vsphere-tmm / Supervisor-Services

vSphere with Tanzu: Supervisor Services
https://vsphere-tmm.github.io/Supervisor-Services/
21 stars 11 forks source link

Trivy scanner still not working in latest 2.9.1 Harbor Supervisor Service release #34

Open christschn81 opened 3 months ago

christschn81 commented 3 months ago

When deploying the latest harbor 2.9.1 supervisor service interrogation services are still malfunct. The initial download of the vulnerability database is not possible, due to "no space left on device" condition in /tmp which lives on the / volume.

... 2024-08-16T10:16:21Z [ERROR] [/pkg/scan/job.go:294]: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2024-08-16T10:13:04.377Z INFO Vulnerability scanning is enabled 2024-08-16T10:14:00.845Z INFO Java DB Repository: ghcr.io/aquasecurity/trivy-java-db:1 2024-08-16T10:14:00.845Z INFO Downloading the Java DB... 2024-08-16T10:16:17.614Z FATAL image scan error: scan error: scan failed: failed analysis: analyze error: pipeline error: failed to analyze layer (sha256:72db5db515fdd9ae82b759fc207fdfbcc31567c28bb87950abc94ce1d60b2d40): post analysis error: post analysis error: Unable to initialize the Java DB: Java DB update failed: DB download error: oci download error: copy error: write /tmp/trivy3218355861/javadb.tar.gz: no space left on device : general response handler: unexpected status code: 500, expected: 200

According to the trivy docs this could be fixed by setting TMPDIR (https://aquasecurity.github.io/trivy/v0.43/docs/references/troubleshooting/).

A persitent volume is already mounted on /home/scanner/.cache by default, so this could also double as the tmp dir?

Regards, Christian