-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FATAL error in image scan: failed to analyze image: failed to extract files: Could not extract the archive #139
Comments
@UnAfraid
If you failed task 1, check your network. |
@masahiro331 |
@UnAfraid Thank you for reporting. This is due to network timeout. Currently, the timeout value is hardcoded, so we have to implement |
Does the below code solve it?
|
@masahiro331 |
@UnAfraid
There are two problems. The first is that the first scan timeout. |
i tried with --clear-cache because there is warning saying to use it whenever the tag is 'latest' |
I'm sorry. Thank you for cooperating many times. Does the error occur even if the timeout is actually extended and clear-cache is specified? Is the cache updated?
|
root@docker2:~# ls -la /root/.cache/fanal
total 49468
drwxr-xr-x 2 root root 4096 Sep 3 11:16 .
drwx------ 7 root root 4096 Sep 3 11:16 ..
-rw-r--r-- 1 root root 478 Sep 3 11:16 sha256:16a3d8aca6cd76595d0fa99f7dcaf6c388c021bc6f5020d794e8292b88e5aac3
-rw-r--r-- 1 root root 479 Sep 3 11:16 sha256:2ea1f7804402db2da64e84a26bd591f41667ad69cd7f2a2c6106d9bb04dde260
-rw-r--r-- 1 root root 50379856 Sep 3 11:16 sha256:4ae16bd4778367b46064f39554128dd2fda2803a5747fddeff74059f353391c9
-rw-r--r-- 1 root root 244866 Sep 3 11:16 sha256:96465440c20877524189ae75d361dd29e5d0df330a8dac9427f972b429fe0159
-rw-r--r-- 1 root root 125 Sep 3 11:16 sha256:96d705baf026261543501205212451776c49ddaa48a0347afab3494275e0fc13
-rw-r--r-- 1 root root 478 Sep 3 11:16 sha256:bbab4ec87ac4f89eaabdf68dddbd1dd930e3ad43bded38d761b89abf9389a893
-rw-r--r-- 1 root root 477 Sep 3 11:16 sha256:e0ec5610455ae43994616afca2caf7da592cb975d7474ed112baa42e5c616d17
root@docker2:~# trivy --clear-cache golang:latest
2019-09-03T11:16:47.393+0300 INFO Removing image caches...
2019-09-03T11:16:47.412+0300 INFO Updating vulnerability database...
2019-09-03T11:16:58.489+0300 FATAL error in image scan: failed to analyze image: failed to extract files: Could not extract the archive
root@docker2:~# ls -la /root/.cache/fanal
total 57096
drwxr-xr-x 2 root root 4096 Sep 3 11:16 .
drwx------ 7 root root 4096 Sep 3 11:16 ..
-rw-r--r-- 1 root root 253232 Sep 3 11:16 sha256:16a3d8aca6cd76595d0fa99f7dcaf6c388c021bc6f5020d794e8292b88e5aac3
-rw-r--r-- 1 root root 479 Sep 3 11:16 sha256:2ea1f7804402db2da64e84a26bd591f41667ad69cd7f2a2c6106d9bb04dde260
-rw-r--r-- 1 root root 50379856 Sep 3 11:16 sha256:4ae16bd4778367b46064f39554128dd2fda2803a5747fddeff74059f353391c9
-rw-r--r-- 1 root root 475 Sep 3 11:16 sha256:96465440c20877524189ae75d361dd29e5d0df330a8dac9427f972b429fe0159
-rw-r--r-- 1 root root 125 Sep 3 11:16 sha256:96d705baf026261543501205212451776c49ddaa48a0347afab3494275e0fc13
-rw-r--r-- 1 root root 7804467 Sep 3 11:16 sha256:bbab4ec87ac4f89eaabdf68dddbd1dd930e3ad43bded38d761b89abf9389a893
-rw-r--r-- 1 root root 1369 Sep 3 11:16 sha256:e0ec5610455ae43994616afca2caf7da592cb975d7474ed112baa42e5c616d17
root@docker2:~# |
When I tried it in another environment, happened connection reset by peer. Add debug log point.
|
@knqyf263 please add more debug lines here:
A debug line, that informs me that "Updating vulnerability database..." has finished would be helpful, to be sure that "read: connection reset by peer" is from image download and not from DB download (less guessing, easyer to read logs). Please also add messages that informs me if trivy had successful connected to local docker daemon but couldn't find that image locally. Of if it skips the local daemon (could not find the daemon, etc.) and does a direct fallback to remote repo or if it is skipping local docker daemon because of using trivy cache - would be helpful on debugging (more clear situation). |
Hey @knqyf263 @masahiro331 , is this issue is still relevant? |
@christian-weiss I'm sorry to miss your message for a long time.
We have a progress bar now and you can know if the DB has finished downloading.
Thanks. |
@dlemel8 Thank you for the offer. I believe this issue was fixed with |
021-12-09T13:21:54.590+0530 FATAL scan error:
I am getting such errors while scanning my image. trivy version trivy --version |
This issue still exist for |
@knqyf263 any comment please ? |
@thangamani-arun thanks for your report! |
@afdesk We have tried with |
* Created analyzer for NuGet. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * refactor(nuget): sort imports Co-authored-by: knqyf263 <knqyf263@gmail.com>
* Created analyzer for NuGet. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * refactor(nuget): sort imports Co-authored-by: knqyf263 <knqyf263@gmail.com>
…asecurity#139) Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
Description
Attempting to scan few public packages like openjdk and it fails to extract the archive, but downloading it locally and using the hash works fine
It looks related to the tags because if i don't specify one it works, even latest causes it to fail with Could not extract archive
What happened?
OpenJDK
Docker
Golang
Output of run with
-debug
:Output of
trivy -v
:Additional details (base image name, container registry info...):
openjdk:11.0-jre
openjdk:latest
docker:stable-dind
docker:latest
golang:1.12-alpine
golang:latest
And more
The text was updated successfully, but these errors were encountered: