Trivy isn't able to detect fingerprint of golang binary in scratch container and aborts table scan #8151
Replies: 4 comments 10 replies
-
Looks like https://github.com/celo-org/akeyless/blob/main/akeyless-action/Dockerfile is private |
Beta Was this translation helpful? Give feedback.
-
Sorry, the image is at |
Beta Was this translation helpful? Give feedback.
-
Hi, thanks for this, I guess I was a little confused about what the problem is and that this was intended. So just to confirm, this idea you linked hasn't been implemented yet, and there's no way to confirm with table whether or not a scan with 0 vulnerabilities was performed correctly, we just have to assume if we didn't see any results or errors everything is fine? (its an automated ci/cd scanning). |
Beta Was this translation helpful? Give feedback.
-
The github action here https://github.com/aquasecurity/trivy-action does't seem to have an input to enable debug, so there's not a way to detect this through github actions. |
Beta Was this translation helpful? Give feedback.
-
Description
Version: 0.58.0
I have a go program built in a container, then copied to a scratch container, and trivy isn't detecting it as a golang program.
I have other apps with this same docker setup (image golang:1.23-bookworm) that trivy detects their "OS" as the golang binary and scans it.
I'm not sure what information I'd need to provide for this, but happy to add anything upon request.
The container and application both build properly
Desired Behavior
Expect trivy to be able to detect the image as being a stripped down golang binary for this app
Actual Behavior
Trivy can't detect the "OS" so it doesn't produce a scan report
Reproduction Steps
Target
Container Image
Scanner
Vulnerability
Output Format
Table
Mode
Standalone
Debug Output
Operating System
Linux (github actions platform)
Version
Checklist
trivy clean --all
Beta Was this translation helpful? Give feedback.
All reactions