9200, 0x1e, 0x20}, {0x0, 0x0, 0x0}}, {0x31d1698?, 0xc000fe9140}, 0xc000d8f7a0, 0xc00189b360, ...)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:301 +0x245
github.com/aquasecurity/fanal/artifact/local.Artifact.Inspect.func1({0xc0333f0320?, 0xc0333f0320?}, {0x31d6c40, 0xc06ab4ed00}, 0x47?)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/artifact/local/fs.go:100 +0x2b4
github.com/aquasecurity/fanal/walker.FS.Walk.func1({0xc0333f0280?, 0xc019060800?}, {0x31d6c40, 0xc06ab4ed00})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/walker/fs.go:41 +0x127
github.com/saracen/walker.(*walker).walk(0xc000db2480, {0xc019060800, 0x3d}, {0x31d6c40, 0xc06ab4ed00})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:76 +0x8d
github.com/saracen/walker.(*walker).readdir(0xc019060800?, {0xc019060800, 0x3d})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker_unix.go:46 +0x3c7
github.com/saracen/walker.(*walker).walk(0xc000db2480, {0xc00f1e8f80, 0x37}, {0x31d6c40, 0xc033372ea0})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:110 +0x1e8
github.com/saracen/walker.(*walker).readdir(0xc000db2480?, {0xc00f1e8f80, 0x37})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker_unix.go:46 +0x3c7
github.com/saracen/walker.(*walker).gowalk(0xc000db2480, {0xc00f1e8f80, 0x37})
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:118 +0x28
github.com/saracen/walker.(*walker).walk.func1()
        /home/runner/go/pkg/mod/github.com/saracen/walker@v0.0.0-20191201085201-324a081bae7e/walker.go:103 +0x25
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/runner/go/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:54 +0x8d

goroutine 3986 [runnable]:
regexp.(*machine).add(0xc0124cb590, 0xc0124cb5a0, 0x18a42580?, 0x1a23e, {0xc018a42480?, 0xe, 0x10}, 0xc03d7cb248, 0x4705cc?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/exec.go:331 +0x14d
regexp.(*machine).add(0xc0124cb590, 0xc0124cb5a0, 0x48f87e0?, 0x1a23e, {0xc018a42480?, 0xe, 0x10}, 0xc03d7cb248, 0x2822c40?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/exec.go:355 +0x1f8
regexp.(*machine).match(0xc0124cb590, {0x31d5710, 0xc0124cb638}, 0x0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/exec.go:222 +0x3d0
regexp.(*Regexp).doExecute(0xc000456820, {0x0?, 0x0}, {0xc044680000, 0x24593, 0x2a000}, {0x0, 0x0}, 0x0?, 0xe, ...)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/exec.go:542 +0x319
regexp.(*Regexp).allMatches(0xc000456820, {0x0, 0x0}, {0xc044680000, 0x24593, 0x2a000}, 0x24594, 0xc03d7cb470)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/regexp.go:782 +0x131
regexp.(*Regexp).FindAllSubmatchIndex(0x0?, {0xc044680000?, 0xc03d7cb520?, 0x414f2f?}, 0x7f9387cf4000?)
        /opt/hostedtoolcache/go/1.18.2/x64/src/regexp/regexp.go:1181 +0x6c
github.com/aquasecurity/fanal/secret.(*Scanner).FindSubmatchLocations(0xc03d7cb730?, {{0x2ab870c, 0xe}, {0x2a6798b, 0x3}, {0x2ab5f20, 0xe}, {0x2a6a3b5, 0x4}, 0xc00000ea20, ...}, ...)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:123 +0x65
github.com/aquasecurity/fanal/secret.(*Scanner).FindLocations(0x12?, {{0x2ab870c, 0xe}, {0x2a6798b, 0x3}, {0x2ab5f20, 0xe}, {0x2a6a3b5, 0x4}, 0xc00000ea20, ...}, ...)
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:101 +0x105
github.com/aquasecurity/fanal/secret.Scanner.Scan({0xc001896d20}, {{0xc00e007800, 0x5b}, {0xc044680000, 0x24593, 0x2a000}})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:357 +0x5a5
github.com/aquasecurity/fanal/analyzer/secret.SecretAnalyzer.Analyze({{0xc001896d20?}, {0x2ad059a?, 0x277e440?}}, {0x2a0b0e0?, 0x0?}, {{0x7ffff65d53a8, 0x1}, {0xc00e007800, 0x5b}, {0x31d6c40, ...}, ...})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/secret/secret.go:78 +0x1d1
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x31d3768, 0xc001739218}, {0x31d3490?, 0xc0001a8118})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:311 +0x253
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

goroutine 3904 [runnable]:
bytes.Map(0x2d20ed8, {0xc033c46000, 0xb29e4, 0xd8000})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/bytes.go:560 +0x45
bytes.ToLower({0xc033c46000?, 0xb29e4?, 0xb29e4?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/bytes.go:672 +0x70
github.com/aquasecurity/fanal/secret.(*Rule).MatchKeywords(0x0?, {0xc033c46000, 0xb29e4, 0xd8000})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:169 +0xc7
github.com/aquasecurity/fanal/secret.Scanner.Scan({0xc001896d20}, {{0xc0018af2c0, 0x59}, {0xc033c46000, 0xb29e4, 0xd8000}})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:352 +0x52b
github.com/aquasecurity/fanal/analyzer/secret.SecretAnalyzer.Analyze({{0xc001896d20?}, {0x2ad059a?, 0x277e440?}}, {0x2a0b0e0?, 0x0?}, {{0x7ffff65d53a8, 0x1}, {0xc0018af2c0, 0x59}, {0x31d6c40, ...}, ...})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/secret/secret.go:78 +0x1d1
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x31d3768, 0xc001739218}, {0x31d3490?, 0xc0011440a0})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:311 +0x253
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

goroutine 3409 [select]:
net/http.(*persistConn).writeLoop(0xc01bf065a0)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2392 +0xf5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1751 +0x1791

goroutine 2959 [select]:
net/http.(*persistConn).writeLoop(0xc01560ea20)
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:2392 +0xf5
created by net/http.(*Transport).dialConn
        /opt/hostedtoolcache/go/1.18.2/x64/src/net/http/transport.go:1751 +0x1791

goroutine 3926 [runnable]:
bytes.ToLower({0xc038b00000, 0x1af22, 0x6?})
        /opt/hostedtoolcache/go/1.18.2/x64/src/bytes/bytes.go:660 +0x118
github.com/aquasecurity/fanal/secret.(*Rule).MatchKeywords(0x0?, {0xc038b00000, 0x1af22, 0x20000})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:169 +0xc7
github.com/aquasecurity/fanal/secret.Scanner.Scan({0xc001896d20}, {{0xc0090551d0, 0x46}, {0xc038b00000, 0x1af22, 0x20000}})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/secret/scanner.go:352 +0x52b
github.com/aquasecurity/fanal/analyzer/secret.SecretAnalyzer.Analyze({{0xc001896d20?}, {0x2ad059a?, 0x277e440?}}, {0x2a0b0e0?, 0x0?}, {{0x7ffff65d53a8, 0x1}, {0xc0090551d0, 0x46}, {0x31d6c40, ...}, ...})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/secret/secret.go:78 +0x1d1
github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x31d3768, 0xc001739218}, {0x31d3490?, 0xc0011440b0})
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:311 +0x253
created by github.com/aquasecurity/fanal/analyzer.AnalyzerGroup.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20220519114754-f9a9d959763a/analyzer/analyzer.go:306 +0x4af

Output of trivy -v:

Version: 0.28.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2022-05-30 12:07:30.181171493 +0000 UTC
  NextUpdate: 2022-05-30 18:07:30.181171293 +0000 UTC
  DownloadedAt: 2022-05-30 12:41:54.0425379 +0000 UTC

Additional details (base image name, container registry info...):

dmesg output : 

