Fatal error when scanning image

remidinishanth-ntnx commented 4 years ago

When I try to scan the image mikesplain/openvas:latest with trivy, it reports FATAL error instead of reporting me the list of vulnerabilities.

What did you expect to happen? I expected to see the list of vulnerabilities of the image.

What happened instead?

# trivy mikesplain/openvas:latest
2020-05-15T05:20:34.641Z    WARN    You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2020-05-15T05:22:34.686Z    FATAL   unable to initialize the docker scanner: unable to initialize a image struct: failed to initialize source: error pinging docker registry registry-1.docker.io: Get http://registry-1.docker.io/v2/: context deadline exceeded

Output of run with -debug:

# trivy -d mikesplain/openvas:latest
2020-05-15T05:16:58.746Z    DEBUG   Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2020-05-15T05:16:58.747Z    WARN    You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2020-05-15T05:16:58.749Z    DEBUG   cache dir:  /root/.cache/trivy
2020-05-15T05:16:58.749Z    DEBUG   DB update was skipped because DB is the latest
2020-05-15T05:16:58.749Z    DEBUG   DB Schema: 1, Type: 1, UpdatedAt: 2020-05-15 00:11:10.533040797 +0000 UTC, NextUpdate: 2020-05-15 12:11:10.533040597 +0000 UTC
2020-05-15T05:18:58.778Z    FATAL   unable to initialize the docker scanner:
    github.com/aquasecurity/trivy/internal/standalone.run
        /home/circleci/project/internal/standalone/run.go:86
  - unable to initialize a image struct:
    github.com/aquasecurity/fanal/extractor/docker.newDockerExtractor
        /go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20200317181056-f28b6d21845c/extractor/docker/docker.go:76
  - failed to initialize source:
    github.com/aquasecurity/fanal/extractor/image.NewImage
        /go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20200317181056-f28b6d21845c/extractor/image/image.go:86
  - Get http://registry-1.docker.io/v2/: context deadline exceeded
    error pinging docker registry registry-1.docker.io
    github.com/containers/image/v5/docker.(*dockerClient).detectPropertiesHelper
        /go/pkg/mod/github.com/containers/image/v5@v5.1.0/docker/docker_client.go:642
    github.com/containers/image/v5/docker.(*dockerClient).detectProperties.func1
        /go/pkg/mod/github.com/containers/image/v5@v5.1.0/docker/docker_client.go:675
    sync.(*Once).doSlow
        /usr/local/go/src/sync/once.go:66
    sync.(*Once).Do
        /usr/local/go/src/sync/once.go:57
    github.com/containers/image/v5/docker.(*dockerClient).detectProperties
        /go/pkg/mod/github.com/containers/image/v5@v5.1.0/docker/docker_client.go:675
    github.com/containers/image/v5/docker.(*dockerClient).makeRequest
        /go/pkg/mod/github.com/containers/image/v5@v5.1.0/docker/docker_client.go:395
    github.com/containers/image/v5/docker.(*dockerImageSource).fetchManifest
        /go/pkg/mod/github.com/containers/image/v5@v5.1.0/docker/docker_image_src.go:151
    github.com/containers/image/v5/docker.(*dockerImageSource).ensureManifestIsLoaded
        /go/pkg/mod/github.com/containers/image/v5@v5.1.0/docker/docker_image_src.go:183
    github.com/containers/image/v5/docker.newImageSource
        /go/pkg/mod/github.com/containers/image/v5@v5.1.0/docker/docker_image_src.go:87
    github.com/containers/image/v5/docker.dockerReference.NewImageSource
        /go/pkg/mod/github.com/containers/image/v5@v5.1.0/docker/docker_transport.go:144
    github.com/aquasecurity/fanal/extractor/image.newSource
        /go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20200317181056-f28b6d21845c/extractor/image/image.go:109
    github.com/aquasecurity/fanal/extractor/image.NewImage
        /go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20200317181056-f28b6d21845c/extractor/image/image.go:84
    github.com/aquasecurity/fanal/extractor/docker.newDockerExtractor
        /go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20200317181056-f28b6d21845c/extractor/docker/docker.go:74
    github.com/aquasecurity/fanal/extractor/docker.NewDockerExtractor
        /go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20200317181056-f28b6d21845c/extractor/docker/docker.go:60
    github.com/aquasecurity/trivy/internal/standalone.initializeDockerScanner
        /home/circleci/project/internal/standalone/wire_gen.go:35
    github.com/aquasecurity/trivy/internal/standalone.run
        /home/circleci/project/internal/standalone/run.go:84
    github.com/aquasecurity/trivy/internal/standalone.Run
        /home/circleci/project/internal/standalone/run.go:28
    github.com/urfave/cli.HandleAction
        /go/pkg/mod/github.com/urfave/cli@v1.22.1/app.go:523
    github.com/urfave/cli.(*App).Run
        /go/pkg/mod/github.com/urfave/cli@v1.22.1/app.go:285
    main.main
        /home/circleci/project/cmd/trivy/main.go:18
    runtime.main
        /usr/local/go/src/runtime/proc.go:203
    runtime.goexit
        /usr/local/go/src/runtime/asm_amd64.s:1357

Output of trivy -v:

# trivy -v
Version: 0.5.3
Vulnerability DB:
  Type: Light
  Version: 1
  UpdatedAt: 2020-05-15 00:11:10.533040797 +0000 UTC
  NextUpdate: 2020-05-15 12:11:10.533040597 +0000 UTC

Additional details (base image name, container registry info...):

Here is the Dockerfile of the image https://hub.docker.com/r/mikesplain/openvas/dockerfile

knqyf263 commented 4 years ago

The error message says Get http://registry-1.docker.io/v2/: context deadline exceeded. So, I think DockerHub was down or your network had any problem. Does it still reproduce? Also, would you try the latest version?

github-actions[bot] commented 3 years ago

This issue is stale because it has been labeled with inactivity.

krol3 commented 3 years ago

@remidinishanth-ntnx, I tested trivy mikesplain/openvas:latestand works for me using the Version: 0.16.0. I will close this issue, if you have any problem, please put your comments here.

aquasecurity / trivy

Fatal error when scanning image #495