trivy-operator icon indicating copy to clipboard operation
trivy-operator copied to clipboard
verified publisher icon aquasecurity

No private registry credentials for containers being analyzed by jobs where at least one image has a ClusterSbomReport

Open festeveira opened this issue 3 months ago • 1 comments

What steps did you take and what happened:

Running trivy-operator in a kubernetes cluster with sbom cache enabled. After some scans some ClusterSbomReports are present. Consequently, when trivy-operator scans a pod with more that one container where one image that does not have a corresponding ClusterSbomReport and is from a private registry, and at least one image has a corresponding ClusterSbomReport, the generated pod spec does not include private registry credentials, causing the scan to fail for that image.

What did you expect to happen: Private registry credentials being correctly generated for the container running the private registry image.

Anything else you would like to add: After reading the code for a bit I believe the problem is related to this line of code.

Environment:

  • Trivy-Operator version (use trivy-operator version): 0.28.0
  • Kubernetes version (use kubectl version): v1.32.7
  • OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc): Debian 12

festeveira avatar Nov 13 '25 03:11 festeveira

Hello! Any news on this issue?

festeveira avatar Nov 28 '25 14:11 festeveira