Originally posted by **aaronmondal** June 15, 2024
### Description
GitHub updated the GHA runner's docker from 24 to 26 in https://github.com/actions/runner-images/commit/619f9fd372f7aed204a8e2c46f2d7ce10d4b868c. Since then the trivy workflows in our repo broke.
### Desired Behavior
Trivy working without the above patch.
### Actual Behavior
```
2024-06-14T19:21:21+02:00 INFO Vulnerability scanning is enabled
2024-06-14T19:21:21+02:00 INFO Secret scanning is enabled
2024-06-14T19:21:21+02:00 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-14T19:21:21+02:00 INFO Please see also https://aquasecurity.github.io/trivy/dev/docs/scanner/secret/#recommendation for faster secret detection
2024-06-14T19:21:21+02:00 FATAL Fatal error image scan error: scan error: scan failed: failed analysis: unable to get the image's config file: failed parsing crea
ted : parsing time "" as "2006-01-02T15:04:05Z07:00": cannot parse "" as "2006"
```
### Reproduction Steps
```bash
Check out e.g. https://github.com/TraceMachina/nativelink/commit/bf9edc9c0a034cfedaa51f039123cb29278d3f7e, enter the nix environment and run `local-image-test`.
This effectively creates a container image with an erased timestamp that triggers the failure.
```
### Target
Container Image
### Scanner
Vulnerability
### Output Format
None
### Mode
Standalone
### Debug Output
```bash
2024-06-14T22:15:27+02:00 DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-06-14T22:15:27+02:00 DEBUG Ignore statuses statuses=[]
2024-06-14T22:15:27+02:00 DEBUG Cache dir dir="/home/aaron/.cache/trivy"
2024-06-14T22:15:27+02:00 DEBUG DB update was skipped because the local DB is the latest
2024-06-14T22:15:27+02:00 DEBUG DB info schema=2 updated_at=2024-06-14T18:11:12.454689304Z next_update=2024-06-15T00:11:12.454689174Z downloaded_at=2024-06-14T20:00:1
3.760242809Z
2024-06-14T22:15:27+02:00 INFO Vulnerability scanning is enabled
2024-06-14T22:15:27+02:00 DEBUG Vulnerability type type=[os library]
2024-06-14T22:15:27+02:00 INFO Secret scanning is enabled
2024-06-14T22:15:27+02:00 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-06-14T22:15:27+02:00 INFO Please see also https://aquasecurity.github.io/trivy/dev/docs/scanner/secret/#recommendation for faster secret detection
2024-06-14T22:15:27+02:00 DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json ter
raformplan-snapshot]
2024-06-14T22:15:27+02:00 DEBUG [secret] No secret config detected config_path="trivy-secret.yaml"
2024-06-14T22:15:27+02:00 DEBUG [nuget] The nuget packages directory couldn't be found. License search disabled
2024-06-14T22:15:27+02:00 DEBUG [secret] No secret config detected config_path="trivy-secret.yaml"
2024-06-14T22:15:27+02:00 DEBUG [image] Detected image ID image_id="sha256:5be469194a73a54dd0c065b816107c82f0d3f7a7b069a61389eb80dc9a2c55aa"
2024-06-14T22:15:27+02:00 FATAL Fatal error
- image scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:422
- scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:266
- scan failed:
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:693
- failed analysis:
github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
github.com/aquasecurity/trivy/pkg/scanner/scan.go:148
- unable to get the image's config file:
github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect
github.com/aquasecurity/trivy/pkg/fanal/artifact/image/image.go:85
- failed parsing created :
github.com/aquasecurity/trivy/pkg/fanal/image/daemon.(*image).ConfigFile
github.com/aquasecurity/trivy/pkg/fanal/image/daemon/image.go:115
- parsing time "" as "2006-01-02T15:04:05.999999999Z07:00": cannot parse "" as "2006"
```
### Operating System
Linux 6.9.2-gentoo x86_64 GNU/Linux
### Version
```bash
Version: v0.52.2
Vulnerability DB:
Version: 2
UpdatedAt: 2024-06-14 18:11:12.454689304 +0000 UTC
NextUpdate: 2024-06-15 00:11:12.454689174 +0000 UTC
DownloadedAt: 2024-06-14 20:00:13.760242809 +0000 UTC
```
### Checklist
- [X] Run `trivy image --reset`
- [X] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)
Discussed in https://github.com/aquasecurity/trivy/discussions/6944