-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trivy scan fs report is empty if generated inside alpine based image #47
Comments
Hi @Fatima-Zahraebhbn , Thanks for reporting this, we will investigate and revert back to you soon. Regards, |
Hi @Fatima-Zahraebhbn , I think the issue is related to '\' in the results.json which is created by trivy. Can you run the following command and share the results.json? trivy fs --scanners vuln,misconfig --exit-code 0 . --format json -o results.json Regards, |
Hi Fatih, Thank you for the quick feedback, I've attached the result.json file after running the command inside aquasec/trivy container. kind regards, Fatima |
I am not sure you are running the command against the same environment. Because the latest results.json has only 2 vulnerabilities but the broken one (non working interactive_fs_scan_report.html) has 6 misconfigs and 1 vulnerabilities Can you share the details of 'aquasec/trivy container' and gitLab ci-cd.yml file so that I can reproduce it by myself? |
My apologies, I've attached the wrong results.json, I just added the good one. For gilab ci file, nothing special execpt the installation of the additional package and the verification of the trivy version Thank you |
fatima-broken-results.json |
I did misunderstood your request earlier, the problematic json file was redirected to /root/.trivy/plugins/scan2html/results.json i attached a copy if it along with the problematic html. Thank you |
Hi @Fatima-Zahraebhbn , I tried to reproduce your issue but no luck. Could you help with that? https://gitlab.com/fatih.tokus/scan2html-test/-/blob/test-issue-47/.gitlab-ci.yml?ref_type=heads Regards, |
Hi Fatih, To reproduce the issue, try to place the Dockerfile in attachment inside the pod where the trivy scan will be executed (inside for example docker directory) and run the command trivy scan while setting the var TRIVY_CHECK_GLOB to docker/ Thank you |
Hi @fatihtokus , Do you have any update on this matter ? Thank you ! |
Hi @Fatima-Zahraebhbn , Thanks for the patience, I have just released the latest version that includes your fix as well. Please try and let me know. Regards, |
Hi @fatihtokus Thank you for the quick update, I've tested trivy with the new vesion of scan2html and it is working as expected 🙌. Thank you so much for your time, effort and support in this matter. Kind regards, |
Hi Fatih,
I hope you are doing well !
Recently I created a job to perfom trivy scan image and trivy scan filesystem which is running fine inside opensuse.
As the step zypper refresh takes time, and also after last issue due to the absence of bash and git I have decided to run the same job inside alpine and aquasec/trivy docker image.
I could notice that the generated html file inside alpine (also aquasec/trivy) is giving me empty page, even tho the file has content.
When i run the command in my wsl ubuntu the report fine also the same in opensuse docker images.
trivy scan2html fs --scanners vuln,misconfig --exit-code 0 . interactive_fs_scan_report.html
I tried to compare the two html files, I could see some differences but unable to figure it out ( I'm not a react expert :)), I attached them bellow
reports.zip
I should mention that I don't have any issue for trivy image scanning when I execute the scan in opensuse nor alpine (aquasec/trivy).
Can you please support in this matter ?
Thank you !
The text was updated successfully, but these errors were encountered: