-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
trivy image scan not detecting jar files #2054
Comments
Hello @amirdamirov can you try to scan your image with Regards, Dmitriy |
@DmitriyLewen thanks. 2022-04-27T18:14:19.097+0400 DEBUG Parsing Java artifacts... {"file": "opt/test/presentation-api/lib/presentation-api.jar"}
|
@amirdamirov Thanks for your answer! Can I get your image or dockerfile (or part of it with a reproduction of your issue)? and 1 more question: have you tried using a timeout with a larger value? |
unfortunately cant share the image. Because it is a custom image. |
okay, i understand you. Trivy doesn't stop scanning if it has errors with java files. can you try using |
With this key |
In version 0.27.0 we added a secret scan. Secret scan is currently enabled by default. |
When i removed |
This issue is stale because it has been labeled with inactivity. |
@DmitriyLewen I am facing the same issue "no pom file in the central repository". It is working fine for the trivy 0.37.3 but after upgrading further it is displaying the error message. please help in this. I have also tried using --timeout 60m and --security-checks vuln flags. @amirdamirov Can you please reopen this issue as its we started facing it after upgrading from 0.37.3 |
Hello @josephkishan If it doesn't help - can you send me your jar file and i will try to understand why Trivy can't parse this file. Regards, Dmitriy |
Sorry @DmitriyLewen i cannot share the details. But now if i tried 0.37.3 it works fine. Not working with the latest trivy(0.38.1). This is the --debug output
|
hm... it is strange... Can you scan your image again with |
@DmitriyLewen Below is the --slow output
|
@josephkishan looks like there is same issue - #3760 |
yes @DmitriyLewen same issue. Can you please help in this |
Description
I configured trivy in my pipeline. It was working normally since yesterday.
I put the "--debug" option please check below. Is it related to bugs ?
What did you expect to happen?
Normal scan with vulnerability report
What happened instead?
Parsing Java artifacts... {"file": "usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64/jre/lib/ext/dnsns.jar"}
No such POM in the central ****sitories {"file": "cldrdata.jar"}
and etc
Output of run with
-debug
:Output of
trivy -v
:Additional details (base image name, container registry info...):
base image: centos:7
container reg: Custom image for java app
artifacts: Jar files installed via rpm
The text was updated successfully, but these errors were encountered: