Trivy Scan 总是失败:无法下载漏洞数据库

问题描述 投票:0回答:1

我尝试从 CircleCI 中运行 Trivy Scan,但总是遇到同样的问题。我一直禁用此功能,但清楚地扫描容器很有用。

关于“google”的建议说您需要使用 GITHUB_TOKEN 来停止速率限制,但是,我正在使用 GITHUB_TOKEN,正如您在调试中看到的那样 - 也许这是错误的,因为它是我的 (私人 GitHub)项目。 您如何解决这个问题?我可以先使用curl或类似工具下载并安装数据库吗?

版本:

aquasecurity/trivy info found version: 0.16.0 for v0.16.0/Linux/64bit

命令:

trivy --light --token dummy -d -s "UNKNOWN,MEDIUM,HIGH,CRITICAL" --exit-code 1 ${IMAGE}

错误:

2021-03-14T21:05:47.652Z    INFO    Using your github token
2021-03-14T21:05:47.652Z    INFO    Need to update DB
2021-03-14T21:05:47.652Z    INFO    Downloading DB...
2021-03-14T21:05:47.729Z    FATAL   failed to download vulnerability DB: failed to download vulnerability DB: failed to list releases: GET https://api.github.com/repos/aquasecurity/trivy-db/releases: 401 Bad credentials []
make: *** [Makefile:46: scan] Error 1

并进行调试:

trivy --light -d -s "UNKNOWN,MEDIUM,HIGH,CRITICAL" --exit-code 1 image...
2021-03-14T20:36:49.316Z    DEBUG   Severities: UNKNOWN,MEDIUM,HIGH,CRITICAL
2021-03-14T20:36:49.317Z    DEBUG   cache dir:  /root/.cache/trivy
2021-03-14T20:36:49.317Z    INFO    Using your github token
2021-03-14T20:36:49.317Z    DEBUG   There is no valid metadata file: unable to open a file: open /root/.cache/trivy/db/metadata.json: no such file or directory
2021-03-14T20:36:49.317Z    INFO    Need to update DB
2021-03-14T20:36:49.317Z    INFO    Downloading DB...
2021-03-14T20:36:49.317Z    DEBUG   no metadata file
2021-03-14T20:36:49.416Z    FATAL   failed to download vulnerability DB:
    github.com/aquasecurity/trivy/internal/operation.DownloadDB
        /home/circleci/project/internal/operation/operation.go:91
  - failed to download vulnerability DB:
    github.com/aquasecurity/trivy/pkg/db.Client.Download
        /home/circleci/project/pkg/db/db.go:169
  - failed to list releases:
    github.com/aquasecurity/trivy/pkg/github.Client.DownloadDB
        /home/circleci/project/pkg/github/github.go:89
  - GET https://api.github.com/repos/aquasecurity/trivy-db/releases: 401 Bad credentials []
make: *** [Makefile:45: scan] Error 1

Exited with code exit status 2
CircleCI received exit code 2
github circleci trivy
1个回答
0
投票

作为解决方法,您可以使用 AWS 官方镜像

trivy image \
  --db-repository public.ecr.aws/aquasecurity/trivy-db \
  --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db \
  --scanners vuln \
  ghcr.io/cloudogu/gitops-playground:0.7.0

致谢:https://github.com/orgs/community/discussions/139074#discussioncomment-10808081

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.