trivy
trivy copied to clipboard
Config Scan Fails Without Internet
Description
When using trivy config
without internet or with github.com unresolvable, an error occurs and the scan will not run.
What did you expect to happen?
I expect the scan to run fully without a connection to the internet, as stated in the docs.
What happened instead?
The scan does not scan any files, it only detects a file named .
Output of run with -debug
:
/opt/terraform # trivy config --include-non-failures --debug --ignorefile .ignore-files/.iac-scanner-ignore --severity "HIGH,CRITICA
L" ./projects/internal-1/iam/bindings.tf
2022-11-21T15:56:29.321Z DEBUG Severities: ["HIGH" "CRITICAL"]
2022-11-21T15:56:29.323Z DEBUG cache dir: /root/.cache/trivy
2022-11-21T15:56:29.323Z INFO Misconfiguration scanning is enabled
2022-11-21T15:56:30.263Z DEBUG OS is not detected.
2022-11-21T15:56:30.263Z INFO Detected config files: 1
2022-11-21T15:56:30.263Z DEBUG Scanned config file: .
2022-11-21T15:56:30.266Z DEBUG Found an ignore file .ignore-files/.iac-scanner-ignore
2022-11-21T15:56:30.267Z DEBUG These IDs will be ignored: []
Output of trivy -v
:
/opt/terraform # trivy -v
Version: 0.34.0
Vulnerability DB:
Version: 1
UpdatedAt: 2022-11-21 12:50:59.415750952 +0000 UTC
NextUpdate: 2022-11-21 18:50:59.415750553 +0000 UTC
DownloadedAt: 0001-01-01 00:00:00 +0000 UTC
Additional details (base image name, container registry info...):
This is running inside the aquasec/trivy:latest
container image. I can run the exact same command with my internet connection on and receive full scan results.
This issue is stale because it has been labeled with inactivity.
Hi @aquanne can you share the debug output for running the scan with the with --skip-policy-update flag?
In addition, you mentioned the scan works skip policy update flag is not passed, could you also share the debug output of that?
Also if it is possible to share your IaC config files? That way we can help you debug faster.
This issue is stale because it has been labeled with inactivity.