Comments (6)
J12934
commented on July 4, 2024
1
All of the (3 I think) recent trivy+DefectDojo issues should be fixed by the changes outlined here 😊 #2364 (comment)
With it the issue would not occur anymore as we'd DD handle the trivy format and it wouldn't encounter these malformed uris.
We should still fix the underlying parser for both the trivy-k8s and trivy-image types to produce valid uris though.
from securecodebox.
Weltraumschaf
commented on July 4, 2024
Hi @danil-smirnov,
thanks for submitting this issue. We'll investigate this.
from securecodebox.
Weltraumschaf
commented on July 4, 2024
This seems to be a duplicate of #2324
from securecodebox.
danil-smirnov
commented on July 4, 2024
Why do you think so @Weltraumschaf ? The error is completely different
from securecodebox.
Weltraumschaf
commented on July 4, 2024
My assumtion:
- It is the same scanner (Trivy).
- It is also malformed URL error.
- The message complains about "latest" is not a port number and use "debian:latest" in the YAML.
So, my educated guess is that the URL is something like "...debian:latest..." which is not valid.
from securecodebox.
Related Issues (20)
- Ncrack Parser is using a depracated encryption padding mechanism removed in the newest node security patch
- Switch (optional) encryption of identified passwords from ncrack to use AGE
- Passing parameters to ScheduledScan HOT 1
- add no ssl_use value
- Trivy Parser Creates Malformed Location URL HOT 4
- controleur crash with SchedulScan HOT 6
- The scan status displays 'Scanning,' even though the job has reached the specified backoff limit HOT 1
- Lurker terminated with 'OOMKilled' event HOT 5
- NodeSelector configuration not working as documented in SecureCodeBox v4.4.0 HOT 4
- improve security Deployment Workload HOT 4
- Trivy Scans persisted to Defect Dojo are missing multiple metadata fields HOT 8
- 📚 Recurring documentation issue
- Auto-Discovery service in Cluster Internal Central Scans architecture HOT 1
- 📚 Recurring documentation issue
- Analytics for securecodebox.io
- 📚 Recurring documentation issue
- DEFECTDOJO and MINIO ISSUE WITH CERTIFCATE HOT 3
- zap-advanced: disable spider for API scanning HOT 1
- 📚 Recurring documentation issue
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securecodebox.