search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
23.06k stars 2.28k forks source link

Scanning images fails with error message "running trivy wrapper: running trivy: exit status 1" #2684

Closed zyyw closed 1 year ago

zyyw commented 2 years ago

Hi, when running pipeline to prepare for Harbor 2.6.0 release (using TRIVYVERSION=v0.29.2, TRIVYADAPTERVERSION=v0.30.0), we found scan all occasionally failed (not consistent fails) with the following error message:

Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:33Z [ERROR] [/pkg/scan/job.go:294]: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL

Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:32.797Z#011#033[33mWARN#033[0m#011Increase --timeout value
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:32.797Z#011#033[31mFATAL#033[0m#011image scan error:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/commands/artifact.run
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:355
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - scan error:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:217
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - image scan failed:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/commands/artifact.scan
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:515
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - failed analysis:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/scanner/scan.go:112
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - analyze error:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:114
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - timeout:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:194
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - context deadline exceeded
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: : general response handler: unexpected status code: 500, expected: 200
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:33Z [ERROR] [/jobservice/runner/redis.go:123]: Job 'IMAGE_SCAN:6a53509e296f9ba8c75ddb63' exit with error: run error: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL

a relatively full message is here:

Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:33Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:33Z [DEBUG] [/pkg/scan/job.go:237]: check scan report for mime application/vnd.security.vulnerability.report; version=1.1 at 2022/08/05 20:00:33
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:33Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:33Z [DEBUG] [/pkg/scan/job.go:237]: check scan report for mime application/vnd.security.vulnerability.report; version=1.1 at 2022/08/05 20:00:33
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:33Z [ERROR] [/pkg/scan/job.go:294]: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011cache dir:  /home/scanner/.cache/trivy
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011Skipping DB update...
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011DB Schema: 2, UpdatedAt: 2022-03-09 06:06:49.224805622 +0000 UTC, NextUpdate: 2022-03-09 12:06:49.224805522 +0000 UTC, DownloadedAt: 2022-03-09 06:23:23.221116871 +0000 UTC
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[34mINFO#033[0m#011Vulnerability scanning is enabled
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011Vulnerability type:  [os library]
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[34mINFO#033[0m#011Secret scanning is enabled
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[34mINFO#033[0m#011If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[34mINFO#033[0m#011Please see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.989Z#011#033[35mDEBUG#033[0m#011No secret config detected: trivy-secret.yaml
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.250Z#011#033[35mDEBUG#033[0m#011Image ID: sha256:ed94f55483b8ee076a1ee5c395a1337e9743699e73f7d40d22048ef5dc3fc7ea
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.250Z#011#033[35mDEBUG#033[0m#011Diff IDs: [sha256:ebb9ae013834b54e76c8d7dfde0ca9018f6bb3495740356a8f1dc655a8552130 sha256:0ca7f54856c0baa7f6beecab94a76531965d5d9e079f2fe1761c5173f2f0d9f6 sha256:1f59a4b2e20603f508265d81a77daeafcb7686ed15a1bc07ba5af4d0caeb7993 sha256:bee1e39d7c3ad8f2dac018953a77aeb84d2f8f656e65e046725c32be1926324a sha256:03ff63c55220937ca4889456b9e85ed3ae1ab91189e28ed4428885b5f62ea979 sha256:e7fe5541de5fca79f8b93660a8f2468d9ca0597c9c63d2308f9a06e42233ea07 sha256:d32e23a0d8e938f5c224c023893bb9924769309f5c4fa1439d54efa160538b50 sha256:a8b89d74438f4165adcde1e33d3aa6020851a123c1209d6f8417c8f3e38d6781 sha256:f632d1d631d8a12e2e2f7e3765b9747714c20b1cef0909363b1ef42c34b26d97 sha256:2376c9e05baae4cf4390c325c91471344e19ec9ff1655cd98a7562d14c89f57e]
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.250Z#011#033[35mDEBUG#033[0m#011Base Layers: [sha256:ebb9ae013834b54e76c8d7dfde0ca9018f6bb3495740356a8f1dc655a8552130]
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing image ID in cache: sha256:ed94f55483b8ee076a1ee5c395a1337e9743699e73f7d40d22048ef5dc3fc7ea
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:2376c9e05baae4cf4390c325c91471344e19ec9ff1655cd98a7562d14c89f57e
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:03ff63c55220937ca4889456b9e85ed3ae1ab91189e28ed4428885b5f62ea979
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:0ca7f54856c0baa7f6beecab94a76531965d5d9e079f2fe1761c5173f2f0d9f6
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:1f59a4b2e20603f508265d81a77daeafcb7686ed15a1bc07ba5af4d0caeb7993
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:ebb9ae013834b54e76c8d7dfde0ca9018f6bb3495740356a8f1dc655a8552130
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:bee1e39d7c3ad8f2dac018953a77aeb84d2f8f656e65e046725c32be1926324a
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:d32e23a0d8e938f5c224c023893bb9924769309f5c4fa1439d54efa160538b50
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:e7fe5541de5fca79f8b93660a8f2468d9ca0597c9c63d2308f9a06e42233ea07
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:a8b89d74438f4165adcde1e33d3aa6020851a123c1209d6f8417c8f3e38d6781
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:f632d1d631d8a12e2e2f7e3765b9747714c20b1cef0909363b1ef42c34b26d97
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.704Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/bin/bootstrap.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.752Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/applets/MoleculeViewer/MoleculeViewer.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.796Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/applets/WireFrame/WireFrame.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.796Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/CodePointIM/CodePointIM.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.800Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/bin/commons-daemon.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.805Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/bin/tomcat-juli.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.812Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/FileChooserDemo/FileChooserDemo.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.818Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/Font2DTest/Font2DTest.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.839Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/annotations-api.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.970Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/catalina-ant.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.217Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "bootstrap.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.218Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/catalina-ha.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.219Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "FileChooserDemo.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.222Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/Metalworks/Metalworks.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.223Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "Font2DTest.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.225Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/Notepad/Notepad.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.226Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "CodePointIM.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.226Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "WireFrame.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.226Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "MoleculeViewer.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.226Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/SampleTree/SampleTree.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.227Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/catalina-storeconfig.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.230Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/SwingApplet/SwingApplet.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.230Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/TableExample/TableExample.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.237Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/catalina-tribes.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.329Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/catalina.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.393Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/ecj-4.6.3.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.618Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/el-api.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.623Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "Metalworks.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.623Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jfc/TransparentRuler/TransparentRuler.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.630Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "TableExample.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.630Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jpda/examples.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.633Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "Notepad.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.635Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/jasper-el.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.635Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "SampleTree.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.638Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "SwingApplet.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.639Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jvmti/heapTracker/heapTracker.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.647Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/jasper.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.675Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jvmti/minst/minst.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.682Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/jvmti/mtrace/mtrace.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.734Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/jaspic-api.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:34.924Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/jsp-api.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.025Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "TransparentRuler.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.025Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/servlet-api.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.032Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/management/FullThreadDump/FullThreadDump.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.033Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "examples.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.034Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/management/JTop/JTop.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.036Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "heapTracker.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.037Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/management/MemoryMonitor/MemoryMonitor.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.047Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-api.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.063Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-coyote.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.081Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "mtrace.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.082Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "minst.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.082Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/management/VerboseGC/VerboseGC.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.170Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-dbcp.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.201Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/nio/zipfs/zipfs.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.333Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-i18n-de.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.428Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "FullThreadDump.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.432Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/demo/scripting/jconsole-plugin/jconsole-plugin.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.436Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-i18n-es.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.441Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "JTop.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.441Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "MemoryMonitor.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.442Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-i18n-fr.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.480Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-i18n-ja.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.483Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "VerboseGC.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.578Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-i18n-ko.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.607Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "zipfs.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.747Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-i18n-ru.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.844Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-i18n-zh-CN.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.844Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "jconsole-plugin.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.848Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-jdbc.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.885Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-jni.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.907Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/charsets.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.980Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-util-scan.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.993Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/cldrdata.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.993Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/dnsns.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:35.994Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/jaccess.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.014Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/localedata.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.147Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-util.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.244Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/tomcat-websocket.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.284Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/lib/websocket-api.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.310Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "charsets.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.347Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/nashorn.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.397Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "jaccess.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.397Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/sunec.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.400Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "dnsns.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.402Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/sunjce_provider.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.405Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "cldrdata.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.406Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/sunpkcs11.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.425Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "localedata.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.425Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/ext/zipfs.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.436Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/webapps.dist/docs/appdev/sample/sample.war"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.756Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "nashorn.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.770Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/jce.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.827Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "zipfs.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.838Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "sample.war"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.839Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/jsse.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.901Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "sunjce_provider.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.904Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "sunec.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.907Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/management-agent.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.920Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "sunpkcs11.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.951Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/webapps.dist/examples/WEB-INF/lib/taglibs-standard-impl-1.2.5.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.951Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/tomcat/webapps.dist/examples/WEB-INF/lib/taglibs-standard-spec-1.2.5.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:36.953Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/resources.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.252Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "jsse.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.301Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "jce.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.308Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "management-agent.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.371Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "resources.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.825Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/rt.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.829Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/security/policy/limited/US_export_policy.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.829Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/security/policy/limited/local_policy.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.829Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/security/policy/unlimited/US_export_policy.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:37.849Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/jre/lib/security/policy/unlimited/local_policy.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.226Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "US_export_policy.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.228Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "local_policy.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.229Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "US_export_policy.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.256Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "local_policy.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.383Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "rt.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.403Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/lib/dt.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.413Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/lib/jconsole.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.466Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/lib/sa-jdi.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.693Z#011#033[35mDEBUG#033[0m#011Parsing Java artifacts...#011{"file": "usr/local/openjdk-8/lib/tools.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.800Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "dt.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.819Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "jconsole.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:38.872Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "sa-jdi.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:39.139Z#011#033[35mDEBUG#033[0m#011No such POM in the central repositories#011{"file": "tools.jar"}
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:32.797Z#011#033[33mWARN#033[0m#011Increase --timeout value
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:32.797Z#011#033[31mFATAL#033[0m#011image scan error:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/commands/artifact.run
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:355
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - scan error:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:217
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - image scan failed:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/commands/artifact.scan
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:515
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - failed analysis:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/scanner/scan.go:112
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - analyze error:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:114
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - timeout:
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:     github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:         /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:194
Aug  5 20:00:33 172.22.0.1 jobservice[2927]:   - context deadline exceeded
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: : general response handler: unexpected status code: 500, expected: 200
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T20:00:33Z [ERROR] [/jobservice/runner/redis.go:123]: Job 'IMAGE_SCAN:6a53509e296f9ba8c75ddb63' exit with error: run error: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011cache dir:  /home/scanner/.cache/trivy
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011Skipping DB update...
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011DB Schema: 2, UpdatedAt: 2022-03-09 06:06:49.224805622 +0000 UTC, NextUpdate: 2022-03-09 12:06:49.224805522 +0000 UTC, DownloadedAt: 2022-03-09 06:23:23.221116871 +0000 UTC
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[34mINFO#033[0m#011Vulnerability scanning is enabled
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[35mDEBUG#033[0m#011Vulnerability type:  [os library]
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[34mINFO#033[0m#011Secret scanning is enabled
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[34mINFO#033[0m#011If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.796Z#011#033[34mINFO#033[0m#011Please see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:32.989Z#011#033[35mDEBUG#033[0m#011No secret config detected: trivy-secret.yaml
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.250Z#011#033[35mDEBUG#033[0m#011Image ID: sha256:ed94f55483b8ee076a1ee5c395a1337e9743699e73f7d40d22048ef5dc3fc7ea
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.250Z#011#033[35mDEBUG#033[0m#011Diff IDs: [sha256:ebb9ae013834b54e76c8d7dfde0ca9018f6bb3495740356a8f1dc655a8552130 sha256:0ca7f54856c0baa7f6beecab94a76531965d5d9e079f2fe1761c5173f2f0d9f6 sha256:1f59a4b2e20603f508265d81a77daeafcb7686ed15a1bc07ba5af4d0caeb7993 sha256:bee1e39d7c3ad8f2dac018953a77aeb84d2f8f656e65e046725c32be1926324a sha256:03ff63c55220937ca4889456b9e85ed3ae1ab91189e28ed4428885b5f62ea979 sha256:e7fe5541de5fca79f8b93660a8f2468d9ca0597c9c63d2308f9a06e42233ea07 sha256:d32e23a0d8e938f5c224c023893bb9924769309f5c4fa1439d54efa160538b50 sha256:a8b89d74438f4165adcde1e33d3aa6020851a123c1209d6f8417c8f3e38d6781 sha256:f632d1d631d8a12e2e2f7e3765b9747714c20b1cef0909363b1ef42c34b26d97 sha256:2376c9e05baae4cf4390c325c91471344e19ec9ff1655cd98a7562d14c89f57e]
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.250Z#011#033[35mDEBUG#033[0m#011Base Layers: [sha256:ebb9ae013834b54e76c8d7dfde0ca9018f6bb3495740356a8f1dc655a8552130]
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing image ID in cache: sha256:ed94f55483b8ee076a1ee5c395a1337e9743699e73f7d40d22048ef5dc3fc7ea
Aug  5 20:00:33 172.22.0.1 jobservice[2927]: 2022-08-05T19:55:33.251Z#011#033[35mDEBUG#033[0m#011Missing diff ID in cache: sha256:2376c9e05baae4cf4390c325c91471344e19ec9ff1655cd98a7562d14c89f57e

This error is similar to this one:

We noticed that there is comment in https://github.com/goharbor/harbor/issues/15977#issuecomment-1105161690, saying:

Notice also, that scanning certain images may required more memory than the other. Container images with Java applications are one example.

And from the log message, we can see that there is scanning against some .jar files. Could you please help to verify whether this two issues are more or less the same problem? Thanks

knqyf263 commented 2 years ago

It is just a timeout like the log message says. Jar scanning takes time and it is likely to lead to a timeout. You need to increase the timeout value. https://github.com/aquasecurity/harbor-scanner-trivy/blob/ff073cd57730f9258ec9fb6a72852f61a598f6e4/helm/harbor-scanner-trivy/values.yaml#L69-L70

Notice also, that scanning certain images may required more memory than the other. Container images with Java applications are one example.

It could be another issue.

github-actions[bot] commented 1 year ago

This issue is stale because it has been labeled with inactivity.