[ 2940.035261] Mem-Info:
[ 2940.035264] active_anon:348817 inactive_anon:116327 isolated_anon:0
                active_file:0 inactive_file:8 isolated_file:0
                unevictable:0 dirty:0 writeback:0
                slab_reclaimable:5034 slab_unreclaimable:6330
                mapped:47 shmem:7 pagetables:1596 bounce:0
                free:13858 free_pcp:240 free_cma:0
[ 2940.035269] Node 0 active_anon:1395268kB inactive_anon:465308kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:188kB dirty:0kB writeback:0kB shmem:28kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 20480kB writeback_tmp:0kB kernel_stack:2272kB all_unreclaimable? yes
[ 2940.035274] DMA free:8148kB min:332kB low:412kB high:492kB reserved_highatomic:0KB active_anon:6396kB inactive_anon:332kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:14972kB managed:14884kB mlocked:0kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2940.035278] lowmem_reserve[]: 0 1955 1955 1955 1955
[ 2940.035283] DMA32 free:47284kB min:44720kB low:55900kB high:67080kB reserved_highatomic:0KB active_anon:1389256kB inactive_anon:465012kB active_file:0kB inactive_file:744kB unevictable:0kB writepending:0kB present:2080768kB managed:2006924kB mlocked:0kB pagetables:6380kB bounce:0kB free_pcp:960kB local_pcp:212kB free_cma:0kB
[ 2940.035286] lowmem_reserve[]: 0 0 0 0 0
[ 2940.035289] DMA: 1*4kB (M) 0*8kB 1*16kB (M) 2*32kB (UM) 2*64kB (U) 2*128kB (UM) 2*256kB (UM) 0*512kB 1*1024kB (M) 1*2048kB (M) 1*4096kB (E) = 8148kB
[ 2940.035300] DMA32: 233*4kB (UME) 180*8kB (UME) 182*16kB (UME) 256*32kB (UME) 174*64kB (UME) 88*128kB (UME) 27*256kB (UE) 11*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 48420kB
[ 2940.035310] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 2940.035311] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 2940.035311] 776 total pagecache pages
[ 2940.035313] 615 pages in swap cache
[ 2940.035315] Swap cache stats: add 3151266, delete 3149958, find 954209/1140888
[ 2940.035316] Free swap  = 0kB
[ 2940.035317] Total swap = 1048576kB
[ 2940.035319] 523935 pages RAM
[ 2940.035320] 0 pages HighMem/MovableOnly
[ 2940.035321] 18483 pages reserved
[ 2940.035322] Tasks state (memory values in pages):
[ 2940.035322] [  pid  ]   uid  tgid total_vm      rss pgtables_bytes swapents oom_score_adj name
[ 2940.035327] [    147]     0   147      222        3    36864        6             0 localhost
[ 2940.035328] [    151]     0   151      362        0    36864       98             0 init
[ 2940.035329] [    170]     0   170      294        0    36864       86             0 init
[ 2940.035330] [    171]     0   171      296        0    36864      111             0 init
[ 2940.035331] [    172]  1000   172     2696        0    61440     1084             0 bash
[ 2940.035332] [    383]     0   383      294        0    36864       86             0 init
[ 2940.035334] [    384]     0   384      296        4    36864       85             0 init
[ 2940.035336] [    385]  1000   385     2696        1    65536     1070             0 bash
[ 2940.035338] [    571]  1000   571     1600      263    53248      102             0 htop
[ 2940.035341] [   1819]  1000  1819  1141991   464051  6193152   259792             0 trivy
[ 2940.035343] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=trivy,pid=1819,uid=1000
[ 2940.035490] Out of memory: Killed process 1819 (trivy) total-vm:4567964kB, anon-rss:1856204kB, file-rss:0kB, shmem-rss:0kB, UID:1000 pgtables:6048kB oom_score_adj:0
[ 2940.130917] oom_reaper: reaped process 1819 (trivy), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
DmitriyLewen commented 2 years ago

Hello @oauwils Thanks for your report!

I can't reproduce your problem.

Can you try scanning with --security-checks vuln flag, or specify which file(s) scan returns error?

Regards, Dmitriy

knqyf263 commented 2 years ago

pom.xml scanning might be related. Evaluating properties may lead to infinite loop.

oauwils commented 2 years ago

Hello @DmitriyLewen and @knqyf263 Thanks for your replies, the files scanned are pom.xml. I tried with --security-checks vuln, the result is the same.

I did some tests today, and the problem seems to come from dependencies hosted on private repository (self-hosted nexus in this case). Would it be possible to specify to trivy not to analyze (or skip) these private dependencies ?