Giter VIP home page Giter VIP logo

vulnerability-exporter's People

Contributors

hnts avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

bhishma14

vulnerability-exporter's Issues

Bug: Cannot scan images in cluster

While testing your promising project, I got multiple issues with image scanning manifesting themselves with log a message as follows:

W0125 13:00:47.694272       1 image.go:112] failed to scan image(quay.io/prometheus/alertmanager:v0.23.0): failed to execute trivy image: exit status 1: 2022-01-25T13:00:47.692Z	FATAL	scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded

This is happening for all containers.

The application was installed using manifests in deploy directory but in a different namespace. All namespace-related settings were amended.

I can provide more info if needed, just tell me what you need :)

Trivy scanner detects critical vulnerability

Please fix: github.com/containerd/containerd

ghcr.io/hnts/vulnerability-exporter@sha256:0f5de554a9fd29f5293206bbdf4a755d7bdfcb2936e7afc3ca703de2f9426037 (alpine 3.15.0)
================================================================================================================================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


bin/vulnerability-exporter (gobinary)
=====================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


usr/local/bin/trivy (gobinary)
==============================
Total: 2 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

+--------------------------------------+------------------+----------+--------------------------------------+---------------+---------------------------------------+
|               LIBRARY                | VULNERABILITY ID | SEVERITY |          INSTALLED VERSION           | FIXED VERSION |                 TITLE                 |
+--------------------------------------+------------------+----------+--------------------------------------+---------------+---------------------------------------+
| github.com/containerd/containerd     | CVE-2021-43816   | CRITICAL | v1.5.8                               | 1.5.9         | containerd: Unprivileged pod          |
|                                      |                  |          |                                      |               | may bind mount any privileged         |
|                                      |                  |          |                                      |               | regular file on disk...               |
|                                      |                  |          |                                      |               | -->avd.aquasec.com/nvd/cve-2021-43816 |
+--------------------------------------+------------------+----------+--------------------------------------+---------------+---------------------------------------+
| github.com/opencontainers/image-spec | GMS-2021-101     | UNKNOWN  | v1.0.2-0.20190823105129-775207bd45b6 | 1.0.2         | Clarify `mediaType` handling          |
+--------------------------------------+------------------+----------+--------------------------------------+---------------+---------------------------------------+

Not working with Bottlerocket OS / containerd runtime

Hi,

i have tested it on AWS EKS and Bottlerocket OS. And it is not working:

I0203 07:15:50.989758 1 root.go:80] Start vulnerability-exporter │ │ W0203 07:16:23.033610 1 image.go:124] failed to scan image(602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.3.1): failed to execute trivy image: exit status 1: 2022-02-03T07:16:22.986Z FATAL │ │ * unable to inspect the image (602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.3.1): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? │ │ * unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory

Bottlerocket use containerd and not docker runtime.

Versions:

EKS: v1.21.5-eks-bc4871b
AMI: bottlerocket-aws-k8s-1.21-x86_64-v1.5.2-1602f3a8
Image: ghcr.io/hnts/vulnerability-exporter:v0.1.1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.