You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have the following Trivy config (plaintext written as API token here):
When I restart my dependency-track backend container & therefore Trivy sidecar. Requests to Trivy analyzer fail with the following error:
javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at java.base/com.sun.crypto.provider.CipherCore.unpad(Unknown Source)
at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(Unknown Source)
at java.base/com.sun.crypto.provider.CipherCore.doFinal(Unknown Source)
at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(Unknown Source)
at java.base/javax.crypto.Cipher.doFinal(Unknown Source)
at alpine.security.crypto.DataEncryption.decryptAsBytes(DataEncryption.java:136)
at alpine.security.crypto.DataEncryption.decryptAsBytes(DataEncryption.java:148)
at alpine.security.crypto.DataEncryption.decryptAsString(DataEncryption.java:176)
at org.dependencytrack.util.DebugDataEncryption.retryDecryptAsString(DebugDataEncryption.java:59)
at org.dependencytrack.util.DebugDataEncryption.decryptAsString(DebugDataEncryption.java:54)
at org.dependencytrack.tasks.scanners.TrivyAnalysisTask.inform(TrivyAnalysisTask.java:150)
at org.dependencytrack.tasks.VulnerabilityAnalysisTask.performAnalysis(VulnerabilityAnalysisTask.java:197)
at org.dependencytrack.tasks.VulnerabilityAnalysisTask.analyzeComponents(VulnerabilityAnalysisTask.java:157)
at org.dependencytrack.tasks.VulnerabilityAnalysisTask.inform(VulnerabilityAnalysisTask.java:87)
at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
For Trivy to work, I need to:
Know that my container has restarted
Go to Trivy config in UI and rewrite plaintext as trivy api token (even though it should already be plaintext from my last time I wrote it there)
Retries aren't working. It can stay broken like this for multiple weeks without you noticing unless you have an alert on error logs.
Also --cache-backend memory should be mentioned in Trivy docs for scenarios where you don't have a volume at hand for your Trivy container.
Proposed Behavior
When I restart my container, Trivy keeps working without manual intervention.
I have seen this happen to other instances of these encrypted fields in DT such as the OSS Index API Token. Sometimes it looks like it gets reset to null or empty string somewhere end ends up like that in the database. It only happened once or twice for me, not every restart. Are you seeing it consistenly every restart?
Current Behavior
I am running my Trivy container in a sidecar with the following command:
I have the following Trivy config (
plaintext
written as API token here):When I restart my dependency-track backend container & therefore Trivy sidecar. Requests to Trivy analyzer fail with the following error:
For Trivy to work, I need to:
plaintext
as trivy api token (even though it should already beplaintext
from my last time I wrote it there)Retries aren't working. It can stay broken like this for multiple weeks without you noticing unless you have an alert on error logs.
Also
--cache-backend memory
should be mentioned in Trivy docs for scenarios where you don't have a volume at hand for your Trivy container.Proposed Behavior
When I restart my container, Trivy keeps working without manual intervention.
Checklist
The text was updated successfully, but these errors were encountered: