Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected JSON output when --report summary is set in trivy k8s for multi-container workloads #5889

Open
2 tasks done
chen-keinan opened this issue Jan 7, 2024 Discussed in #5886 · 2 comments · May be fixed by #7444
Open
2 tasks done

Unexpected JSON output when --report summary is set in trivy k8s for multi-container workloads #5889

chen-keinan opened this issue Jan 7, 2024 Discussed in #5886 · 2 comments · May be fixed by #7444
Assignees
@chen-keinan
Labels
kind/bug Categorizes issue or PR as related to a bug. target/kubernetes Issues relating to kubernetes cluster scanning

Comments

@chen-keinan
Copy link
Contributor

Discussed in #5886

Originally posted by matheusfm January 5, 2024

Description

The command trivy k8s returns an unexpected JSON for multi-container workloads when --report summary is provided.

trivy-summary

Desired Behavior

The expected output is separate items for each image, just as it is returned when the --report summary flag is not provided.

Actual Behavior

Currently, results from different images are returned together when --report summary flag is provided and the second image's metadata are not returned.

Reproduction Steps

1. kind create cluster

2. # apply a sample multi-container workload
cat << EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  labels:
    app: app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: app
  template:
    metadata:
      name: app
      labels:
        app: app
    spec:
      containers:
        - name: c1
          image: nginx
          imagePullPolicy: IfNotPresent
        - name: c2
          image: alpine
          imagePullPolicy: IfNotPresent
          command: [ "watch" ]
          args: [ "ls" ]
      restartPolicy: Always
EOF

3. trivy k8s --scanners vuln -f json -o /tmp/app-results.json deploy app

4. trivy k8s --scanners vuln -f json -o /tmp/app-summary-results.json --report summary deploy app

5. trivy k8s --all-namespaces --scanners=vuln -f json -o /tmp/cluster-results.json cluster

6. trivy k8s --all-namespaces --scanners=vuln -f json -o /tmp/summary-results.json --report summary cluster

Target

Kubernetes

Scanner

Vulnerability

Output Format

JSON

Mode

Standalone

Debug Output

2024-01-05T18:08:10.900-0300	DEBUG	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-01-05T18:08:10.902-0300	DEBUG	Ignore statuses	{"statuses": null}
2024-01-05T18:08:10.950-0300	DEBUG	cache dir:  /home/matheusfm/.cache/trivy
2024-01-05T18:08:10.950-0300	DEBUG	DB update was skipped because the local DB is the latest
2024-01-05T18:08:10.950-0300	DEBUG	DB Schema: 2, UpdatedAt: 2024-01-05 18:12:41.971420099 +0000 UTC, NextUpdate: 2024-01-06 00:12:41.971419839 +0000 UTC, DownloadedAt: 2024-01-05 20:00:22.211571763 +0000 UTC
1 / 1 [---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s

Operating System

linux ubuntu

Version

Version: 0.48.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-01-05 18:12:41.971420099 +0000 UTC
  NextUpdate: 2024-01-06 00:12:41.971419839 +0000 UTC
  DownloadedAt: 2024-01-05 20:00:22.211571763 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-01-04 00:49:07.45555807 +0000 UTC
  NextUpdate: 2024-01-07 00:49:07.45555793 +0000 UTC
  DownloadedAt: 2024-01-04 18:21:12.669585263 +0000 UTC

Checklist
@chen-keinan chen-keinan added kind/bug Categorizes issue or PR as related to a bug. target/kubernetes Issues relating to kubernetes cluster scanning labels Jan 7, 2024
@chen-keinan chen-keinan self-assigned this Jan 11, 2024
@smtan-gl smtan-gl linked a pull request Sep 5, 2024 that will close this issue
Open
6 tasks
@smtan-gl
Copy link

smtan-gl commented Sep 5, 2024

@chen-keinan I've opened a PR to propose a potential fix. Appreciate your feedback on whether this approach works 🙂

@smtan-gl
Copy link

smtan-gl commented Sep 5, 2024

@chen-keinan I'm curious about the RepoTags field in Metadata being an array. Could you share in what scenario there might be multiple RepoTags?

{
  "ClusterName": "",
  "Findings": [
    {
      "Namespace": "default",
      "Kind": "Pod",
      "Name": "nginx-fluentd-pod",
      "Metadata": {
        "OS": {
          "Family": "debian",
          "Name": "12.6"
        },
          "RepoTags": [
            "nginx:latest"
          ],
          "DiffIDs": []
      },
      "Results": [
        {
          "Target": "nginx:latest (debian 12.6)",
          "Class": "os-pkgs",
          "Type": "debian",
          "Packages": [],
          "Vulnerabilities": []
        },
        {
          "Target": "fluent/fluentd:v1.17-armhf-debian (debian 12.6)",
          "Class": "os-pkgs",
          "Type": "debian",
          "Packages": [],
          "Vulnerabilities": []
        },
        {
          "Target": "Ruby",
          "Class": "lang-pkgs",
          "Type": "gemspec",
          "Packages": [],
          "Vulnerabilities": []
        }
      ]
    }
  ]
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chen-keinan chen-keinan

Labels
kind/bug Categorizes issue or PR as related to a bug. target/kubernetes Issues relating to kubernetes cluster scanning
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(k8s)!: support k8s multi container smtan-gl/trivy
2 participants
@chen-keinan @smtan-gl