INSIGHTS-226 - Insights Admission Requests security issue for rogue Pods #949

jdesouza · 2024-07-30T18:10:43Z

This PR fixes #

Checklist

I have signed the CLA
I have updated/added any relevant documentation

Description

What's the goal of this PR?

What changes did you make?

What alternative solution should we consider, if any?

Internal Ticket INSIGHTS-226

fairwinds-insights · 2024-07-30T18:18:10Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 1 pods for job repo-scan-job-78175
------------------------------------------------
unable to retrieve container logs
Additional info: Repository scan has reached the specified backoff limit

fairwinds-insights · 2024-07-30T19:12:07Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 1 pods for job repo-scan-job-78178
------------------------------------------------
time="2024-07-30T18:56:27Z" level=info msg="cloneRepo: true"
time="2024-07-30T18:56:27Z" level=info msg="CI plugin 5.4.5"
time="2024-07-30T18:56:27Z" level=info msg="cloning github repository"
time="2024-07-30T18:56:35Z" level=info msg="loaded 0 registry credentials"
time="2024-07-30T18:56:35Z" level=info msg="updating branch ref"
time="2024-07-30T18:56:35Z" level=info msg="Reports config is opa: true, polaris: true, pluto: true, trivy: true, tfsec: true"
time="2024-07-30T18:56:36Z" level=info msg="Audit with Polaris"
time="2024-07-30T18:56:36Z" level=info msg="Looking through images in /app/repository/tmp/_insightsTempImages/"
time="2024-07-30T18:56:36Z" level=info msg="Downloading missing image quay.io/fairwinds/polaris:9.0"
time="2024-07-30T18:56:36Z" level=info msg="pulling quay.io/fairwinds/polaris:9.0"
time="2024-07-30T18:56:39Z" level=info msg="Downloading missing image quay.io/fairwinds/nova:v3.9"
time="2024-07-30T18:56:39Z" level=info msg="pulling quay.io/fairwinds/nova:v3.9"
time="2024-07-30T18:56:41Z" level=info msg="Downloading missing image us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5.19"
time="2024-07-30T18:56:41Z" level=info msg="pulling us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5.19"
time="2024-07-30T18:56:44Z" level=info msg="Downloading missing image us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4.11"
time="2024-07-30T18:56:44Z" level=info msg="pulling us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4.11"
time="2024-07-30T18:56:46Z" level=info msg="Downloading missing image quay.io/fairwinds/insights-admission-controller:1.15.3"
time="2024-07-30T18:56:46Z" level=info msg="pulling quay.io/fairwinds/insights-admission-controller:1.15.3"
time="2024-07-30T18:56:49Z" level=info msg="Downloading missing image quay.io/fairwinds/aws-costs:1.4.1"
time="2024-07-30T18:56:49Z" level=info msg="pulling quay.io/fairwinds/aws-costs:1.4.1"
time="2024-07-30T18:57:29Z" level=info msg="Downloading missing image quay.io/fairwinds/insights-ci:5.6.0"
time="2024-07-30T18:57:29Z" level=info msg="pulling quay.io/fairwinds/insights-ci:5.6.0"
time="2024-07-30T18:57:44Z" level=info msg="Downloading missing image quay.io/fairwinds/cloud-costs:0.3.5"
time="2024-07-30T18:57:44Z" level=info msg="pulling quay.io/fairwinds/cloud-costs:0.3.5"
time="2024-07-30T18:58:11Z" level=info msg="Downloading missing image quay.io/fairwinds/falco-agent:0.3.8"
time="2024-07-30T18:58:11Z" level=info msg="pulling quay.io/fairwinds/falco-agent:0.3.8"
time="2024-07-30T18:58:13Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-kube-bench-aggregator:0.3.16"
time="2024-07-30T18:58:13Z" level=info msg="pulling quay.io/fairwinds/fw-kube-bench-aggregator:0.3.16"
time="2024-07-30T18:58:15Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-kube-bench:0.4.15"
time="2024-07-30T18:58:15Z" level=info msg="pulling quay.io/fairwinds/fw-kube-bench:0.4.15"
time="2024-07-30T18:58:19Z" level=info msg="Downloading missing image quay.io/fairwinds/kubectl:0.20.5"
time="2024-07-30T18:58:19Z" level=info msg="pulling quay.io/fairwinds/kubectl:0.20.5"
time="2024-07-30T18:58:22Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-kubesec:1.4.8"
time="2024-07-30T18:58:22Z" level=info msg="pulling quay.io/fairwinds/fw-kubesec:1.4.8"
time="2024-07-30T18:58:41Z" level=info msg="Downloading missing image quay.io/fairwinds/kyverno:0.2.1"
time="2024-07-30T18:58:41Z" level=info msg="pulling quay.io/fairwinds/kyverno:0.2.1"
time="2024-07-30T18:58:47Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-opa:2.4.7"
time="2024-07-30T18:58:47Z" level=info msg="pulling quay.io/fairwinds/fw-opa:2.4.7"
time="2024-07-30T18:58:50Z" level=info msg="Downloading missing image quay.io/fairwinds/postgres-partman:14.8.0"
time="2024-07-30T18:58:50Z" level=info msg="pulling quay.io/fairwinds/postgres-partman:14.8.0"
time="2024-07-30T18:59:20Z" level=info msg="Downloading missing image quay.io/fairwinds/prometheus-collector:1.5.0"
time="2024-07-30T18:59:20Z" level=info msg="pulling quay.io/fairwinds/prometheus-collector:1.5.0"
time="2024-07-30T18:59:23Z" level=info msg="Downloading missing image quay.io/fairwinds/rbac-reporter:1.3.17"
time="2024-07-30T18:59:23Z" level=info msg="pulling quay.io/fairwinds/rbac-reporter:1.3.17"
time="2024-07-30T18:59:25Z" level=info msg="Downloading missing image quay.io/fairwinds/right-sizer:0.5.6"
time="2024-07-30T18:59:25Z" level=info msg="pulling quay.io/fairwinds/right-sizer:0.5.6"
time="2024-07-30T18:59:27Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-trivy:0.29.2"
time="2024-07-30T18:59:27Z" level=info msg="pulling quay.io/fairwinds/fw-trivy:0.29.2"
time="2024-07-30T18:59:47Z" level=info msg="Downloading missing image quay.io/fairwinds/insights-uploader:0.5.5"
time="2024-07-30T18:59:47Z" level=info msg="pulling quay.io/fairwinds/insights-uploader:0.5.5"
time="2024-07-30T18:59:52Z" level=info msg="Downloading missing image quay.io/fairwinds/insights-utils:0.0.7"
time="2024-07-30T18:59:52Z" level=info msg="pulling quay.io/fairwinds/insights-utils:0.0.7"
time="2024-07-30T18:59:53Z" level=info msg="Downloading missing image quay.io/fairwinds/workloads:2.6.8"
time="2024-07-30T18:59:53Z" level=info msg="pulling quay.io/fairwinds/workloads:2.6.8"
time="2024-07-30T18:59:56Z" level=info msg="Extracting details for all images"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_aws_costs_1_4_1 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_aws_costs_1_4_1"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_cloud_costs_0_3_5 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_cloud_costs_0_3_5"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_falco_agent_0_3_8 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_falco_agent_0_3_8"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_kube_bench_0_4_15 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_kube_bench_0_4_15"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_kube_bench_aggregator_0_3_16 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_kube_bench_aggregator_0_3_16"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_kubesec_1_4_8 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_kubesec_1_4_8"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_opa_2_4_7 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_opa_2_4_7"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_trivy_0_29_2 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_trivy_0_29_2"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_insights_admission_controller_1_15_3 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_insights_admission_controller_1_15_3"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_insights_ci_5_6_0 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_insights_ci_5_6_0"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_insights_uploader_0_5_5 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_insights_uploader_0_5_5"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_insights_utils_0_0_7 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_insights_utils_0_0_7"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_kubectl_0_20_5 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_kubectl_0_20_5"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_kyverno_0_2_1 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_kyverno_0_2_1"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_nova_v3_9 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_nova_v3_9"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_polaris_9_0 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_polaris_9_0"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_postgres_partman_14_8_0 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_postgres_partman_14_8_0"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_prometheus_collector_1_5_0 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_prometheus_collector_1_5_0"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_rbac_reporter_1_3_17 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_rbac_reporter_1_3_17"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_right_sizer_0_5_6 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_right_sizer_0_5_6"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file quay_io_fairwinds_workloads_2_6_8 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_workloads_2_6_8"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file us_docker_pkg_dev_fairwinds_ops_oss_goldilocks_v4_11 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for us_docker_pkg_dev_fairwinds_ops_oss_goldilocks_v4_11"
time="2024-07-30T18:59:56Z" level=info msg="Getting details for image file us_docker_pkg_dev_fairwinds_ops_oss_pluto_v5_19 with SHA  and repoTags []"
time="2024-07-30T18:59:56Z" level=warning msg="Could not find repo tags for us_docker_pkg_dev_fairwinds_ops_oss_pluto_v5_19"
time="2024-07-30T19:00:00Z" level=info msg="downloading trivy database"
time="2024-07-30T19:00:16Z" level=info msg="Scanning quay.io/fairwinds/aws-costs:1.4.1 from file quay_io_fairwinds_aws_costs_1_4_1"
time="2024-07-30T19:00:16Z" level=info msg="scanning quay_io_fairwinds_aws_costs_1_4_1"
time="2024-07-30T19:05:19Z" level=info msg="Scanning quay.io/fairwinds/cloud-costs:0.3.5 from file quay_io_fairwinds_cloud_costs_0_3_5"
time="2024-07-30T19:05:19Z" level=info msg="scanning quay_io_fairwinds_cloud_costs_0_3_5"
time="2024-07-30T19:10:24Z" level=error msg="Error scanning quay_io_fairwinds_cloud_costs_0_3_5: exit status 1\n2024-07-30T19:05:24.668Z\t\x1b[33mWARN\x1b[0m\t'--skip-update' is deprecated. Use '--skip-db-update' instead.\n2024-07-30T19:05:24.672Z\t\x1b[35mDEBUG\x1b[0m\tSeverities: [\"UNKNOWN\" \"LOW\" \"MEDIUM\" \"HIGH\" \"CRITICAL\"]\n2024-07-30T19:05:24.672Z\t\x1b[35mDEBUG\x1b[0m\tIgnore statuses\t{\"statuses\": null}\n2024-07-30T19:05:24.674Z\t\x1b[35mDEBUG\x1b[0m\tcache dir:  /root/.cache/trivy\n2024-07-30T19:05:24.675Z\t\x1b[35mDEBUG\x1b[0m\tSkipping DB update...\n2024-07-30T19:05:24.675Z\t\x1b[35mDEBUG\x1b[0m\tDB Schema: 2, UpdatedAt: 2024-07-30 18:11:14.280959839 +0000 UTC, NextUpdate: 2024-07-31 00:11:14.280959548 +0000 UTC, DownloadedAt: 2024-07-30 19:00:16.967783751 +0000 UTC\n2024-07-30T19:05:24.676Z\t\x1b[34mINFO\x1b[0m\tVulnerability scanning is enabled\n2024-07-30T19:05:24.676Z\t\x1b[35mDEBUG\x1b[0m\tVulnerability type:  [os library]\n2024-07-30T19:05:24.676Z\t\x1b[34mINFO\x1b[0m\tSecret scanning is enabled\n2024-07-30T19:05:24.676Z\t\x1b[34mINFO\x1b[0m\tIf your scanning is slow, please try '--scanners vuln' to disable secret scanning\n2024-07-30T19:05:24.676Z\t\x1b[34mINFO\x1b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection\n2024-07-30T19:05:24.676Z\t\x1b[35mDEBUG\x1b[0m\tEnabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]\n2024-07-30T19:05:35.870Z\t\x1b[35mDEBUG\x1b[0m\tNo secret config detected: trivy-secret.yaml\n2024-07-30T19:05:35.871Z\t\x1b[35mDEBUG\x1b[0m\tThe nuget packages directory couldn't be found. License search disabled\n2024-07-30T19:05:35.871Z\t\x1b[35mDEBUG\x1b[0m\tNo secret config detected: trivy-secret.yaml\n2024-07-30T19:05:35.871Z\t\x1b[35mDEBUG\x1b[0m\tImage ID: sha256:c010e07b0ef68d14f767da8513c0c7e4619ab48c3170c25fde8f4b15e9016161\n2024-07-30T19:05:35.871Z\t\x1b[35mDEBUG\x1b[0m\tDiff IDs: [sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07 sha256:0c92a61e1ef66cfe4dffb73ba1578ea7cfc13478b2d64b95d18e5789fcdf8fb5 sha256:912356f0413b5d321b5debcbbda10368a27d0e0cf59bef851e6502db3061db79 sha256:b48ef2536f7110cbe58266363b8e4eb2e452578b623937f28f0e0eda97ea67a8 sha256:f9b8dc8c066cf7badf3febf157063d2aaf687ea7eb6b8320250a90a27a92ce8e sha256:eb92e5bc553248f169e156a3ce37d051b73e26d94ec0dcd4c675cf638d919e30 sha256:5aed63ffdad701750c6fae2ce674a9a1a5ff88cadbafcce185c6af5be767379e sha256:fc9f258f31582657ce7169270dc5cec5671748dc4bae2e61a4dc7ff076c70c2d sha256:062256512e7b25fc8d1c4a714b7ec4b34ee6a2cee7e0c13ae7e1bd55e92b728a]\n2024-07-30T19:05:35.871Z\t\x1b[35mDEBUG\x1b[0m\tBase Layers: [sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07]\n2024-07-30T19:05:35.874Z\t\x1b[35mDEBUG\x1b[0m\tMissing image ID in cache: sha256:c010e07b0ef68d14f767da8513c0c7e4619ab48c3170c25fde8f4b15e9016161\n2024-07-30T19:05:35.874Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:f9b8dc8c066cf7badf3febf157063d2aaf687ea7eb6b8320250a90a27a92ce8e\n2024-07-30T19:05:35.874Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:0c92a61e1ef66cfe4dffb73ba1578ea7cfc13478b2d64b95d18e5789fcdf8fb5\n2024-07-30T19:05:35.874Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:912356f0413b5d321b5debcbbda10368a27d0e0cf59bef851e6502db3061db79\n2024-07-30T19:05:35.874Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:b48ef2536f7110cbe58266363b8e4eb2e452578b623937f28f0e0eda97ea67a8\n2024-07-30T19:05:35.874Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07\n2024-07-30T19:05:35.878Z\t\x1b[35mDEBUG\x1b[0m\tSkipping directory: dev\n2024-07-30T19:05:36.868Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:eb92e5bc553248f169e156a3ce37d051b73e26d94ec0dcd4c675cf638d919e30\n2024-07-30T19:05:37.276Z\t\x1b[35mDEBUG\x1b[0m\tSkipping directory: proc\n2024-07-30T19:05:37.276Z\t\x1b[35mDEBUG\x1b[0m\tSkipping directory: sys\n2024-07-30T19:05:37.367Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:5aed63ffdad701750c6fae2ce674a9a1a5ff88cadbafcce185c6af5be767379e\n2024-07-30T19:05:38.169Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:fc9f258f31582657ce7169270dc5cec5671748dc4bae2e61a4dc7ff076c70c2d\n2024-07-30T19:05:41.268Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:062256512e7b25fc8d1c4a714b7ec4b34ee6a2cee7e0c13ae7e1bd55e92b728a\n2024-07-30T19:10:24.675Z\t\x1b[33mWARN\x1b[0m\tIncrease --timeout value\n2024-07-30T19:10:24.676Z\t\x1b[31mFATAL\x1b[0m\timage scan error:\n    github.com/aquasecurity/trivy/pkg/commands/artifact.Run\n        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:425\n  - scan error:\n    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact\n        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269\n  - scan failed:\n    github.com/aquasecurity/trivy/pkg/commands/artifact.scan\n        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:706\n  - failed analysis:\n    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact\n        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:148\n  - analyze error:\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:126\n  - pipeline error:\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:229\n  - failed to analyze layer (sha256:fc9f258f31582657ce7169270dc5cec5671748dc4bae2e61a4dc7ff076c70c2d):\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect.func1\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:216\n  - walk error:\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspectLayer\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:290\n  - failed to process the file:\n    github.com/aquasecurity/trivy/pkg/fanal/walker.LayerTar.Walk\n        /home/runner/work/trivy/trivy/pkg/fanal/walker/tar.go:86\n  - failed to analyze file:\n    github.com/aquasecurity/trivy/pkg/fanal/walker.LayerTar.processFile\n        /home/runner/work/trivy/trivy/pkg/fanal/walker/tar.go:100\n  - failed to analyze google-cloud-sdk/lib/googlecloudsdk/generated_clients/gapic_clients/logging_v2/services/metrics_service_v2/transports/rest.py:\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspectLayer.func1\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:269\n  - semaphore acquire:\n    github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.AnalyzeFile\n        /home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:421\n  - context deadline exceeded\n"
time="2024-07-30T19:10:24Z" level=error msg="Error scanning quay_io_fairwinds_cloud_costs_0_3_5 at /app/repository/tmp/_insightsTempImages/quay_io_fairwinds_cloud_costs_0_3_5: exit status 1"
time="2024-07-30T19:10:24Z" level=error msg="error scanning quay.io/fairwinds/cloud-costs:0.3.5 from file quay_io_fairwinds_cloud_costs_0_3_5: exit status 1"
time="2024-07-30T19:10:24Z" level=info msg="Scanning quay.io/fairwinds/falco-agent:0.3.8 from file quay_io_fairwinds_falco_agent_0_3_8"
time="2024-07-30T19:10:24Z" level=info msg="scanning quay_io_fairwinds_falco_agent_0_3_8"
time="2024-07-30T19:10:31Z" level=info msg="Scanning quay.io/fairwinds/fw-kube-bench:0.4.15 from file quay_io_fairwinds_fw_kube_bench_0_4_15"
time="2024-07-30T19:10:31Z" level=info msg="scanning quay_io_fairwinds_fw_kube_bench_0_4_15"
time="2024-07-30T19:10:40Z" level=info msg="Scanning quay.io/fairwinds/fw-kube-bench-aggregator:0.3.16 from file quay_io_fairwinds_fw_kube_bench_aggregator_0_3_16"
time="2024-07-30T19:10:40Z" level=info msg="scanning quay_io_fairwinds_fw_kube_bench_aggregator_0_3_16"
time="2024-07-30T19:10:45Z" level=info msg="Scanning quay.io/fairwinds/fw-kubesec:1.4.8 from file quay_io_fairwinds_fw_kubesec_1_4_8"
time="2024-07-30T19:10:45Z" level=info msg="scanning quay_io_fairwinds_fw_kubesec_1_4_8"
time="2024-07-30T19:11:04Z" level=info msg="Scanning quay.io/fairwinds/fw-opa:2.4.7 from file quay_io_fairwinds_fw_opa_2_4_7"
time="2024-07-30T19:11:04Z" level=info msg="scanning quay_io_fairwinds_fw_opa_2_4_7"
time="2024-07-30T19:11:11Z" level=info msg="Scanning quay.io/fairwinds/fw-trivy:0.29.2 from file quay_io_fairwinds_fw_trivy_0_29_2"
time="2024-07-30T19:11:11Z" level=info msg="scanning quay_io_fairwinds_fw_trivy_0_29_2"
time="2024-07-30T19:11:38Z" level=info msg="Scanning quay.io/fairwinds/insights-admission-controller:1.15.3 from file quay_io_fairwinds_insights_admission_controller_1_15_3"
time="2024-07-30T19:11:38Z" level=info msg="scanning quay_io_fairwinds_insights_admission_controller_1_15_3"
time="2024-07-30T19:11:44Z" level=info msg="Scanning quay.io/fairwinds/insights-ci:5.6.0 from file quay_io_fairwinds_insights_ci_5_6_0"
time="2024-07-30T19:11:44Z" level=info msg="scanning quay_io_fairwinds_insights_ci_5_6_0"

Additional info: Repository scan has reached the specified backoff limit

fairwinds-insights · 2024-07-31T14:57:48Z

Fairwinds Insights Scan Results

View the full report at insights.fairwinds.com.

✅ No new Action Items detected!

fairwinds-insights · 2024-07-31T19:46:36Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 0 pods for job repo-scan-job-78273

Additional info: Repository scan has reached the specified backoff limit

fairwinds-insights · 2024-08-01T12:12:59Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 0 pods for job repo-scan-job-78303

Additional info: Repository scan has reached the specified backoff limit

fairwinds-insights · 2024-08-05T13:20:49Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 0 pods for job repo-scan-job-78483

Additional info: Repository scan has reached the specified backoff limit

fairwinds-insights · 2024-08-05T16:21:26Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 0 pods for job repo-scan-job-78491

Additional info: Timeout - Repository scan was active longer than specified deadline (20m0s)

fairwinds-insights · 2024-08-05T17:21:23Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 0 pods for job repo-scan-job-78498

Additional info: Repository scan has reached the specified backoff limit

…ns into js/NakedPods

fairwinds-insights · 2024-08-28T18:52:41Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 0 pods for job repo-scan-job-79464

Additional info: Timeout - Repository scan was active longer than specified deadline (20m0s)

vitorvezani · 2024-08-28T19:44:42Z

plugins/admission/pkg/admission/validate.go

-		logrus.Infof("Object has an owner - skipping")
-		return true, nil, nil, nil
+	if ownerReferences, ok := decoded["metadata"].(map[string]any)["ownerReferences"].([]any); ok && len(ownerReferences) > 0 {
+		ownerReference := ownerReferences[0].(map[string]any)


shouldn't all owner references be checked for?

Probably there is only one, but this may be a good idea to test all in the case someone tries to bypass the validation

fairwinds-insights · 2024-08-29T12:43:19Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 1 pods for job repo-scan-job-79495
------------------------------------------------
time="2024-08-29T12:27:59Z" level=info msg="cloneRepo: true"
time="2024-08-29T12:27:59Z" level=info msg="CI plugin 5.4.5"
time="2024-08-29T12:27:59Z" level=info msg="cloning github repository"
time="2024-08-29T12:28:07Z" level=info msg="loaded 0 registry credentials"
time="2024-08-29T12:28:07Z" level=info msg="updating branch ref"
time="2024-08-29T12:28:07Z" level=info msg="Reports config is opa: true, polaris: true, pluto: true, trivy: true, tfsec: true"
time="2024-08-29T12:28:07Z" level=info msg="Audit with Polaris"
time="2024-08-29T12:28:07Z" level=info msg="Looking through images in /app/repository/tmp/_insightsTempImages/"
time="2024-08-29T12:28:07Z" level=info msg="Downloading missing image quay.io/fairwinds/polaris:9.0"
time="2024-08-29T12:28:07Z" level=info msg="pulling quay.io/fairwinds/polaris:9.0"
time="2024-08-29T12:28:11Z" level=info msg="Downloading missing image quay.io/fairwinds/nova:v3.10"
time="2024-08-29T12:28:11Z" level=info msg="pulling quay.io/fairwinds/nova:v3.10"
time="2024-08-29T12:28:13Z" level=info msg="Downloading missing image us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5.20"
time="2024-08-29T12:28:13Z" level=info msg="pulling us-docker.pkg.dev/fairwinds-ops/oss/pluto:v5.20"
time="2024-08-29T12:28:16Z" level=info msg="Downloading missing image us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4.13"
time="2024-08-29T12:28:16Z" level=info msg="pulling us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4.13"
time="2024-08-29T12:28:18Z" level=info msg="Downloading missing image quay.io/fairwinds/insights-admission-controller:1.16"
time="2024-08-29T12:28:18Z" level=info msg="pulling quay.io/fairwinds/insights-admission-controller:1.16"
time="2024-08-29T12:28:21Z" level=info msg="Downloading missing image quay.io/fairwinds/aws-costs:1.4"
time="2024-08-29T12:28:21Z" level=info msg="pulling quay.io/fairwinds/aws-costs:1.4"
time="2024-08-29T12:28:57Z" level=info msg="Downloading missing image quay.io/fairwinds/insights-ci:5.6.0"
time="2024-08-29T12:28:57Z" level=info msg="pulling quay.io/fairwinds/insights-ci:5.6.0"
time="2024-08-29T12:29:13Z" level=info msg="Downloading missing image quay.io/fairwinds/cloud-costs:0.3.5"
time="2024-08-29T12:29:13Z" level=info msg="pulling quay.io/fairwinds/cloud-costs:0.3.5"
time="2024-08-29T12:29:37Z" level=info msg="Downloading missing image quay.io/fairwinds/falco-agent:0.3.8"
time="2024-08-29T12:29:37Z" level=info msg="pulling quay.io/fairwinds/falco-agent:0.3.8"
time="2024-08-29T12:29:40Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-kube-bench-aggregator:0.3.16"
time="2024-08-29T12:29:40Z" level=info msg="pulling quay.io/fairwinds/fw-kube-bench-aggregator:0.3.16"
time="2024-08-29T12:29:47Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-kube-bench:0.4.15"
time="2024-08-29T12:29:47Z" level=info msg="pulling quay.io/fairwinds/fw-kube-bench:0.4.15"
time="2024-08-29T12:29:51Z" level=info msg="Downloading missing image quay.io/fairwinds/kubectl:0.20.5"
time="2024-08-29T12:29:51Z" level=info msg="pulling quay.io/fairwinds/kubectl:0.20.5"
time="2024-08-29T12:29:54Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-kubesec:1.4.8"
time="2024-08-29T12:29:54Z" level=info msg="pulling quay.io/fairwinds/fw-kubesec:1.4.8"
time="2024-08-29T12:30:12Z" level=info msg="Downloading missing image quay.io/fairwinds/kyverno:0.2.1"
time="2024-08-29T12:30:12Z" level=info msg="pulling quay.io/fairwinds/kyverno:0.2.1"
time="2024-08-29T12:30:19Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-opa:2.5"
time="2024-08-29T12:30:19Z" level=info msg="pulling quay.io/fairwinds/fw-opa:2.5"
time="2024-08-29T12:30:22Z" level=info msg="Downloading missing image quay.io/fairwinds/postgres-partman:14.8.0"
time="2024-08-29T12:30:22Z" level=info msg="pulling quay.io/fairwinds/postgres-partman:14.8.0"
time="2024-08-29T12:30:49Z" level=info msg="Downloading missing image quay.io/fairwinds/prometheus-collector:1.5"
time="2024-08-29T12:30:49Z" level=info msg="pulling quay.io/fairwinds/prometheus-collector:1.5"
time="2024-08-29T12:30:51Z" level=info msg="Downloading missing image quay.io/fairwinds/rbac-reporter:1.3.17"
time="2024-08-29T12:30:51Z" level=info msg="pulling quay.io/fairwinds/rbac-reporter:1.3.17"
time="2024-08-29T12:30:54Z" level=info msg="Downloading missing image quay.io/fairwinds/right-sizer:0.5.6"
time="2024-08-29T12:30:54Z" level=info msg="pulling quay.io/fairwinds/right-sizer:0.5.6"
time="2024-08-29T12:30:56Z" level=info msg="Downloading missing image quay.io/fairwinds/fw-trivy:0.29"
time="2024-08-29T12:30:56Z" level=info msg="pulling quay.io/fairwinds/fw-trivy:0.29"
time="2024-08-29T12:31:17Z" level=info msg="Downloading missing image quay.io/fairwinds/insights-uploader:0.5"
time="2024-08-29T12:31:17Z" level=info msg="pulling quay.io/fairwinds/insights-uploader:0.5"
time="2024-08-29T12:31:22Z" level=info msg="Downloading missing image quay.io/fairwinds/insights-utils:0.0.7"
time="2024-08-29T12:31:22Z" level=info msg="pulling quay.io/fairwinds/insights-utils:0.0.7"
time="2024-08-29T12:31:23Z" level=info msg="Downloading missing image quay.io/fairwinds/workloads:2.6"
time="2024-08-29T12:31:23Z" level=info msg="pulling quay.io/fairwinds/workloads:2.6"
time="2024-08-29T12:31:26Z" level=info msg="Extracting details for all images"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_aws_costs_1_4 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_aws_costs_1_4"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_cloud_costs_0_3_5 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_cloud_costs_0_3_5"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_falco_agent_0_3_8 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_falco_agent_0_3_8"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_kube_bench_0_4_15 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_kube_bench_0_4_15"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_kube_bench_aggregator_0_3_16 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_kube_bench_aggregator_0_3_16"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_kubesec_1_4_8 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_kubesec_1_4_8"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_opa_2_5 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_opa_2_5"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_fw_trivy_0_29 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_fw_trivy_0_29"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_insights_admission_controller_1_16 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_insights_admission_controller_1_16"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_insights_ci_5_6_0 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_insights_ci_5_6_0"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_insights_uploader_0_5 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_insights_uploader_0_5"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_insights_utils_0_0_7 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_insights_utils_0_0_7"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_kubectl_0_20_5 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_kubectl_0_20_5"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_kyverno_0_2_1 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_kyverno_0_2_1"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_nova_v3_10 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_nova_v3_10"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_polaris_9_0 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_polaris_9_0"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_postgres_partman_14_8_0 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_postgres_partman_14_8_0"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_prometheus_collector_1_5 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_prometheus_collector_1_5"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_rbac_reporter_1_3_17 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_rbac_reporter_1_3_17"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_right_sizer_0_5_6 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_right_sizer_0_5_6"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file quay_io_fairwinds_workloads_2_6 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for quay_io_fairwinds_workloads_2_6"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file us_docker_pkg_dev_fairwinds_ops_oss_goldilocks_v4_13 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for us_docker_pkg_dev_fairwinds_ops_oss_goldilocks_v4_13"
time="2024-08-29T12:31:26Z" level=info msg="Getting details for image file us_docker_pkg_dev_fairwinds_ops_oss_pluto_v5_20 with SHA  and repoTags []"
time="2024-08-29T12:31:26Z" level=warning msg="Could not find repo tags for us_docker_pkg_dev_fairwinds_ops_oss_pluto_v5_20"
time="2024-08-29T12:31:30Z" level=info msg="downloading trivy database"
time="2024-08-29T12:31:41Z" level=info msg="Scanning quay.io/fairwinds/aws-costs:1.4 from file quay_io_fairwinds_aws_costs_1_4"
time="2024-08-29T12:31:41Z" level=info msg="scanning quay_io_fairwinds_aws_costs_1_4"
time="2024-08-29T12:36:14Z" level=info msg="Scanning quay.io/fairwinds/cloud-costs:0.3.5 from file quay_io_fairwinds_cloud_costs_0_3_5"
time="2024-08-29T12:36:14Z" level=info msg="scanning quay_io_fairwinds_cloud_costs_0_3_5"
time="2024-08-29T12:41:18Z" level=error msg="Error scanning quay_io_fairwinds_cloud_costs_0_3_5: exit status 1\n2024-08-29T12:36:18.375Z\t\x1b[33mWARN\x1b[0m\t'--skip-update' is deprecated. Use '--skip-db-update' instead.\n2024-08-29T12:36:18.379Z\t\x1b[35mDEBUG\x1b[0m\tSeverities: [\"UNKNOWN\" \"LOW\" \"MEDIUM\" \"HIGH\" \"CRITICAL\"]\n2024-08-29T12:36:18.379Z\t\x1b[35mDEBUG\x1b[0m\tIgnore statuses\t{\"statuses\": null}\n2024-08-29T12:36:18.456Z\t\x1b[35mDEBUG\x1b[0m\tcache dir:  /root/.cache/trivy\n2024-08-29T12:36:18.458Z\t\x1b[35mDEBUG\x1b[0m\tSkipping DB update...\n2024-08-29T12:36:18.458Z\t\x1b[35mDEBUG\x1b[0m\tDB Schema: 2, UpdatedAt: 2024-08-29 12:13:22.107262984 +0000 UTC, NextUpdate: 2024-08-29 18:13:22.107262603 +0000 UTC, DownloadedAt: 2024-08-29 12:31:41.278575973 +0000 UTC\n2024-08-29T12:36:18.459Z\t\x1b[34mINFO\x1b[0m\tVulnerability scanning is enabled\n2024-08-29T12:36:18.459Z\t\x1b[35mDEBUG\x1b[0m\tVulnerability type:  [os library]\n2024-08-29T12:36:18.459Z\t\x1b[34mINFO\x1b[0m\tSecret scanning is enabled\n2024-08-29T12:36:18.459Z\t\x1b[34mINFO\x1b[0m\tIf your scanning is slow, please try '--scanners vuln' to disable secret scanning\n2024-08-29T12:36:18.459Z\t\x1b[34mINFO\x1b[0m\tPlease see also https://aquasecurity.github.io/trivy/v0.48/docs/scanner/secret/#recommendation for faster secret detection\n2024-08-29T12:36:18.459Z\t\x1b[35mDEBUG\x1b[0m\tEnabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]\n2024-08-29T12:36:29.600Z\t\x1b[35mDEBUG\x1b[0m\tNo secret config detected: trivy-secret.yaml\n2024-08-29T12:36:29.601Z\t\x1b[35mDEBUG\x1b[0m\tThe nuget packages directory couldn't be found. License search disabled\n2024-08-29T12:36:29.601Z\t\x1b[35mDEBUG\x1b[0m\tNo secret config detected: trivy-secret.yaml\n2024-08-29T12:36:29.601Z\t\x1b[35mDEBUG\x1b[0m\tImage ID: sha256:9d370121662fa72848e636a3c919e2ba7b4b8a3c90299ecf5ea3ea715c9e8442\n2024-08-29T12:36:29.601Z\t\x1b[35mDEBUG\x1b[0m\tDiff IDs: [sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07 sha256:6ff32c3b912e067efbccc9a76c071517afc8b9680467c14ebb2c9e277f1155a6 sha256:50ce9357216eb0f8dbe23639cbb8b967ecab9f72e83d86f623550d900f3c0582 sha256:de9eb262d13e91ed299582380ca6e880497c23d4f1ce34ac81f13d0bbbf2d68e sha256:43f3d35d73e7a7840d81e78fed9db319962f8c9293b24b092aa9ab884af760c9 sha256:59e105d0e7bfb44b7ba6abb0a04fd2648a8ddef6c3b01fe262c89d231d5c5689 sha256:6c850bcca0c8cd7ab5b89cd333ffb0f20dd2a60e88f2567f9b355a1eb34bb9d2 sha256:b74c7d958fb2ce3ad640ad96120cafb32d3076a5f68b3a3c3827da8e602a0563 sha256:3aa3aa2e3974124d9527284e618561f6d59213a2a1bde7cee35e13cf24351316]\n2024-08-29T12:36:29.601Z\t\x1b[35mDEBUG\x1b[0m\tBase Layers: [sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07]\n2024-08-29T12:36:29.603Z\t\x1b[35mDEBUG\x1b[0m\tMissing image ID in cache: sha256:9d370121662fa72848e636a3c919e2ba7b4b8a3c90299ecf5ea3ea715c9e8442\n2024-08-29T12:36:29.603Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:78561cef0761903dd2f7d09856150a6d4fb48967a8f113f3e33d79effbf59a07\n2024-08-29T12:36:29.603Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:43f3d35d73e7a7840d81e78fed9db319962f8c9293b24b092aa9ab884af760c9\n2024-08-29T12:36:29.603Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:50ce9357216eb0f8dbe23639cbb8b967ecab9f72e83d86f623550d900f3c0582\n2024-08-29T12:36:29.603Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:6ff32c3b912e067efbccc9a76c071517afc8b9680467c14ebb2c9e277f1155a6\n2024-08-29T12:36:29.603Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:de9eb262d13e91ed299582380ca6e880497c23d4f1ce34ac81f13d0bbbf2d68e\n2024-08-29T12:36:29.606Z\t\x1b[35mDEBUG\x1b[0m\tSkipping directory: dev\n2024-08-29T12:36:30.370Z\t\x1b[35mDEBUG\x1b[0m\tSkipping directory: proc\n2024-08-29T12:36:30.371Z\t\x1b[35mDEBUG\x1b[0m\tSkipping directory: sys\n2024-08-29T12:36:31.057Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:59e105d0e7bfb44b7ba6abb0a04fd2648a8ddef6c3b01fe262c89d231d5c5689\n2024-08-29T12:36:31.059Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:6c850bcca0c8cd7ab5b89cd333ffb0f20dd2a60e88f2567f9b355a1eb34bb9d2\n2024-08-29T12:36:31.262Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:b74c7d958fb2ce3ad640ad96120cafb32d3076a5f68b3a3c3827da8e602a0563\n2024-08-29T12:36:33.957Z\t\x1b[35mDEBUG\x1b[0m\tMissing diff ID in cache: sha256:3aa3aa2e3974124d9527284e618561f6d59213a2a1bde7cee35e13cf24351316\n2024-08-29T12:41:18.457Z\t\x1b[33mWARN\x1b[0m\tIncrease --timeout value\n2024-08-29T12:41:18.457Z\t\x1b[31mFATAL\x1b[0m\timage scan error:\n    github.com/aquasecurity/trivy/pkg/commands/artifact.Run\n        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:425\n  - scan error:\n    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact\n        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269\n  - scan failed:\n    github.com/aquasecurity/trivy/pkg/commands/artifact.scan\n        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:706\n  - failed analysis:\n    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact\n        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:148\n  - analyze error:\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:126\n  - pipeline error:\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:229\n  - failed to analyze layer (sha256:b74c7d958fb2ce3ad640ad96120cafb32d3076a5f68b3a3c3827da8e602a0563):\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect.func1\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:216\n  - walk error:\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspectLayer\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:290\n  - failed to process the file:\n    github.com/aquasecurity/trivy/pkg/fanal/walker.LayerTar.Walk\n        /home/runner/work/trivy/trivy/pkg/fanal/walker/tar.go:86\n  - failed to analyze file:\n    github.com/aquasecurity/trivy/pkg/fanal/walker.LayerTar.processFile\n        /home/runner/work/trivy/trivy/pkg/fanal/walker/tar.go:100\n  - failed to analyze google-cloud-sdk/lib/surface/database_migration/migration_jobs/stop.yaml:\n    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspectLayer.func1\n        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:269\n  - semaphore acquire:\n    github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.AnalyzeFile\n        /home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:421\n  - context deadline exceeded\n"
time="2024-08-29T12:41:18Z" level=error msg="Error scanning quay_io_fairwinds_cloud_costs_0_3_5 at /app/repository/tmp/_insightsTempImages/quay_io_fairwinds_cloud_costs_0_3_5: exit status 1"
time="2024-08-29T12:41:18Z" level=error msg="error scanning quay.io/fairwinds/cloud-costs:0.3.5 from file quay_io_fairwinds_cloud_costs_0_3_5: exit status 1"
time="2024-08-29T12:41:18Z" level=info msg="Scanning quay.io/fairwinds/falco-agent:0.3.8 from file quay_io_fairwinds_falco_agent_0_3_8"
time="2024-08-29T12:41:18Z" level=info msg="scanning quay_io_fairwinds_falco_agent_0_3_8"
time="2024-08-29T12:41:25Z" level=info msg="Scanning quay.io/fairwinds/fw-kube-bench:0.4.15 from file quay_io_fairwinds_fw_kube_bench_0_4_15"
time="2024-08-29T12:41:25Z" level=info msg="scanning quay_io_fairwinds_fw_kube_bench_0_4_15"
time="2024-08-29T12:41:33Z" level=info msg="Scanning quay.io/fairwinds/fw-kube-bench-aggregator:0.3.16 from file quay_io_fairwinds_fw_kube_bench_aggregator_0_3_16"
time="2024-08-29T12:41:33Z" level=info msg="scanning quay_io_fairwinds_fw_kube_bench_aggregator_0_3_16"
time="2024-08-29T12:41:37Z" level=info msg="Scanning quay.io/fairwinds/fw-kubesec:1.4.8 from file quay_io_fairwinds_fw_kubesec_1_4_8"
time="2024-08-29T12:41:37Z" level=info msg="scanning quay_io_fairwinds_fw_kubesec_1_4_8"
time="2024-08-29T12:41:59Z" level=info msg="Scanning quay.io/fairwinds/fw-opa:2.5 from file quay_io_fairwinds_fw_opa_2_5"
time="2024-08-29T12:41:59Z" level=info msg="scanning quay_io_fairwinds_fw_opa_2_5"
time="2024-08-29T12:42:06Z" level=info msg="Scanning quay.io/fairwinds/fw-trivy:0.29 from file quay_io_fairwinds_fw_trivy_0_29"
time="2024-08-29T12:42:06Z" level=info msg="scanning quay_io_fairwinds_fw_trivy_0_29"
time="2024-08-29T12:42:44Z" level=info msg="Scanning quay.io/fairwinds/insights-admission-controller:1.16 from file quay_io_fairwinds_insights_admission_controller_1_16"
time="2024-08-29T12:42:44Z" level=info msg="scanning quay_io_fairwinds_insights_admission_controller_1_16"
time="2024-08-29T12:42:50Z" level=info msg="Scanning quay.io/fairwinds/insights-ci:5.6.0 from file quay_io_fairwinds_insights_ci_5_6_0"
time="2024-08-29T12:42:50Z" level=info msg="scanning quay_io_fairwinds_insights_ci_5_6_0"

Additional info: Repository scan has reached the specified backoff limit

fairwinds-insights · 2024-08-29T13:05:01Z

Fairwinds Insights - Auto-scan job has failed ❌

View the full report at insights.fairwinds.com.

Show Logs

found 0 pods for job repo-scan-job-79497

Additional info: Timeout - Repository scan was active longer than specified deadline (20m0s)

…ods (#949) * INSIGHTS-226 Insights Admission Requests security issue for naked Pods * INSIGHTS-226 Insights Admission Requests security issue for naked Pods * INSIGHTS-226 Insights Admission Requests security issue for naked Pods * INSIGHTS-226 Insights Admission Requests security issue for naked Pods * Reverted change * Debugging * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Fixed bug * Code cleanup * Code cleanup * Adding tests * Removed unused code * Removed unused code * Removed unused code * Removed unused code * Removed unused code * Refactoring * Refactoring * Adding full spec validation * Adding full spec validation * Adding full spec validation * Adding full spec validation * Checking fixing vuln * Checking fixing vuln * Updated validation lib * Updated validation lib * Removed unused code * Changed versopm * Code cleanup * Code cleanup * Code cleanup * Code cleanup * Iterating over owners * Iterating over owners

INSIGHTS-226 Insights Admission Requests security issue for naked Pods

1ef4470

jdesouza requested review from sudermanjr and vitorvezani as code owners July 30, 2024 18:10

reactiveops-bot changed the title ~~[WIP] INSIGHTS-226 Insights Admission Requests security issue for naked Pods~~ [WIP] INSIGHTS-226 - Insights Admission Requests security issue for naked Pods Jul 30, 2024

INSIGHTS-226 Insights Admission Requests security issue for naked Pods

cec638d

jdesouza added 3 commits July 30, 2024 15:52

INSIGHTS-226 Insights Admission Requests security issue for naked Pods

1828022

INSIGHTS-226 Insights Admission Requests security issue for naked Pods

b8a1a62

Reverted change

80c1720

Merge

3761998

jdesouza added 9 commits July 31, 2024 12:23

Debugging

b7137ce

Code cleanup

32a0ec4

Code cleanup

b4e865a

Code cleanup

ee96f37

Code cleanup

08c8617

Code cleanup

ed8b846

Code cleanup

6add25e

Code cleanup

869110f

Code cleanup

c843aea

jdesouza added 2 commits July 31, 2024 17:09

Code cleanup

8145216

Code cleanup

f134cfd

reactiveops-bot changed the title ~~[WIP] INSIGHTS-226 - Insights Admission Requests security issue for naked Pods~~ [WIP] INSIGHTS-226 - Insights Admission Requests security issue for rogue Pods Jul 31, 2024

jdesouza added 4 commits July 31, 2024 17:50

Code cleanup

f2330af

Fixed bug

aa9cd83

Fixed bug

7c18c0e

Fixed bug

369059c

jdesouza added 3 commits August 5, 2024 11:03

Adding full spec validation

89d7e9b

Adding full spec validation

73718fb

Checking fixing vuln

461a36a

Checking fixing vuln

dbd1438

jdesouza added 4 commits August 15, 2024 14:57

Merge

74b92ee

Updated validation lib

254a34b

Updated validation lib

9440a63

Removed unused code

7cf852b

jdesouza changed the title ~~[WIP] INSIGHTS-226 - Insights Admission Requests security issue for rogue Pods~~ INSIGHTS-226 - Insights Admission Requests security issue for rogue Pods Aug 15, 2024

jdesouza added 8 commits August 15, 2024 17:11

Changed versopm

e2ca535

Merge branch 'main' into js/NakedPods

bf3bad2

Merge branch 'main' into js/NakedPods

5905858

Merge branch 'js/NakedPods' of github.com:FairwindsOps/insights-plugi…

67bc692

…ns into js/NakedPods

Code cleanup

faeb21f

Code cleanup

e2befc7

Code cleanup

dfd6e0e

Code cleanup

0157d1c

vitorvezani reviewed Aug 28, 2024

View reviewed changes

Iterating over owners

cbfec0b

Iterating over owners

9297576

vitorvezani approved these changes Aug 29, 2024

View reviewed changes

jdesouza merged commit eaa3979 into main Aug 29, 2024
7 of 9 checks passed

jdesouza deleted the js/NakedPods branch August 29, 2024 13:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

INSIGHTS-226 - Insights Admission Requests security issue for rogue Pods #949

INSIGHTS-226 - Insights Admission Requests security issue for rogue Pods #949

jdesouza commented Jul 30, 2024 •

edited

Loading

fairwinds-insights bot commented Jul 30, 2024

fairwinds-insights bot commented Jul 30, 2024

fairwinds-insights bot commented Jul 31, 2024

fairwinds-insights bot commented Jul 31, 2024

fairwinds-insights bot commented Aug 1, 2024

fairwinds-insights bot commented Aug 5, 2024

fairwinds-insights bot commented Aug 5, 2024

fairwinds-insights bot commented Aug 5, 2024

fairwinds-insights bot commented Aug 28, 2024

vitorvezani Aug 28, 2024

jdesouza Aug 28, 2024

fairwinds-insights bot commented Aug 29, 2024

fairwinds-insights bot commented Aug 29, 2024

INSIGHTS-226 - Insights Admission Requests security issue for rogue Pods #949

INSIGHTS-226 - Insights Admission Requests security issue for rogue Pods #949

Conversation

jdesouza commented Jul 30, 2024 • edited Loading

Checklist

Description

What's the goal of this PR?

What changes did you make?

What alternative solution should we consider, if any?

fairwinds-insights bot commented Jul 30, 2024

Fairwinds Insights - Auto-scan job has failed ❌

fairwinds-insights bot commented Jul 30, 2024

Fairwinds Insights - Auto-scan job has failed ❌

fairwinds-insights bot commented Jul 31, 2024

Fairwinds Insights Scan Results

fairwinds-insights bot commented Jul 31, 2024

Fairwinds Insights - Auto-scan job has failed ❌

fairwinds-insights bot commented Aug 1, 2024

Fairwinds Insights - Auto-scan job has failed ❌

fairwinds-insights bot commented Aug 5, 2024

Fairwinds Insights - Auto-scan job has failed ❌

fairwinds-insights bot commented Aug 5, 2024

Fairwinds Insights - Auto-scan job has failed ❌

fairwinds-insights bot commented Aug 5, 2024

Fairwinds Insights - Auto-scan job has failed ❌

fairwinds-insights bot commented Aug 28, 2024

Fairwinds Insights - Auto-scan job has failed ❌

vitorvezani Aug 28, 2024

Choose a reason for hiding this comment

jdesouza Aug 28, 2024

Choose a reason for hiding this comment

fairwinds-insights bot commented Aug 29, 2024

Fairwinds Insights - Auto-scan job has failed ❌

fairwinds-insights bot commented Aug 29, 2024

Fairwinds Insights - Auto-scan job has failed ❌

jdesouza commented Jul 30, 2024 •

edited

Loading