search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
23.06k stars 2.28k forks source link

Error when scanning a Kubernetes workload or ServiceAccount with an empty item in `imagePullSecrets` array #7011

Closed chen-keinan closed 3 months ago

chen-keinan commented 3 months ago

Discussed in https://github.com/aquasecurity/trivy/discussions/6928

Originally posted by **matheusfm** June 13, 2024 ### Description Trivy fails when scanning a Kubernetes workload with an empty item in `imagePullSecrets` array: ```yaml imagePullSecrets: - {} ``` ### Desired Behavior I expect this object to be scanned without errors, ignoring the empty `imagePullSecrets` item. ### Actual Behavior Trivy fails with the following output: ``` 2024-06-13T17:04:23-03:00 FATAL Fatal error get k8s artifacts with node info error: failed getting auth for gvr: /v1, Resource=pods - getting secret by name: default/: resource name may not be empty ``` ### Reproduction Steps 1. Create a kind cluster ```bash kind create cluster ``` 2. Create a pod with an empty item in `imagePullSecrets` array ``` cat << EOF | kubectl apply -f - apiVersion: v1 kind: Pod metadata: name: nginx labels: role: nginx spec: imagePullSecrets: - {} containers: - name: nginx image: nginx EOF ``` 3. Run trivy: ``` trivy k8s --report summary ``` ### Target Kubernetes ### Scanner Vulnerability ### Output Format Table ### Mode Standalone ### Debug Output ```bash 2024-06-13T17:04:22-03:00 DEBUG Parsed severities severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL] 2024-06-13T17:04:22-03:00 DEBUG Ignore statuses statuses=[] 2024-06-13T17:04:23-03:00 FATAL Fatal error get k8s artifacts with node info error: failed getting auth for gvr: /v1, Resource=pods - getting secret by name: default/: resource name may not be empty ``` ### Operating System linux ### Version ```bash Version: 0.52.1 Vulnerability DB: Version: 2 UpdatedAt: 2024-06-10 12:13:28.957657425 +0000 UTC NextUpdate: 2024-06-10 18:13:28.957657255 +0000 UTC DownloadedAt: 2024-06-10 13:43:20.101006187 +0000 UTC Java DB: Version: 1 UpdatedAt: 2024-06-10 01:05:31.416428614 +0000 UTC NextUpdate: 2024-06-13 01:05:31.416428444 +0000 UTC DownloadedAt: 2024-06-10 13:53:07.844808071 +0000 UTC ``` ### Checklist - [X] Run `trivy image --reset` - [X] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)
chen-keinan commented 3 months ago

@matheusfm you need to raise a PR with-in trivy to bump trivy-kubernetes lib

matheusfm commented 3 months ago

@matheusfm you need to raise a PR with-in trivy to bump trivy-kubernetes lib

@chen-keinan Here is the PR to bump trivy-kubernetes version: https://github.com/aquasecurity/trivy/pull/7012