Failed to trigger scan with Trivy

[steven-zou]

Send request:

{"registry_url":"10.16*.*.*","registry_token":"<MY-TOKEN>","repository":"scanners/mongo","tag":"3.4-xenial","digest":"sha256:762277c0de87e5499e418c40cfe7352f7f976802b019e7ac0948d39e5f4a7413"}

The following error occurred:

2019/08/13 11:27:57 Starting harbor-scanner-trivy with config &{:8080     }
2019/08/13 11:29:46 RegistryURL: http://10.16*.*.*
2019/08/13 11:29:46 Repository: scanners/mongo
2019/08/13 11:29:46 Tag: 3.4-xenial
2019/08/13 11:29:46 Digest: sha256:762277c0de87e5499e418c40cfe7352f7f976802b019e7ac0948d39e5f4a7413
2019/08/13 11:29:46 Scan request: 46b3e41a-b096-44ad-b8c0-c014e10eb8c0
2019/08/13 11:29:46 Started scanning http://10.16*.*.*/scanners/mongo:3.4-xenial ...
2019-08-13T11:29:46.612Z        DEBUG   cache dir:  /root/.cache/trivy
2019-08-13T11:29:46.613Z        DEBUG   db path: /root/.cache/trivy/db/trivy.db
2019-08-13T11:29:46.623Z        INFO    Updating vulnerability database...
2019-08-13T11:29:46.623Z        DEBUG   git pull
2019-08-13T11:29:47.444Z        DEBUG   total updated files: 1
2019-08-13T11:29:47.475Z        FATAL   invalid image:
    github.com/knqyf263/trivy/pkg.Run
        /root/project/pkg/run.go:153
  - parsing image "http://10.16*.*.*/scanners/mongo:3.4-xenial" failed: invalid reference format
2019/08/13 11:29:47 ERROR: running trivy: exit status 1

[danielpacak]

This is most likely related to the way we concatenate registry URL with repository and artifact digest to create a docker image reference which is then passed as a command line arg to Trivy executable.

https://github.com/aquasecurity/harbor-scanner-trivy/blob/master/pkg/image/trivy/scanner.go#L32

We should parse the registry URL and extract just host:port part, so instead of http://10.16*.*.*/scanners/mongo:3.4-xenial it should be 10.16*.*.*/scanners/mongo:3.4-xenial.

[danielpacak]

Resolved in #13