Trivy client server mode not scanning secrets exposed in image, Trivy standalone works. #1836
Labels
kind/bug
Categorizes issue or PR as related to a bug.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
target/kubernetes
Issues relating to kubernetes cluster scanning
What steps did you take and what happened:
Running Trivy operator with these ENV values
Built a Dockerfile with following
Running a pod in cluster with Trivy Operator running with Trivy server in Client/Server Mode
Exposed Secret Report is not catching any secret.
[A clear and concise description of what the bug is, and what commands you ran.]
What did you expect to happen:
Expected Trivy operator to catch exposed secrets.
Anything else you would like to add:
Running in standalone Trivy image scan catches exposed secrets using Trivy cli i.e
trivy image --image-config-scanners secret --scanners secret --timeout 10m nginxwithsecret:v1
When running Trivy cli using Trivy Server, its back to not catching those secrets for the same image.
trivy image --server http://localhost:4954 --image-config-scanners secret --scanners secret --timeout 10m nginxwithsecret:v1
This issue was also reported here
#1297 and was thought to be fixed in #1301
But I believe the fix is addressing FS mode scanning not image scanning as fix was only put in
func (p *plugin) getFSScanningArgs(ctx trivyoperator.PluginContext, command Command, mode Mode, trivyServerURL string) []string
Environment:
trivy-operator version
): 0.18.3 Chart version: 0.20.4kubectl version
): v1.27.7The text was updated successfully, but these errors were encountered: