Closed jjmcmullan closed 1 week ago
ashnamehrotra
commented
2 weeks ago @jjmcmullan what version of trivy are you using and can you confirm this is the command you used for the report? trivy image --vuln-type os --ignore-unfixed -f json -o nginx.1.21.6.json docker.io/library/nginx:1.21.6. Your file looks a bit different from what is generated with this command when I run it, and puts the info under additional[] brackets which may be why copa isn't able to parse it.
jjmcmullan
commented
2 weeks ago @ashnamehrotra thank you for getting back to me. I can confirm tat was the command. I ran a "brew upgrade trivy" and it reported "0.52.2 already installed", however when I ran "trivy --version" it reported "0.18.3"! I have no idea where that version came from! Long story short, I removed all references to trivy from the system and ran a clean install "brew install trivy" and "trivy --version" reported 0.52.2. The demo now works. Apologies for wasting your time and thank you again for getting back to me.
Version of copa
0.6.2
Expected Behavior
expected copa to patch the nginx image.
Actual Behavior
I was following the demo to scan and patch the nginx:1.21.6 image but when I try to run copa I get the following error message: Error: nginx.1.21.6.json is not a supported scan report format. I have included the trivy report. nginx.1.21.6.json
Steps To Reproduce
Followed the instructions to install trivy and copa. Followed the demo instructions to scan and patch the nginx:1.21.6 image.
Are you willing to submit PRs to contribute to this bug fix?