search

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.
https://goharbor.io
Apache License 2.0
24.01k stars 4.75k forks source link

After upgrading to v2.8.2 version, getting unexpected status code: 500, expected: 200 error for scan #18824

Closed psandeep09 closed 7 months ago

psandeep09 commented 1 year ago

I have re-installed Harbor from scratch but still getting the same error.

Before re-installing I have removed -

  1. /data/trivy-adapter
  2. /data/secret
  3. /data/redis
  4. /data/job_logs
  5. data/ca_download
  6. /data/databas
  7. /data/registry
  8. /var/log/harbor

2023-06-16T12:34:16Z [INFO] [/pkg/scan/job.go:387]: { "uuid": "bac2bed9-0c3e-11ee-9038-0242c0a8e009", "name": "Trivy", "description": "The Trivy scanner adapter", "url": "http://trivy-adapter:8080", "disabled": false, "is_default": true, "health": "healthy", "auth": "", "access_credential": "[HIDDEN]", "skip_certVerify": false, "use_internal_addr": true, "adapter": "Trivy", "vendor": "Aqua Security", "version": "v0.42.0", "create_time": "2023-06-16T12:10:05.589622Z", "update_time": "2023-06-16T12:10:05.589624Z" } 2023-06-16T12:34:16Z [INFO] [/pkg/scan/job.go:387]: { "registry": { "url": "http://core:8080", "authorization": "[HIDDEN]" }, "artifact": { "namespace_id": 2, "repository": "generic/nodejs-baseimage", "tag": "v3.5-20201013-windowsservercore-ltsc2019.v16.20.0", "digest": "sha256:a4e186667ebb927d2bde495a1ff6163eaf161517d49bc7e742bc38f46a09c2bd", "mime_type": "application/vnd.docker.distribution.manifest.v2+json" } } 2023-06-16T12:34:16Z [INFO] [/pkg/scan/job.go:167]: Report mime types: [application/vnd.security.vulnerability.report; version=1.1] 2023-06-16T12:34:16Z [INFO] [/pkg/scan/job.go:224]: Get report for mime type: application/vnd.security.vulnerability.report; version=1.1 2023-06-16T12:34:18Z [INFO] [/pkg/scan/job.go:245]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2023-06-16T12:34:23Z [ERROR] [/pkg/scan/job.go:294]: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2023-06-16T12:34:17.483Z INFO Vulnerability scanning is enabled 2023-06-16T12:34:19.299Z FATAL image scan error: scan error: scan failed: failed analysis: analyze error: pipeline error: failed to analyze layer (sha256:d5e83508b2cbfebc1c5e9156cfb7d4a0747c1fcc2318ea4099c65c6e866a6e26): post analysis error: post analysis error: terraformplan scan error: fs filter error: fs filter error: walk error open /tmp/layers-4293593078/layer-file-1959996178: permission denied: open /tmp/layers-4293593078/layer-file-1959996178: permission denied : general response handler: unexpected status code: 500, expected: 200

wy65701436 commented 1 year ago

@psandeep09 are you able to pull the image with docker client?

And could you please share the details on how you configuration and install harbor? especially on the parts of storage, it seems that trivy adapter failed by storage permission.

cc @zyyw

psandeep09 commented 1 year ago

except scan everything is working.

I am using docker-compose. just downloaded the online release files and execute the install sh file.

zyyw commented 1 year ago

Hi @psandeep09 , would you mind push another image, for example nginx:1.23.3 to your Harbor instance and scan it to see if this issue still persists? Notices two things:

  1. terraformplan
  2. the tag of your artifact being scanned is v3.5-20201013-windowsservercore-ltsc2019.v16.20.0 -> windows?

These would be related, please push nginx:1.23.3 and do scan against it. Please let us know the results.

chen-keinan commented 1 year ago

@zyyw @wy65701436 a PR has been submitted to disable the terraformplan

psandeep09 commented 1 year ago

@zyyw I see issues only if the image has vulnerabilities.

psandeep09 commented 1 year ago

@zyyw yes, it's a windows image.

michha commented 1 year ago

We are facing the same problem scanning a windows image after we upgraded from an old version (<2.5) to 2.8.3

michha commented 1 year ago

Even after adding TRIVY_DEBUG=true, the log doesnt make the reason more obvious 

2023-08-21T07:56:10.891Z    INFO   Vulnerability scanning is enabled
2023-08-21T07:56:10.891Z    DEBUG  Vulnerability type:  [os library]
2023-08-21T07:56:10.962Z    DEBUG  Image ID: sha256:6ba228603774cfa5926171bd5b8d8f658f1970cd4b4325cdcb7dc43ad9dd5ea0
2023-08-21T07:56:10.962Z    DEBUG  Diff IDs: [sha256:aa27a343ff6a62b6bad81ca57f0f66c9bde947554a41af569eca4ed4822a37f8 sha256:aa427d81a02bb35ee4ab90619a6c28158d0f8ac7cab28ac9102f56d39daebf23 sha256:74d2c48ccef7106eca98cfef050a9e08b0768c7bf10de2fd027a32a0e6685330 sha256:3399720a59ef6149822cb95db492d03a3d595f0544763326e0b3e9ea7db37521 sha256:34eac518e1e389c4b1974db7c28e9820bae12a6d111b3101625d4a7d498a3dd4 sha256:4f16b6f8c31c667bc808c5809f8af8e9078dfaa743c920f3af5272f2fee616e2 sha256:3adb194cccfe4238d14c49692043acd592ebb57b4ac2bb18e2905004ed920963 sha256:375b4de6524dfcd6c32b3d3d3f612225b001c07b010657548ac0c17e2c513912 sha256:47a41a25552373ac271de55ced173f126e67e0e6d23cf0ed808a240cc109e7c4 sha256:78587b7dace610b3b89d8bbcd56fdffb91bb4aa3a50e4ea3f0912513e01e85d1 sha256:19b21eb4ef63ad4fbce8c86b8c0aed96b4a7dfe12b48deaf30e8b3976767c106 sha256:36ff345592db7b7aa719d28b33b34f69886029b11d3800d38f68ac3eaff36f89 sha256:1046b4ae6995f98a1421a2e3b9a1ffc89ae75b1ea76f84965b847e751da132dc sha256:8a0a302a80e5d7277c047f72a964e6a779f986e801f4d35b0ad00807e66279d1 sha256:d1f444bf3d8dc70744a2449492f2f00395102af5259cbe5b378c64b95ce6ccfb sha256:136ba81c8837d8c75bf59ed1e990b5309091df84cd5d669f57ef6931f869cf82 sha256:4556ba713f2f26b04ec7bf7be0bfed07ab15c091a77cc83e1f74365923642332 sha256:046cb8538f668a4a7267b5c5831d8726b643d76af45a8ef80bb47747e84ac85d sha256:626e338fff69b379c0fba4b39b2fde14dd0b02f3ec22af3cbd71c54590b9db1c sha256:c9b276e8518740d16e58dc049de5be4c7effaf319441b987098ea70535b12e45 sha256:1812f299a0d1e18a077b3a2b3afb596734fdfd36042beecce3c45f2c79b615d9 sha256:72df946ad76729397a9f8727eb5469817e3fe05a9004644195fa691d7fb76cda sha256:bd4f286ed567e1c750f2ea37a74b1d76fadb3e577a39d407a1dabb59d364b070 sha256:35cc6c361ff6360ff46cf48d14e99e0e62c8c9dc0d947b1c1bee9331ab779458 sha256:f609a66cbf4313ce9baea78052bdedb516449a4179a0c9327dd0685469a01ab5 sha256:df29b21a676e761a72efd9cc9d71f8dd25de49b3aea0b81295fd1affdbac3d30 sha256:9d7ea1ee32181934e056cdd429a9c0333a89c8552995fac73df3931faecc320a sha256:fe9844b6cca3e1f0f9aa6c0fec73125cecc2f17c96ddd64931ad37a3eebb13cc sha256:29d272a5c04dfba92535d81eb7a05d59ae31009ea46eff8101613aa31ba88823 sha256:005e9252a24790e2bd6b0fda5bb78810bacb8b8548ccf7c9d24e971fbeabcf3f sha256:711104ae43475f557f5de287a4730a89cf07d76a2b264246804dfa28326105f2 sha256:5f0e5b134b0861999651d2c27aadb2cd17e301231c581784b6ce627f007ae114 sha256:d2ae1397b5a171b3e822ab7fc47ded35aafb031b3064911babd167b02dd7bfac sha256:c9ae443f4c2c83bf9f167e41c4962af7f70c204b39f01fd8ac2af546ee75d14b sha256:29a52a3f1ba992177f13427efe2d94bf4c0c48d541f6c73197f66d9cb30569cd sha256:1ff95730ba0a3b126072368f023041d3e07f5f371b2f1256c080e04aaa0c8e03 sha256:e1101eb481875b90c227b57ff7ee9513f308a9d7d20a8c39fe7d3bd3dd5849dc sha256:0f33922f36547d4070ae184b20a6557fac8befc28e7c30b8998f49afd5d052f9 sha256:5e19e88d60c4ecbcf0d435d2f22ff4a1a05bad251381777cea1129b8c83355ac sha256:27f2b1e2fa03d5e86c5b892eb3d8f3fb1b38b79dfada1606d913e5aa8d11de86]
2023-08-21T07:56:10.962Z    DEBUG  Base Layers: []
2023-08-21T07:56:12.599Z    DEBUG  Missing image ID in cache: sha256:6ba228603774cfa5926171bd5b8d8f658f1970cd4b4325cdcb7dc43ad9dd5ea0
2023-08-21T07:56:12.599Z    DEBUG  Missing diff ID in cache: sha256:d2ae1397b5a171b3e822ab7fc47ded35aafb031b3064911babd167b02dd7bfac
2023-08-21T07:56:17.367Z    INFO   JAR files found
2023-08-21T07:56:17.368Z    INFO   Analyzing JAR files takes a while...
2023-08-21T07:56:17.373Z    FATAL  image scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:426
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:268
  - scan failed:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:684
  - failed analysis:
    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:144
  - analyze error:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:139
  - pipeline error:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:243
  - failed to analyze layer (sha256:d2ae1397b5a171b3e822ab7fc47ded35aafb031b3064911babd167b02dd7bfac):
    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect.func1
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:230
  - post analysis error:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspectLayer
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:312
  - post analysis error:
    github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.PostAnalyze
        /home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:498
  - walk dir error:
    github.com/aquasecurity/trivy/pkg/fanal/analyzer/language/java/jar.(*javaLibraryAnalyzer).PostAnalyze
        /home/runner/work/trivy/trivy/pkg/fanal/analyzer/language/java/jar/jar.go:86
  - file open error:
    github.com/aquasecurity/trivy/pkg/parallel.walk[...]
        /home/runner/work/trivy/trivy/pkg/parallel/walk.go:93
  - open /tmp/analyzer-fs-1484339053/file-2550864272: permission denied
: general response handler: unexpected status code: 500, expected: 200

Any advice would be appreciated 😄

psandeep09 commented 1 year ago

yes getting same issue with latest version for docker pull fluent/fluentd:v1.16.2-windows-ltsc2019-1.0

michha commented 1 year ago

2.9.0 still has this issue, so scanning windows based images is still broken.

github-actions[bot] commented 10 months ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

daniel-garcia commented 10 months ago

Seeing the same thing for gcr.io/distroless/static:nonroot

github-actions[bot] commented 8 months ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

github-actions[bot] commented 7 months ago

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.