Error in 0.20.0 - panic: runtime error: index out of range [0] with length 0

[ziv-airis]

Hey,

I'm using the latest version of trivy-action

 - name: Scan for vulnerabilities
      uses: aquasecurity/trivy-action@master

Something happened today(maybe the new version) which is causing our action to failed

panic: runtime error: index out of range [0] with length 0

goroutine 26 [running]:
github.com/aquasecurity/trivy/pkg/dependency/parser/conda/environment.(*Parser).parseDependency(0xd495301?, {0x0, 0x0})
	/home/runner/work/trivy/trivy/pkg/dependency/parser/conda/environment/parse.go:89 +0x28c
github.com/aquasecurity/trivy/pkg/dependency/parser/conda/environment.(*Parser).toLibrary(0xc0009a5248, {{0x0?, 0x7478360?}, 0x1?})
	/home/runner/work/trivy/trivy/pkg/dependency/parser/conda/environment/parse.go:59 +0x58
github.com/aquasecurity/trivy/pkg/dependency/parser/conda/environment.(*Parser).Parse(0xc0009a5248, {0x9ae8e30, 0xc0033845f0})
	/home/runner/work/trivy/trivy/pkg/dependency/parser/conda/environment/parse.go:46 +0x2f1
github.com/aquasecurity/trivy/pkg/fanal/analyzer/language.Parse({0x833dc48, 0x11}, {0xc00383d[29](https://github.com/airis-labs/airis-banias/actions/runs/8998970710/job/24720201127#step:10:30)0, 0x28}, {0x9a488e0?, 0xc0033845f0?}, {0x9a5d520, 0xc0009a5248})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/language/analyze.go:52 +0xd7
github.com/aquasecurity/trivy/pkg/fanal/analyzer/language.Analyze({0x833dc48?, 0x11?}, {0xc00383d290, 0x28}, {0x9ae8e[30](https://github.com/airis-labs/airis-banias/actions/runs/8998970710/job/24720201127#step:10:31)?, 0xc0033845f0?}, {0x9a5d520?, 0xc0009a5248?})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/language/analyze.go:20 +0x73
github.com/aquasecurity/trivy/pkg/fanal/analyzer/language/conda/environment.environmentAnalyzer.Analyze({}, {0x0?, 0x0?}, {{0x7ffeb7a3d9df, 0x1}, {0xc00383d290, 0x28}, {0x9b05268, 0xc00383ed00}, {0x9ae8e30, ...}, ...})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/language/conda/environment/environment.go:25 +0x8e
github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.AnalyzeFile.func1({0x9afa688?, 0xd500f20}, {0x9af8650?, 0xc0033845f0?})
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:4[32](https://github.com/airis-labs/airis-banias/actions/runs/8998970710/job/24720201127#step:10:33) +0x245
created by github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.AnalyzeFile in goroutine 1
	/home/runner/work/trivy/trivy/pkg/fanal/analyzer/analyzer.go:427 +0x52e

[afdesk]

is this runtime error reproducible locally with trivy 0.51.1?

[afdesk]

it looks like the latest trivy has a bug with Conda, and it's known issue: aquasecurity/trivy#6659

[ziv-airis]

Thank you for the quick response.
Is there an option to run trivy-action with the previous version?

[simar7]

Thank you for the quick response.
Is there an option to run trivy-action with the previous version?

You can pin to the last release:

 - name: Scan for vulnerabilities
      uses: aquasecurity/trivy-action@0.19.0

[DmitriyLewen]

FYI - fix for this problem has been merged - aquasecurity/trivy#6675