Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Trivy log events are a different format to other agent logs #28356

Open
lewis-jackson-bots opened this issue Aug 9, 2024 · 0 comments
Open

[BUG] Trivy log events are a different format to other agent logs #28356

lewis-jackson-bots opened this issue Aug 9, 2024 · 0 comments
Labels
team/triage

Comments

@lewis-jackson-bots
Copy link

I've enabled container image scanning on the DataDog agent installed via Helm by setting:

datadog:
  # Software Bill of Materials configuration
  sbom:
    containerImage:
      # datadog.sbom.containerImage.enabled -- Enable SBOM collection for container images
      enabled: true

      # datadog.sbom.containerImage.uncompressedLayersSupport -- Use container runtime snapshotter
      # This should be set to true when using EKS, GKE or if containerd is configured to
      # discard uncompressed layers.
      # This feature will cause the SYS_ADMIN capability to be added to the Agent container.
      uncompressedLayersSupport: false

  containerImageCollection:
    # datadog.containerImageCollection.enabled -- Enable collection of container image metadata

    # This parameter requires Agent version 7.46+
    enabled: true

We now get log events that look like this:

2024-08-02T13:44:39.122Z	�[33mWARN�[0m	No OS package is detected. Make sure you haven't deleted any files that contain information about the installed packages.

Here is an example of these logs below some other DataDog agent logs where the different log format and colourisation/colorization can be observed:
image

In our DataDog log pipeline these are not parsed correctly and the log level is interpreted as ERROR rather than the expected level WARN.

The source of this log event appears to be from the DataDog fork of Trivy here: https://github.com/DataDog/trivy/blob/e2dfee208fe30a395cb9819c9fce03b0b7c0ae24/pkg/scanner/local/scan.go#L99

Agent Environment
Agent version: v7.55.2
Image tag: gcr.io/datadoghq/agent:7.55.2

Describe what happened:

Log events are output by the Trivy package which don't match the format of the datadog-agent events.

Describe what you expected:

Log events should be parseable using the same pipeline as other datadog-agent events.

Steps to reproduce the issue:

  • Install the agent with container image scanning enabled
  • Scan an image with a busybox base to trigger the No OS package is detected. event
  • The log event is output without | separators and with colours.

Additional environment details (Operating System, Cloud provider, etc):

AKS Kubernetes, installed via Helm with chart version 3.69.3.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
team/triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lewis-jackson-bots