/version endpoint issue

[gerbil]

What steps did you take and what happened:

/version server get call

What did you expect to happen:

curl -s 0.0.0.0:8080/version | jq

{
  "Version": "dev",
  "VulnerabilityDB": {
    "Version": 2,
    "NextUpdate": "2023-07-25T14:15:29.876639806Z",
    "UpdatedAt": "2023-07-25T08:15:29.876640206Z",
    "DownloadedAt": "2023-07-25T09:36:25.599004Z"
  },
  "JavaDB": {
    "Version": 1,
    "NextUpdate": "2023-07-28T01:03:52.169192565Z",
    "UpdatedAt": "2023-07-25T01:03:52.169192765Z",
    "DownloadedAt": "2023-07-25T09:37:48.906152Z"
  },
  "PolicyBundle": {
    "Digest": "sha256:829832357626da2677955e3b427191212978ba20012b6eaa03229ca28569ae43",
    "DownloadedAt": "2023-07-23T11:40:33.122462Z"
  }
}

Result:
curl -s 0.0.0.0:8080/version | jq

{
"Version": "0.47.0"
}

Log:

2023-12-19T13:48:19.875Z	DEBUG	Failed to get Java DB metadata	{"error": "unable to open a file: open /home/scanner/.cache/trivy/java-db/metadata.json: no such file or directory", "errorVerbose": "unable to open a file:\n    github.com/aquasecurity/trivy-java-db/pkg/db.(*Client).Get\n        /home/runner/go/pkg/mod/github.com/aquasecurity/trivy-java-db@v0.0.0-20230209231723-7cddb1406728/pkg/db/metadata.go:35\n  - open /home/scanner/.cache/trivy/java-db/metadata.json: no such file or directory"}
2023-12-19T13:48:19.875Z	DEBUG	Failed to open the policy metadata: open /home/scanner/.cache/trivy/policy/metadata.json: no such file or directory
2023-12-19T13:48:19.875Z	DEBUG	Failed to get policy metadata	{"error": "open /home/scanner/.cache/trivy/policy/metadata.json: no such file or directory"}```

- Trivy-Operator version (use `trivy-operator version`): 0.18.2
- Kubernetes version (use `kubectl version`): 1.26

[gerbil]

Aftere a while i got:

{
"Version": "0.47.0",
  "VulnerabilityDB": {
    "Version": 2,
      "NextUpdate": "2023-12-21T12:11:54.970173949Z",
      "UpdatedAt": "2023-12-21T06:11:54.97017452Z",
      "DownloadedAt": "2023-12-21T06:23:21.793777085Z"
  }
}

Still missing java db

[gerbil]

After manual sync for java db into /home/scanner/.cache/trivy/java-db/ i can see metadata parsed correctly. Seems like java db can't be downloaded for some reasons by server itself.

[chen-keinan]

After manual sync for java db into /home/scanner/.cache/trivy/java-db/ i can see metadata parsed correctly. Seems like java db can't be downloaded for some reasons by server itself.

@gerbil you are setting client/server mode ? JavaDB is downloaded on client side not server side

[gerbil]

After manual sync for java db into /home/scanner/.cache/trivy/java-db/ i can see metadata parsed correctly. Seems like java db can't be downloaded for some reasons by server itself.

@gerbil you are setting client/server mode ? JavaDB is downloaded on client side not server side

Yeap, unfortunately.. is there any chance to overcome this and use server side download (even manualy) JavaDB?

[chen-keinan]

After manual sync for java db into /home/scanner/.cache/trivy/java-db/ i can see metadata parsed correctly. Seems like java db can't be downloaded for some reasons by server itself.

@gerbil you are setting client/server mode ? JavaDB is downloaded on client side not server side

Yeap, unfortunately.. is there any chance to overcome this and use server side download (even manualy) JavaDB?

not sure if trivy support it, can you open a issue on trivy and we could pick it from there ?
the reason it was not made on server side from the 1st place is that trivy only donwload javaDB it it find relevant packages and only CLI know this

[chen-keinan]

@gerbil this is the ref in trivy JavaDB server side