hnts / vulnerability-exporter Goto Github PK
View Code? Open in Web Editor NEWA Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy
License: MIT License
A Prometheus Exporter for managing vulnerabilities in kubernetes by using trivy
License: MIT License
While testing your promising project, I got multiple issues with image scanning manifesting themselves with log a message as follows:
W0125 13:00:47.694272 1 image.go:112] failed to scan image(quay.io/prometheus/alertmanager:v0.23.0): failed to execute trivy image: exit status 1: 2022-01-25T13:00:47.692Z FATAL scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded
This is happening for all containers.
The application was installed using manifests in deploy
directory but in a different namespace. All namespace-related settings were amended.
I can provide more info if needed, just tell me what you need :)
The image in the statefulset is set to ghcr.io/hnts/vulnerability-exporter:v0.1.1. But it cannot be pulled.
Please fix: github.com/containerd/containerd
ghcr.io/hnts/vulnerability-exporter@sha256:0f5de554a9fd29f5293206bbdf4a755d7bdfcb2936e7afc3ca703de2f9426037 (alpine 3.15.0)
================================================================================================================================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
bin/vulnerability-exporter (gobinary)
=====================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
usr/local/bin/trivy (gobinary)
==============================
Total: 2 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)
+--------------------------------------+------------------+----------+--------------------------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------------------------------+------------------+----------+--------------------------------------+---------------+---------------------------------------+
| github.com/containerd/containerd | CVE-2021-43816 | CRITICAL | v1.5.8 | 1.5.9 | containerd: Unprivileged pod |
| | | | | | may bind mount any privileged |
| | | | | | regular file on disk... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43816 |
+--------------------------------------+------------------+----------+--------------------------------------+---------------+---------------------------------------+
| github.com/opencontainers/image-spec | GMS-2021-101 | UNKNOWN | v1.0.2-0.20190823105129-775207bd45b6 | 1.0.2 | Clarify `mediaType` handling |
+--------------------------------------+------------------+----------+--------------------------------------+---------------+---------------------------------------+
Hi,
i have tested it on AWS EKS and Bottlerocket OS. And it is not working:
I0203 07:15:50.989758 1 root.go:80] Start vulnerability-exporter │ │ W0203 07:16:23.033610 1 image.go:124] failed to scan image(602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.3.1): failed to execute trivy image: exit status 1: 2022-02-03T07:16:22.986Z FATAL │ │ * unable to inspect the image (602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-load-balancer-controller:v2.3.1): Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? │ │ * unable to initialize Podman client: no podman socket found: stat podman/podman.sock: no such file or directory
Bottlerocket use containerd and not docker runtime.
Versions:
EKS: v1.21.5-eks-bc4871b
AMI: bottlerocket-aws-k8s-1.21-x86_64-v1.5.2-1602f3a8
Image: ghcr.io/hnts/vulnerability-exporter:v0.1.1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.