You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to integrate the Trivy library into a Go application to scan Docker images for vulnerabilities, but I'm running into an issue. Although my code is able to retrieve the image metadata, it doesn't perform the actual scan on the Docker image. Below is the code I've implemented so far:
func (t *TrivyScanner) ScanImage(ctx context.Context, registryAuthOptions *models.RegistryAuthOptions, myimage models.Image) (ScanResult, error) {
// Initialize Trivy scanner options
var credentials []fanalTypes.Credential
for _, cred := range registryAuthOptions.Credentials {
credentials = append(credentials, fanalTypes.Credential{
Username: cred.Username,
Password: cred.Password,
})
}
// Prepare Trivy scan options
flagOpt := flag.Options{
GlobalOptions: flag.GlobalOptions{
Quiet: false,
Debug: true, // Enable debugging for more insights
},
DBOptions: flag.DBOptions{
Reset: false, // Do not reset DB cache, unless necessary
SkipDBUpdate: false, // Make sure DB is updated
},
CleanOptions: flag.CleanOptions{
CleanAll: true,
},
RegistryOptions: flag.RegistryOptions{
Credentials: credentials, // Add registry credentials
},
ScanOptions: flag.ScanOptions{
Target: myimage.URI, // The image URI to scan
Scanners: types.Scanners{
types.VulnerabilityScanner,
},
},
ImageOptions: flag.ImageOptions{
ImageSources: []fanalTypes.ImageSource{
fanalTypes.RemoteImageSource, // Use remote image source
},
},
VulnerabilityOptions: flag.VulnerabilityOptions{
SkipVEXRepoUpdate: false,
},
ReportOptions: flag.ReportOptions{
Format: types.FormatJSON,
Severities: []dbTypes.Severity{
dbTypes.SeverityUnknown,
dbTypes.SeverityCritical,
dbTypes.SeverityHigh,
dbTypes.SeverityMedium,
dbTypes.SeverityLow,
},
},
}
runner, err := artifact.NewRunner(ctx, flag.Options{
GlobalOptions: flag.GlobalOptions{
Quiet: false,
Debug: true, // Enable debugging for more insights
},
DBOptions: flag.DBOptions{
Reset: false, // Do not reset DB cache, unless necessary
SkipDBUpdate: false, // Make sure DB is updated
},
CleanOptions: flag.CleanOptions{
CleanAll: true,
},
})
if err != nil {
return ScanResult{}, fmt.Errorf("failed to initialize Trivy runner: %w", err)
}
// Start scanning
results, err := runner.ScanImage(ctx, flagOpt)
if err != nil {
return ScanResult{}, fmt.Errorf("failed to scan the image: %w", err)
}
var vulnerabilities []models.Vulnerability
resultsJson, _ := json.Marshal(results)
fmt.Println("====================================")
fmt.Println(string(resultsJson))
fmt.Println("====================================")
for _, result := range results.Results {
for _, vuln := range result.Vulnerabilities {
fmt.Println("Vulnerability ID: ", vuln.VulnerabilityID)
}
}
return ScanResult{
ImageName: myimage.Repository,
Vulnerabilities: vulnerabilities,
}, nil
}
The problem I’m facing is that while the image metadata is retrieved, it doesn't seem to perform a vulnerability scan on the image itself.
Has anyone encountered this issue before or could suggest how to ensure the image gets scanned properly? Any advice on how to adjust the scanning process or potential missing configurations would be greatly appreciated!
triage/supportIndicates an issue that is a support question.
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Question
Hi everyone,
I'm trying to integrate the Trivy library into a Go application to scan Docker images for vulnerabilities, but I'm running into an issue. Although my code is able to retrieve the image metadata, it doesn't perform the actual scan on the Docker image. Below is the code I've implemented so far:
The problem I’m facing is that while the image metadata is retrieved, it doesn't seem to perform a vulnerability scan on the image itself.
Has anyone encountered this issue before or could suggest how to ensure the image gets scanned properly? Any advice on how to adjust the scanning process or potential missing configurations would be greatly appreciated!
Thanks in advance! 😊
Target
Container Image
Scanner
Vulnerability
Output Format
JSON
Mode
Standalone
Operating System
No response
Version
No response
Beta Was this translation helpful? Give feedback.
All reactions