Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running concurrent trivy image scans seems to block #3145

Closed
archoversight opened this issue Nov 7, 2022 · 2 comments
Closed

Running concurrent trivy image scans seems to block #3145

archoversight opened this issue Nov 7, 2022 · 2 comments
Labels
triage/support Indicates an issue that is a support question.

Comments

@archoversight
Copy link

Description

I am running scans across many images in parallel on a single machine that has 32 cores. When I spin up 20 trivy image scans against multiple different containers at once, it seems that only one makes progress and all others sit idle.

What did you expect to happen?

I expect that each of the trivy processes uses up as much CPU as it can to scan the images as fast as it can.

What happened instead?

A single slow image that timed out seemed to be holding up all other scans.

Output of run with -debug:

(paste your output here)

Output of trivy -v:

trivy -v
Version: 0.33.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2022-11-07 18:07:31.473970035 +0000 UTC
  NextUpdate: 2022-11-08 00:07:31.473969535 +0000 UTC
  DownloadedAt: 2022-11-07 21:20:41.291209481 +0000 UTC

Additional details (base image name, container registry info...):
@archoversight archoversight added the kind/bug Categorizes issue or PR as related to a bug. label Nov 7, 2022
@NitroCao
Copy link

It's not a bug, a "feature" instead because Trivy uses boltdb as the vulnerability database, which doesn't support concurrent access. Related issues are #1529, #650, #660.
The workaround is to use client/server mode (https://aquasecurity.github.io/trivy/v0.34/docs/references/modes/client-server/).

@afdesk afdesk added triage/support Indicates an issue that is a support question. and removed kind/bug Categorizes issue or PR as related to a bug. labels Nov 11, 2022
@archoversight
Copy link
Author

Work-around deployed. It means there is an additional process that needs to be managed if one wants to quickly scan multiple containers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage/support Indicates an issue that is a support question.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@NitroCao @afdesk @archoversight