-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trivy fails on same image multiple hash scans #3894
Comments
I just tried disabling the VolumeMount on trivy pod and scanning multiple images seems to work great.
|
I'm unfamiliar with Harbor, but I think you can select Redis as the cache backend. Sharing the filesystem cache between multiple Trivy instances is not supported. |
This is actually what I did: not sure it is working tho. What are the keys that are injected into redis? replace in trivy statefulset
|
Ok. After testing, i can confirm that this is in fact because different trivy instances where using the same data and this was causing issues. I will fix this where appropriate. |
Description
Trivy seems to fail when multiple run jobs inpacting the same layer run at the same time.
This happens on a kubernetes environment where the trivy workers are sharing the same PVC
adapter container version: v2.5.4 and also tried to upgrade to v2.7.1
What did you expect to happen?
Scans to be successfull
What happened instead?
If the scanning is updated on more than the number of trivy workers, some of them (if not most, fail)
Asking to scan 3 at a time = to the number of trivy workers, seems to work successfully (after reseting trivy and its backing pvc/pv volume data). Ex:
Output of run with
-debug
:Example of a failed run:
Related error, but slightly different (case, multiple same image hash scan requests)
Output of
trivy -v
:Additional details (base image name, container registry info...):
The text was updated successfully, but these errors were encountered: