Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when scanning a Kubernetes workload or ServiceAccount with an empty item in imagePullSecrets array #7011

Closed
2 tasks done
chen-keinan opened this issue Jun 25, 2024 Discussed in #6928 · 2 comments · Fixed by #7012
Closed
2 tasks done

Error when scanning a Kubernetes workload or ServiceAccount with an empty item in imagePullSecrets array #7011

chen-keinan opened this issue Jun 25, 2024 Discussed in #6928 · 2 comments · Fixed by #7012
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/backlog Higher priority than priority/awaiting-more-evidence. target/kubernetes Issues relating to kubernetes cluster scanning
Milestone
v0.53.0

Comments

@chen-keinan
Copy link
Contributor

Discussed in #6928

Originally posted by matheusfm June 13, 2024

Description

Trivy fails when scanning a Kubernetes workload with an empty item in imagePullSecrets array:

  imagePullSecrets:
    - {}

Desired Behavior

I expect this object to be scanned without errors, ignoring the empty imagePullSecrets item.

Actual Behavior

Trivy fails with the following output:

2024-06-13T17:04:23-03:00	FATAL	Fatal error	get k8s artifacts with node info error: failed getting auth for gvr: /v1, Resource=pods - getting secret by name: default/: resource name may not be empty

Reproduction Steps

  1. Create a kind cluster
kind create cluster
  1. Create a pod with an empty item in imagePullSecrets array
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    role: nginx
spec:
  imagePullSecrets:
    - {}
  containers:
    - name: nginx
      image: nginx
EOF
  1. Run trivy:
trivy k8s --report summary

Target

Kubernetes

Scanner

Vulnerability

Output Format

Table

Mode

Standalone

Debug Output

2024-06-13T17:04:22-03:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-06-13T17:04:22-03:00	DEBUG	Ignore statuses	statuses=[]
2024-06-13T17:04:23-03:00	FATAL	Fatal error	get k8s artifacts with node info error: failed getting auth for gvr: /v1, Resource=pods - getting secret by name: default/: resource name may not be empty

Operating System

linux

Version

Version: 0.52.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-06-10 12:13:28.957657425 +0000 UTC
  NextUpdate: 2024-06-10 18:13:28.957657255 +0000 UTC
  DownloadedAt: 2024-06-10 13:43:20.101006187 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-06-10 01:05:31.416428614 +0000 UTC
  NextUpdate: 2024-06-13 01:05:31.416428444 +0000 UTC
  DownloadedAt: 2024-06-10 13:53:07.844808071 +0000 UTC

Checklist
@chen-keinan chen-keinan added the kind/bug Categorizes issue or PR as related to a bug. label Jun 25, 2024
@chen-keinan
Copy link
Contributor Author

chen-keinan commented Jun 25, 2024
edited
Loading

@matheusfm you need to raise a PR with-in trivy to bump trivy-kubernetes lib

@chen-keinan chen-keinan mentioned this issue Jun 25, 2024
Merged
@chen-keinan chen-keinan added target/kubernetes Issues relating to kubernetes cluster scanning priority/backlog Higher priority than priority/awaiting-more-evidence. labels Jun 25, 2024
@matheusfm matheusfm mentioned this issue Jun 25, 2024
Merged
7 tasks
@matheusfm
Copy link
Contributor

@matheusfm you need to raise a PR with-in trivy to bump trivy-kubernetes lib

@chen-keinan
Here is the PR to bump trivy-kubernetes version: #7012

@matheusfm matheusfm mentioned this issue Jun 25, 2024
Merged
@chen-keinan chen-keinan added this to the v0.53.0 milestone Jun 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/backlog Higher priority than priority/awaiting-more-evidence. target/kubernetes Issues relating to kubernetes cluster scanning
Projects
None yet
Milestone
v0.53.0
Development

Successfully merging a pull request may close this issue.

chore(deps): bump trivy-kubernetes version matheusfm/trivy
2 participants
@chen-keinan @matheusfm