Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: exclude bom info on namespace scope #5629

Closed
wants to merge 4 commits into from
Closed

fix: exclude bom info on namespace scope #5629

wants to merge 4 commits into from

Conversation

chen-keinan
Copy link
Contributor

@chen-keinan chen-keinan commented Nov 22, 2023
edited
Loading

Description

Exclude bom info on namespace scope

Related issues

Related PRs

Checklist

@chen-keinan chen-keinan force-pushed the fix/k8s-fail-generate-report branch from 10fdb88 to 576d430 Compare November 22, 2023 06:51
@elchenberg
Copy link
Contributor

elchenberg commented Nov 24, 2023
edited
Loading

This fixes only part of the issue (#5628) I have. But it is entirely my fault because I provided only one example.

The service account I use gives me permission to scan the whole cluster.

When I build a Trivy image from this PR and run the following command in a pod I still get the error:

trivy kubernetes '--cache-dir=/cache' '--debug=true' '--format=table' '--no-progress=true' '--node-collector-namespace=default' '--output=report.txt' '--parallel=20' '--report=all' '--severity=CRITICAL' '--timeout=60m0s' cluster
2023-11-24T08:29:07.335Z        DEBUG   Severities: ["CRITICAL"]
2023-11-24T08:29:07.336Z        DEBUG   Ignore statuses {"statuses": null}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x6f41177]

goroutine 1 [running]:
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).ClusterNameVersion(0xc0003d60e0)
        /go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/k8s/k8s.go:522 +0xf7
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).getClusterBomInfo(0xd230dc0?, {0xc001093a40, 0x4, 0x4}, {0xc0003d1f10, 0x1, 0x1})
        /go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/k8s/k8s.go:502 +0x47
github.com/aquasecurity/trivy-kubernetes/pkg/k8s.(*cluster).CreateClusterBom(0x8?, {0x9af7ca8, 0xc0003d63f0})
        /go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/k8s/k8s.go:349 +0x446
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListClusterBomInfo(0xc00175d7a0?, {0x9af7ca8?, 0xc0003d63f0?})
        /go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/trivyk8s/trivyk8s.go:223 +0x25
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListArtifacts(0xc0030800a0, {0x9af7ca8, 0xc0003d63f0})
        /go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/trivyk8s/trivyk8s.go:160 +0x374
github.com/aquasecurity/trivy-kubernetes/pkg/trivyk8s.(*client).ListArtifactAndNodeInfo(0xc0030800a0, {0x9af7ca8, 0xc0003d63f0}, {0x7ffe89278cfa, 0x7}, 0xc0026f4ba0, {0x0, 0x0, 0x0})
        /go/pkg/mod/github.com/aquasecurity/[email protected]/pkg/trivyk8s/trivyk8s.go:171 +0x97
github.com/aquasecurity/trivy/pkg/k8s/commands.clusterRun({_, _}, {{{0x84a5f69, 0xa}, 0x0, 0x0, 0x1, 0x0, 0x34630b8a000, {0x7ffe89278ca9, ...}, ...}, ...}, ...)
        /work/pkg/k8s/commands/cluster.go:32 +0x65a
github.com/aquasecurity/trivy/pkg/k8s/commands.Run({_, _}, {_, _, _}, {{{0x84a5f69, 0xa}, 0x0, 0x0, 0x1, ...}, ...})
        /work/pkg/k8s/commands/run.go:48 +0x498
github.com/aquasecurity/trivy/pkg/commands.NewKubernetesCommand.func2(0xc002cee300, {0xc002d48420, 0x1, 0xb})
        /work/pkg/commands/app.go:953 +0x1c5
github.com/spf13/cobra.(*Command).execute(0xc002cee300, {0xc002d48370, 0xb, 0xb})
        /go/pkg/mod/github.com/spf13/[email protected]/command.go:940 +0x87c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0029ac600)
        /go/pkg/mod/github.com/spf13/[email protected]/command.go:1068 +0x3a5
github.com/spf13/cobra.(*Command).Execute(0x850c68d?)
        /go/pkg/mod/github.com/spf13/[email protected]/command.go:992 +0x13
main.run()
        /work/cmd/trivy/main.go:35 +0x14d
main.main()
        /work/cmd/trivy/main.go:17 +0x13

Edit: The command above runs without errors when I use the image docker.io/aquasec/trivy:0.46.0.

@chen-keinan chen-keinan added this to the v0.48.0 milestone Nov 27, 2023
@knqyf263 knqyf263 modified the milestones: v0.48.0, v0.47.0 Nov 28, 2023
@knqyf263
Copy link
Collaborator

knqyf263 commented Nov 28, 2023
edited
Loading

@chen-keinan I removed this PR from the milestone because the issue of this PR is already in the milestone.

@chen-keinan chen-keinan force-pushed the fix/k8s-fail-generate-report branch from 576d430 to 268617f Compare November 28, 2023 06:47
@chen-keinan
Copy link
Contributor Author

@elchenberg I have updated the PR to fix your 2nd use-case , please check again

@chen-keinan chen-keinan force-pushed the fix/k8s-fail-generate-report branch from 739b6d3 to 27fe42e Compare November 29, 2023 13:43
@knqyf263
Copy link
Collaborator

@chen-keinan Do you want to wait for @elchenberg? Or merge this PR now?

@chen-keinan
Copy link
Contributor Author

chen-keinan commented Nov 30, 2023
edited
Loading

@chen-keinan Do you want to wait for @elchenberg? Or merge this PR now?

@knqyf263 sure we can merge, the fix is good

@elchenberg
Copy link
Contributor

@chen-keinan I checked again and now it works without any issues. Thank you very much!

@knqyf263 knqyf263 enabled auto-merge December 4, 2023 16:41
@knqyf263
Copy link
Collaborator

knqyf263 commented Dec 4, 2023

Suppressed by #5710

@knqyf263 knqyf263 closed this Dec 4, 2023
auto-merge was automatically disabled December 4, 2023 17:38

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 approved these changes

@josedonizetti josedonizetti Awaiting requested review from josedonizetti

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

"trivy kubernetes" (v0.47.0) panics in GitLab CI pipeline job
3 participants
@chen-keinan @elchenberg @knqyf263