Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trivy scan in azure devops pipeline step fails using latest version #44

Open
tudorsibiu90 opened this issue Oct 3, 2024 · 5 comments
Open

trivy scan in azure devops pipeline step fails using latest version #44

tudorsibiu90 opened this issue Oct 3, 2024 · 5 comments

Comments

@tudorsibiu90
Copy link

tudorsibiu90 commented Oct 3, 2024
edited
Loading

I get this error:
2024-10-03T08:49:32Z FATAL Fatal error image scan error: scan error: scan failed: failed analysis: analyze error: pipeline error: failed to analyze layer (sha256:756474215d2903298a97a89b17f234450ca3a7219cae4dd63800afe9b350052f): post analysis error: post analysis error: Unable to initialize the Java DB: Java DB update failed: OCI artifact error: failed to download Java DB from any source

We started having transient issues like this in the past 2 weeks. No sure what is causing this recurrently.

Please help. Thank you!
@tudorsibiu90 tudorsibiu90 changed the title docker pull ghcr.io/aquasecurity/trivy-java-db:1 doesn't work trivy scan in azure devops pipeline step fails using latest version Oct 3, 2024
@pblgomez
Copy link

pblgomez commented Oct 3, 2024

It happens in gitlab-ci too, so I don't think it's azure related

@Pavanp261
Copy link

Encountering same error while scanning the image during the Bitbucket pipeline. The scan process fails due to an issue with the Java DB download.

2024-10-03T09:38:25Z INFO [javadb] Artifact successfully downloaded repo="ghcr.io/aquasecurity/trivy-java-db:1"
2024-10-03T09:38:25Z FATAL Fatal error image scan error: scan error: scan failed: failed analysis: analyze error: pipeline error: failed to analyze layer (sha256:3cbdda3454f9b320138463278e74da90d4bd37c2cca24159f759b52b5bfceb9c): post analysis error: post analysis error: Unable to initialize the Java DB: Java DB update failed: OCI artifact error: failed to download Java DB from any source

@Pavanp261
Copy link

this error while scanning an image using the latest version of aquasec/trivy. However, when I use aquasec/trivy:0.55.0 , the scan works without any issues.

@lapanne
Copy link

lapanne commented Oct 3, 2024

Same issue trying to run trivy image --download-java-db-only in a docker image

4.253 2024-10-03T11:47:39Z  INFO  [javadb] Downloading Java DB...
13:48:03   4.253 2024-10-03T11:47:39Z  INFO  [javadb] Downloading artifact...  repo="ghcr.io/aquasecurity/trivy-java-db:1"
13:48:03   649.13 MiB / 649.13 MiB [------------------------------------------------] 100.00% 31.49 MiB p/s 21s2024-10-03T11:48:00Z  INFO  [javadb] Artifact successfully downloaded  repo="ghcr.io/aquasecurity/trivy-java-db:1"
13:48:03   25.58 2024-10-03T11:48:00Z  FATAL  Fatal error  init error: DB error: Java DB error: OCI artifact error: failed to download Java DB from any source

trivy image --download-db-only works just fine

@knqyf263
Copy link
Collaborator

knqyf263 commented Oct 3, 2024

Sorry for inconvenience. We'll cut v0.56.1 soon.
aquasecurity/trivy#7642

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@knqyf263 @pblgomez @lapanne @tudorsibiu90 @Pavanp261