harbor-scanner-trivy icon indicating copy to clipboard operation
harbor-scanner-trivy copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

harbor integration trivy report Unhealthy

Open kycheng opened this issue 1 year ago • 0 comments

What steps did you take and what happened:

Deploy harbor through harbor-helm, set the resource to 2c4g, and enable trivy at the same time, and found that the integrated trivy is in an unhealthy state.

Through the harbor core log, you can see that the call to the trivy API times out.

Then call the corresponding API in the trivy pod and find that the request time is too long.

image

What did you expect to happen:

can be trivy can return quickly.

Anything else you would like to add:

By adding logs, the slowest location is when getting the trivy version. https://github.com/aquasecurity/harbor-scanner-trivy/blob/4b361fb1f8dfc3599aabd827f532c067632729df/pkg/http/api/v1/handler.go#L233-L236

and

https://github.com/aquasecurity/harbor-scanner-trivy/blob/4b361fb1f8dfc3599aabd827f532c067632729df/pkg/trivy/wrapper.go#L216-L228

I guess it has something to do with the offline data package in my pod, but it is still slow after I delete trivy.db.

befor: image after image

only version: image

I tried our previous version and this command returned very fast. image

Environment:

  • Harbor version: 2.6.4
  • Harbor Scanner Adapter for Trivy version: 0.37.2
  • Harbor installation process (Installer script, Helm chart, etc.): Helm chart

kycheng avatar May 22 '23 14:05 kycheng