Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing schema-version for download java-db in trivy 0.50.1 if repo url contains : #6409

Closed
2 tasks done
DmitriyLewen opened this issue Mar 28, 2024 Discussed in #6407 · 0 comments · Fixed by #6410
Closed
2 tasks done

Missing schema-version for download java-db in trivy 0.50.1 if repo url contains : #6409

DmitriyLewen opened this issue Mar 28, 2024 Discussed in #6407 · 0 comments · Fixed by #6410
Assignees
@DmitriyLewen
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/vulnerability Issues relating to vulnerability scanning

Comments

@DmitriyLewen
Copy link
Contributor

Discussed in #6407

Originally posted by GrizzlyBoer March 28, 2024

Description

The new trivy 0.50.1 doesn't add the schema-version for download-java-db as it says in the documentation.

Desired Behavior

No problem in version 0.49.1
image

Actual Behavior

In Version 0.50.1 we have to add the schema-version:
image

Reproduction Steps

1. Setup a private image registry as remote cache for ghcr.io
2. Try to download the java-db with your trivy 0.50.1: 
trivy image --download-java-db-only --java-db-repository <your-private-registry>/aquasecurity/trivy-java-db

Target

Container Image

Scanner

Vulnerability

Output Format

None

Mode

Standalone

Debug Output

trivy image --download-java-db-only --java-db-repository docker.artifacts.XXXXX.de:443/aquasecurity/trivy-java-db --debug
2024-03-27T21:36:12.624Z        DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-27T21:36:12.625Z        DEBUG   Ignore statuses {"statuses": null}
2024-03-27T21:36:12.638Z        DEBUG   cache dir:  /root/.cache/trivy
2024-03-27T21:36:12.638Z        INFO    Java DB Repository: docker.artifacts.XXXXX:443/aquasecurity/trivy-java-db
2024-03-27T21:36:12.638Z        INFO    Downloading the Java DB...
2024-03-27T21:36:19.636Z        FATAL   init error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:417
  - DB error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.NewRunner
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:131
  - Java DB error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).initJavaDB
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:336
  - DB download error:
    github.com/aquasecurity/trivy/pkg/javadb.(*Updater).Update
        /home/runner/work/trivy/trivy/pkg/javadb/client.go:64
  - OCI repository error:
    github.com/aquasecurity/trivy/pkg/oci.(*Artifact).populate
        /home/runner/work/trivy/trivy/pkg/oci/artifact.go:93
  - 1 error occurred:
        * GET https://docker.artifacts.XXXXX.de:443/v2/aquasecurity/trivy-java-db/manifests/latest: MANIFEST_UNKNOWN: The named manifest is not known to the registry.; map[manifest:aquasecurity/trivy-java-db]

Operating System

official Trivy-Image

Version

trivy --version
Version: 0.50.1

Checklist
@DmitriyLewen DmitriyLewen added the kind/bug Categorizes issue or PR as related to a bug. label Mar 28, 2024
@DmitriyLewen DmitriyLewen self-assigned this Mar 28, 2024
@DmitriyLewen DmitriyLewen mentioned this issue Mar 28, 2024
Merged
7 tasks
@DmitriyLewen DmitriyLewen added the scan/vulnerability Issues relating to vulnerability scanning label Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/vulnerability Issues relating to vulnerability scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(db): check schema version for image name only DmitriyLewen/trivy
1 participant
@DmitriyLewen