Welcome to the Linux Foundation Forum!

Note on lab 7.4: "trivy image" instead of "trivy -i"

Posts: 23
in LFS260 Class Forum

Hi,

just to share the knowledge that trivy image scan instructions in a lab need an update,
suggested command fails with trivy v0.22.0:

$ sudo trivy --debug -i nginx
2022-01-30T20:06:17.948+0200 WARN The root command will be removed. Please migrate to 'trivy image' command. See https://github.com/aquasecurity/trivy/discussions/1515
2022-01-30T20:06:17.948+0200 DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2022-01-30T20:06:17.972+0200 DEBUG cache dir: /root/.cache/trivy
2022-01-30T20:06:17.972+0200 DEBUG DB update was skipped because DB is the latest
2022-01-30T20:06:17.972+0200 DEBUG DB Schema: 1, Type: 1, UpdatedAt: 2022-01-30 12:43:56.950700956 +0000 UTC, NextUpdate: 2022-01-30 18:43:56.950700556 +0000 UTC, DownloadedAt: 2022-01-30 17:46:26.104052182 +0000 UTC
2022-01-30T20:06:17.972+0200 DEBUG Vulnerability type: [os library]
2022-01-30T20:06:17.973+0200 FATAL scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.runWithTimeout
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:71
- unable to initialize a scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:211
- unable to initialize the archive scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.archiveScanner
/home/runner/work/trivy/trivy/pkg/commands/artifact/image.go:21
- 2 errors occurred:
* unable to open nginx as a Docker image: unable to open the file: open nginx: no such file or directory
* unable to open nginx as an OCI Image: stat nginx/index.json: no such file or directory

As pointed out https://github.com/aquasecurity/trivy/discussions/1515 this works:

$ sudo trivy image nginx

Comments

  • Posts: 23

    ...copy/pasted a wrong failed command, here it is:

    $ ls -lha nginx.tar
    -rw-rw-r-- 1 yurick yurick 264M Jan 30 19:51 nginx.tar

    $ sudo trivy -i nginx.tar
    2022-01-30T20:15:23.160+0200 WARN The root command will be removed. Please migrate to 'trivy image' command. See https://github.com/aquasecurity/trivy/discussions/1515
    2022-01-30T20:15:23.246+0200 FATAL scan error: unable to initialize a scanner: unable to initialize the archive scanner: 2 errors occurred:
    * unable to open nginx.tar as a Docker image: tarball must contain only a single image to be used with tarball.Image
    * unable to open nginx.tar as an OCI Image: stat nginx.tar/index.json: not a directory

    Please let me know if I understood it wrong and local images can be still scanned somehow even with the latest trivy.

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Quick Links

Categories

Upcoming Training