You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Steps to reproduce the problem:
I installed Harbor 2.3.3, uploaded a nice image and triggered a scan through the user interface.
Later, I saw this in the log:
2021-10-12T00:00:07.380Z �[34mINFO�[0m Need to update DB
2021-10-12T00:00:07.380Z �[34mINFO�[0m Downloading DB...
2021-10-12T00:00:17.387Z �[31mFATAL�[0m DB error: failed to download vulnerability DB: failed to download vulnerability DB: failed to list releases: Get "https://api.github.com/repos/aquasecurity/trivy-db/releases": dial tcp: lookup api.github.com on 127.0.0.11:53: read udp 127.0.0.1:39070->127.0.0.11:53: i/o timeout
: general response handler: unexpected status code: 500, expected: 200: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2021-10-12T00:00:07.380Z �[34mINFO�[0m Need to update DB
2021-10-12T00:00:07.380Z �[34mINFO�[0m Downloading DB...
2021-10-12T00:00:17.387Z �[31mFATAL�[0m DB error: failed to download vulnerability DB: failed to download vulnerability DB: failed to list releases: Get "https://api.github.com/repos/aquasecurity/trivy-db/releases": dial tcp: lookup api.github.com on 127.0.0.11:53: read udp 127.0.0.1:39070->127.0.0.11:53: i/o timeout
: general response handler: unexpected status code: 500, expected: 200
I exec'ed into the container and tried to curl:
$ docker exec -it trivy-adapter bash
scanner [ / ]$ curl https://api.github.com/repos/aquasecurity/trivy-db/releases
curl: (6) Could not resolve host: api.github.com
Then I tried updating /etc/resolv.conf in the container as root.
It's a Docker DNS config or firewall issue. Trivy scanner requires internet connection to periodically download vulnerability database from GitHub to show up to date risks.
Instead of exec-ing to the trivy-adapter container as root or trying other undocumented hacks just add DNS in docker-compose.yml created by Harbor installer.
NOTE This is just an example configuration. Adjust IP addresses accordingly.
Steps to reproduce the problem:
I installed Harbor 2.3.3, uploaded a nice image and triggered a scan through the user interface.
Later, I saw this in the log:
I exec'ed into the container and tried to curl:
Then I tried updating
/etc/resolv.conf
in the container as root.I triggered the scan again through the UI and it succeeded.
So I conclude that
trivy-adapter-photon:v2.3.3
maybe has some dns configuration issue. How is this supposed to work normally? What did I do wrong?Versions:
The text was updated successfully, but these errors were encountered: