trivy icon indicating copy to clipboard operation
trivy copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

trivy - "error","msg":"Running trivy failed"

Open getrobinhood42 opened this issue 2 years ago • 3 comments

After updating Harbor to version 2.5.3 we get the error message from trivy - "error", "msg": "Running trivy failed"

Steps to recreate:

create project "docker.io"
push into project "docker.io" Images:
docker.io/rancher/rancher-agent:v2.6.6
docker.io/rancher/rancher:v2.6.6
Harbor GUI: Interrogation Services => Vulnerability => SCAN NOW
wait to get errors

we already triedt: changed trivy "timeout: 5m0s" to "timeout: 6m0s" without success Harbor Log

Problem: trivy scan timeouts

harbor version: 2.5.3 docker version: 20.10.17 docker-compose: 1.24.1

Ausschnitte aus dem Log:

Jul 28 10:29:15 192.168.192.1 trivy-adapter[1875]: {"exit_code":1,"image_ref":"core:8443/docker.io/rancher/rancher@sha256:3b78835cbcf5a95314e3ea32b53b2e74fa761da941725255582acecd8553f7fd","level":"error","msg":"Running trivy failed","std_out":"2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-07-28T08:29:15.751Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-07-28T08:29:15.751Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","time":"2022-07-28T08:29:15Z"} Jul 28 10:29:15 192.168.192.1 trivy-adapter[1875]: {"error":"running trivy wrapper: running trivy: exit status 1: 2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-07-28T08:29:15.751Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-07-28T08:29:15.751Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan failed","time":"2022-07-28T08:29:15Z"} Jul 28 10:29:17 192.168.192.1 trivy-adapter[1875]: 2022/07/28 08:29:17 http: TLS handshake error from 192.168.192.10:48094: EOF Jul 28 10:29:17 192.168.192.1 trivy-adapter[1875]: {"error":"running trivy wrapper: running trivy: exit status 1: 2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-07-28T08:24:15.752Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-07-28T08:29:15.751Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-07-28T08:29:15.751Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan job failed","scan_job_id":"48598909f0c5290ce8458d46","time":"2022-07-28T08:29:17Z"}

Jul 28 10:34:21 192.168.192.1 trivy-adapter[1875]: {"exit_code":1,"image_ref":"core:8443/docker.io/rancher/rancher-agent@sha256:6bfa3c3952f277b4db5a530738f09731788bba3a2133d14a9f88f918130d4b90","level":"error","msg":"Running trivy failed","std_out":"2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-07-28T08:34:21.066Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-07-28T08:34:21.066Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","time":"2022-07-28T08:34:21Z"} Jul 28 10:34:21 192.168.192.1 trivy-adapter[1875]: {"error":"running trivy wrapper: running trivy: exit status 1: 2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-07-28T08:34:21.066Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-07-28T08:34:21.066Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan failed","time":"2022-07-28T08:34:21Z"} Jul 28 10:34:22 192.168.192.1 trivy-adapter[1875]: {"error":"running trivy wrapper: running trivy: exit status 1: 2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-07-28T08:29:21.068Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-07-28T08:34:21.066Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-07-28T08:34:21.066Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan job failed","scan_job_id":"fe991900505ae0d17e677446","time":"2022-07-28T08:34:22Z"} Configuration file of Harbor

hostname: harbor-test.fqnd

http: port: 80 https: port: 443 certificate: /etc/harbor/certs/harbor-test.fqnd.crt private_key: /etc/harbor/certs/harbor-test.fqnd.key internal_tls: enabled: true dir: /etc/harbor/tls/internal harbor_admin_password: secure_password database: password: secure_passsword max_idle_conns: 100 max_open_conns: 900 data_volume: /data trivy: ignore_unfixed: false timeout: 5m0s skip_update: false offline_scan: false insecure: false jobservice: max_job_workers: 10 notification: webhook_job_max_retry: 10 chart: absolute_url: enabled log: level: info local: rotate_count: 50 kilobytes. rotate_size: 200M location: /var/log/harbor _version: 2.5.3 proxy: http_proxy: http://internal.proxy:80 https_proxy: http://internal.proxy:80 no_proxy: 127.0.0.1,localhost,core,registry,local-domain1.de,local-domain2.de,10.0.0.0/8 components:

  • trivy upload_purging: enabled: true age: 168h interval: 24h dryrun: false

Actions:

stop harbor
edit harbor.yml
/etc/harbor # diff -u harbor.yml harbor.yml.bak
--- harbor.yml 2022-08-01 14:44:57.527252434 +0200
+++ harbor.yml.bak 2022-08-01 15:07:19.964464297 +0200
@@ -80,9 +80,9 @@
You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
If the flag is enabled you have to download the trivy-offline.tar.gz archive manually, extract trivy.db and
metadata.json files and mount them in the /home/scanner/.cache/trivy/db path.

skip_update: true

skip_update: false

offline_scan: true

offline_scan: false
insecure The flag to skip verifying registry certificate
insecure: false

/etc/harbor # ./prepare --with-notary --with-trivy --with-chartmuseum
start harbor

= Log snippet = Aug 1 14:45:45 192.168.224.1 trivy-adapter[1875]: Appending internal tls trust CA to ca-bundle ... Aug 1 14:45:45 192.168.224.1 trivy-adapter[1875]: Internal tls trust CA appending is Done. Aug 1 14:45:45 192.168.224.1 trivy-adapter[1875]: Appending trust CA to ca-bundle ... Aug 1 14:45:45 192.168.224.1 trivy-adapter[1875]: /harbor_cust_cert/core.crt Appended ... Aug 1 14:45:45 192.168.224.1 trivy-adapter[1875]: /harbor_cust_cert/harbor_internal_ca.crt Appended ... Aug 1 14:45:45 192.168.224.1 trivy-adapter[1875]: CA appending is Done. Aug 1 14:45:45 192.168.224.1 trivy-adapter[1875]: {"built_at":"unknown","commit":"none","level":"info","msg":"Starting harbor-scanner-trivy","time":"2022-08-01T12:45:45Z","version":"dev"}

Aug 1 14:47:22 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:22 http: TLS handshake error from 192.168.224.10:44408: EOF Aug 1 14:47:22 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:22 http: TLS handshake error from 192.168.224.10:44412: EOF Aug 1 14:47:22 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:22 http: TLS handshake error from 192.168.224.10:44414: EOF Aug 1 14:47:24 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:24 http: TLS handshake error from 192.168.224.10:44416: EOF Aug 1 14:47:29 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:29 http: TLS handshake error from 192.168.224.10:44418: read tcp 192.168.224.8:8443->192.168.224.10:44418: read: connection reset by peer Aug 1 14:47:29 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:29 http: TLS handshake error from 192.168.224.10:44420: EOF Aug 1 14:47:29 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:29 http: TLS handshake error from 192.168.224.10:44422: EOF Aug 1 14:47:29 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:29 http: TLS handshake error from 192.168.224.10:44424: EOF Aug 1 14:47:49 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:49 http: TLS handshake error from 192.168.224.10:44426: EOF Aug 1 14:47:54 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:54 http: TLS handshake error from 192.168.224.10:44428: EOF Aug 1 14:47:59 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:47:59 http: TLS handshake error from 192.168.224.10:44432: EOF Aug 1 14:48:04 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:48:04 http: TLS handshake error from 192.168.224.10:44434: EOF Aug 1 14:48:09 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:48:09 http: TLS handshake error from 192.168.224.10:44436: EOF

Aug 1 14:49:34 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:49:34 http: TLS handshake error from 192.168.224.10:44442: EOF Aug 1 14:49:39 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:49:39 http: TLS handshake error from 192.168.224.10:44444: EOF Aug 1 14:49:44 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:49:44 http: TLS handshake error from 192.168.224.10:44446: EOF Aug 1 14:49:49 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:49:49 http: TLS handshake error from 192.168.224.10:44448: EOF Aug 1 14:49:54 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:49:54 http: TLS handshake error from 192.168.224.10:44450: EOF Aug 1 14:49:59 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:49:59 http: TLS handshake error from 192.168.224.10:44452: EOF Aug 1 14:50:04 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:04 http: TLS handshake error from 192.168.224.10:44454: EOF Aug 1 14:50:09 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:09 http: TLS handshake error from 192.168.224.10:44456: EOF Aug 1 14:50:14 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:14 http: TLS handshake error from 192.168.224.10:44458: EOF Aug 1 14:50:19 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:19 http: TLS handshake error from 192.168.224.10:44460: EOF Aug 1 14:50:24 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:24 http: TLS handshake error from 192.168.224.10:44462: EOF Aug 1 14:50:29 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:29 http: TLS handshake error from 192.168.224.10:44464: EOF Aug 1 14:50:34 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:34 http: TLS handshake error from 192.168.224.10:44466: EOF Aug 1 14:50:39 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:39 http: TLS handshake error from 192.168.224.10:44468: EOF Aug 1 14:50:59 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:50:59 http: TLS handshake error from 192.168.224.10:44470: EOF Aug 1 14:51:04 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:51:04 http: TLS handshake error from 192.168.224.10:44472: EOF Aug 1 14:51:49 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:51:49 http: TLS handshake error from 192.168.224.10:44476: EOF Aug 1 14:51:54 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:51:54 http: TLS handshake error from 192.168.224.10:44478: EOF Aug 1 14:52:04 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:52:04 http: TLS handshake error from 192.168.224.10:44480: EOF Aug 1 14:52:09 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:52:09 http: TLS handshake error from 192.168.224.10:44482: EOF Aug 1 14:52:19 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:52:19 http: TLS handshake error from 192.168.224.10:44484: read tcp 192.168.224.8:8443->192.168.224.10:44484: read: connection reset by peer Aug 1 14:52:24 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:52:24 http: TLS handshake error from 192.168.224.10:44486: EOF Aug 1 14:52:27 192.168.224.1 trivy-adapter[1875]: {"exit_code":1,"image_ref":"core:8443/docker.io/rancher/rancher@sha256:3b78835cbcf5a95314e3ea32b53b2e74fa761da941725255582acecd8553f7fd","level":"error","msg":"Running trivy failed","std_out":"2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022/08/01 12:49:03 info: skipping unknown hook: "crd-install"\n2022/08/01 12:49:03 info: skipping unknown hook: "crd-install"\n2022-08-01T12:52:27.615Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-08-01T12:52:27.615Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","time":"2022-08-01T12:52:27Z"} Aug 1 14:52:27 192.168.224.1 trivy-adapter[1875]: {"error":"running trivy wrapper: running trivy: exit status 1: 2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022/08/01 12:49:03 info: skipping unknown hook: "crd-install"\n2022/08/01 12:49:03 info: skipping unknown hook: "crd-install"\n2022-08-01T12:52:27.615Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-08-01T12:52:27.615Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan failed","time":"2022-08-01T12:52:27Z"} Aug 1 14:52:29 192.168.224.1 trivy-adapter[1875]: {"error":"running trivy wrapper: running trivy: exit status 1: 2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-08-01T12:47:27.616Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022/08/01 12:49:03 info: skipping unknown hook: "crd-install"\n2022/08/01 12:49:03 info: skipping unknown hook: "crd-install"\n2022-08-01T12:52:27.615Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-08-01T12:52:27.615Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan job failed","scan_job_id":"c9f90ad252354a179dc2288b","time":"2022-08-01T12:52:29Z"} Aug 1 14:52:29 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:52:29 http: TLS handshake error from 192.168.224.10:44488: EOF Aug 1 14:52:36 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:52:36 http: TLS handshake error from 192.168.224.10:44492: EOF Aug 1 14:53:21 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:53:21 http: TLS handshake error from 192.168.224.10:44496: EOF Aug 1 14:53:31 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:53:31 http: TLS handshake error from 192.168.224.10:44500: EOF Aug 1 14:53:36 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:53:36 http: TLS handshake error from 192.168.224.10:44502: EOF Aug 1 14:53:41 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:53:41 http: TLS handshake error from 192.168.224.10:44504: EOF Aug 1 14:53:46 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:53:46 http: TLS handshake error from 192.168.224.10:44508: EOF Aug 1 14:56:31 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:56:31 http: TLS handshake error from 192.168.224.10:44510: EOF Aug 1 14:56:36 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:56:36 http: TLS handshake error from 192.168.224.10:44512: EOF Aug 1 14:56:41 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:56:41 http: TLS handshake error from 192.168.224.10:44514: EOF Aug 1 14:56:46 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:56:46 http: TLS handshake error from 192.168.224.10:44516: EOF Aug 1 14:56:51 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:56:51 http: TLS handshake error from 192.168.224.10:44518: EOF Aug 1 14:56:56 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:56:56 http: TLS handshake error from 192.168.224.10:44520: EOF Aug 1 14:57:01 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:57:01 http: TLS handshake error from 192.168.224.10:44522: EOF Aug 1 14:57:06 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:57:06 http: TLS handshake error from 192.168.224.10:44524: EOF Aug 1 14:57:16 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:57:16 http: TLS handshake error from 192.168.224.10:44526: EOF Aug 1 14:57:21 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:57:21 http: TLS handshake error from 192.168.224.10:44528: EOF Aug 1 14:57:26 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:57:26 http: TLS handshake error from 192.168.224.10:44530: EOF Aug 1 14:57:29 192.168.224.1 trivy-adapter[1875]: {"exit_code":1,"image_ref":"core:8443/docker.io/rancher/rancher-agent@sha256:6bfa3c3952f277b4db5a530738f09731788bba3a2133d14a9f88f918130d4b90","level":"error","msg":"Running trivy failed","std_out":"2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-08-01T12:57:29.197Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-08-01T12:57:29.197Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","time":"2022-08-01T12:57:29Z"} Aug 1 14:57:29 192.168.224.1 trivy-adapter[1875]: {"error":"running trivy wrapper: running trivy: exit status 1: 2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-08-01T12:57:29.197Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-08-01T12:57:29.197Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan failed","time":"2022-08-01T12:57:29Z"} Aug 1 14:57:29 192.168.224.1 trivy-adapter[1875]: {"error":"running trivy wrapper: running trivy: exit status 1: 2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tVulnerability scanning is enabled\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tSecret scanning is enabled\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tIf your scanning is slow, please try '--security-checks vuln' to disable secret scanning\n2022-08-01T12:52:29.198Z\t\u001b[34mINFO\u001b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection\n2022-08-01T12:57:29.197Z\t\u001b[33mWARN\u001b[0m\tIncrease --timeout value\n2022-08-01T12:57:29.197Z\t\u001b[31mFATAL\u001b[0m\timage scan error: scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded\n","level":"error","msg":"Scan job failed","scan_job_id":"fab18fa0de5f160a494db18e","time":"2022-08-01T12:57:29Z"} Aug 1 14:57:31 192.168.224.1 trivy-adapter[1875]: 2022/08/01 12:57:31 http: TLS handshake error from 192.168.224.10:44534: EOF

getrobinhood42 avatar Aug 04 '22 13:08 getrobinhood42

I have also reported the error to habor https://github.com/goharbor/harbor/issues/17266

getrobinhood42 avatar Aug 04 '22 13:08 getrobinhood42

This issue is stale because it has been labeled with inactivity.

github-actions[bot] avatar Oct 04 '22 00:10 github-actions[bot]

I had very similar symptoms. For anyone that happens to stumble upon this issue, this is what I did to fix it in my case.

The Harbor chart that I was using had a somewhat outdated version of Trivy, so in the Bitnami helm chart for Harbor I changed from the default version 2.6.0-debian-11-r6 into 2.7.0-debian-11-r15 for the trivy.image.tag parameter. In the future you may have to use an even newer version from https://hub.docker.com/r/bitnami/harbor-adapter-trivy/tags.

Danielkem avatar Feb 02 '23 11:02 Danielkem

This issue is stale because it has been labeled with inactivity.

github-actions[bot] avatar May 15 '23 00:05 github-actions[bot]

As @Danielkem described, it seems to come from the older versions.

knqyf263 avatar May 15 '23 06:05 knqyf263

[Step 5]: starting Harbor ... [+] Running 1/1 ✘ trivy-adapter Error 46.3s Error response from daemon: Get "https://registry-1.docker.io/v2/": context deadline exceeded

taitaking avatar Aug 01 '23 15:08 taitaking