Replies: 3 comments 16 replies
-
I don't think this issue is related to Trivy. Most likely the way you are running your pre-commit hook or the environment it is running in is the cause of the error, which is making Trivy fallback to embedded policies. |
Beta Was this translation helpful? Give feedback.
-
Faced this same issue on a GitLab pipeline. Does not happen in local machine. We also use Also happens intermittently and goes away on retries. Do we know what causes this issue? |
Beta Was this translation helpful? Give feedback.
-
I think the problem is due to multiple instances of Trivy running at the same time that are concurrently working on a common directory, in this case it's delete and download checks. rm -rf ~/Library/Caches/trivy/policy
trivy conf . -d & trivy conf . -d & trivy conf . -d & trivy conf . -d && fg
[1] 25180
[2] 25181
[3] 25182
2024-08-13T21:21:49+06:00 DEBUG Cache dir dir="/Users/nikita/Library/Caches/trivy"
2024-08-13T21:21:49+06:00 DEBUG Cache dir dir="/Users/nikita/Library/Caches/trivy"
2024-08-13T21:21:49+06:00 DEBUG Cache dir dir="/Users/nikita/Library/Caches/trivy"
2024-08-13T21:21:49+06:00 DEBUG Cache dir dir="/Users/nikita/Library/Caches/trivy"
...
2024-08-13T21:21:49+06:00 INFO Need to update the built-in policies
n policies...
2024-08-13T21:21:49+06:00 INFO Downloading the built-in policies...
2024-08-13T21:21:49+06:00 DEBUG Loading check bundle repository="ghcr.io/aquasecurity/trivy-checks:0"
2024-08-13T21:21:49+06:00 DEBUG Loading check bundle repository="ghcr.io/aquasecurity/trivy-checks:0"
74.86 KiB / 74.86 KiB [-----------------------------------------------------------------------------------------] 100.00% ? p/s 200ms
2024-08-13T21:21:51+06:00 ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: download error: failed to download /var/folders/08/9jn5k93x207g509y9zqk2b5m0000gn/T/trivy3029491832/bundle.tar.gz: chmod /Users/nikita/Library/Caches/trivy/policy/content/policies/kubernetes/policies/general/manage_all_resources.rego: no such file or directory"
2024-08-13T21:21:51+06:00 DEBUG Enabling misconfiguration scanners scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-08-13T21:21:51+06:00 DEBUG Initializing scan cache... type="memory"
2024-08-13T21:21:51+06:00 DEBUG Skipping path path=".git"
2024-08-13T21:21:51+06:00 DEBUG Scanning files for misconfigurations... scanner="Helm"
2024-08-13T21:21:51+06:00 DEBUG [misconf] 21:51.051479000 helm.scanner.rego Loaded 3 embedded libraries.
74.86 KiB / 74.86 KiB [----------------------------------------------------------------------------------] 100.00% 7.30 MiB p/s 200ms
2024-08-13T21:21:51+06:00 ERROR [misconfig] Falling back to embedded checks err="failed to download built-in policies: download error: oci download error: download error: failed to download /var/folders/08/9jn5k93x207g509y9zqk2b5m0000gn/T/trivy4155932743/bundle.tar.gz: chmod /Users/nikita/Library/Caches/trivy/policy/content/policies/cloud: no such file or directory"
... |
Beta Was this translation helpful? Give feedback.
-
Description
We are running the trivy pre-commit hook like this:
And we are intermittently seeing this:
NOTE: It usually passes on retry
Desired Behavior
No error
Actual Behavior
Error (see above)
Reproduction Steps
Target
Git Repository
Scanner
Vulnerability
Output Format
None
Mode
None
Debug Output
Operating System
Debian
Version
Checklist
trivy clean --all
Beta Was this translation helpful? Give feedback.
All reactions