search

yokawasa / gitrivy

Trivy with GitHub Actions
MIT License
2 stars 1 forks source link

TypeError: vuln.Vulnerabilities is not iterable at Trivy.parse #2

Closed yokawasa closed 3 years ago

yokawasa commented 3 years ago

It was observed that the action gets the following error and fails

::error::TypeError: vuln.Vulnerabilities is not iterable%0A    at Trivy.parse (/Users/yoichika/dev/github/gitrivy/dist/index.js:13408:36)%0A    at /Users/yoichika/dev/github/gitrivy/dist/index.js:6651:40%0A    at Generator.next (<anonymous>)%0A    at fulfilled (/Users/yoichika/dev/github/gitrivy/dist/index.js:6603:58)
::error::vuln.Vulnerabilities is not iterable
yokawasa commented 3 years ago

For debugging, I added debug log like this

trivy.ts

public parse(image: string, vulnerabilities: Vulnerability[]): string {
let issueContent: string = '';
// debug
console.debug(vulnerabilities)
for (const vuln of vulnerabilities)

Then I came up with vulnerabilities dump from which I was able to figure out why the error causes. Simply there is a case where Vulnerabilities field does not exist in an array entry

[
{
Target: 'my-test-api:latest (debian 10.9)',
Type: 'debian',
Vulnerabilities: [
[Object], [Object], [Object],
[Object], [Object], [Object],
[Object], [Object], [Object],
[Object], [Object], [Object],
[Object], [Object], [Object],
[Object], [Object], [Object],
[Object], [Object], [Object],
[Object], [Object], [Object],
[Object], [Object], [Object],
[Object], [Object]
]
},
{ Target: 'test-agent.jar', Type: 'jar' },   <<<<< THIS
{
Target: 'my-test-api.jar',
Type: 'jar',
Vulnerabilities: [ [Object], [Object], [Object], [Object] ]
}
]