Container Scanning fails for "from scratch" Images
Is
Scanning a "from scratch" docker image fails with
...
021-12-22T07:34:45.807Z DEBUG OS is not detected and vulnerabilities in OS packages are not detected.
2021-12-22T07:34:45.807Z DEBUG Detected OS: unknown
2021-12-22T07:34:45.807Z INFO Number of language-specific files: 0
[ERROR] [2021-12-22 07:34:45 +0000] [] ▶ private method `select' called for nil:NilClass
Expected The scan should finish without errors
Analysis
I think gtcs has wrong assumption for the json output of trivy. The Keys metadata / os Family
, metadata / os / Name
, Results
and perhaps others do not always exist.
This is where https://gitlab.com/gitlab-org/security-products/analyzers/container-scanning/-/blob/master/lib/gcs/dependency_list_converter.rb#L26 and following will fail.
Implementation Plan
-
backend in lib/gcs/dependency_list_converter.rb
incontainer-scanning
analyzer return empty report when there JSON report from Trivy does not containResult
section.
Edited by Alan (Maciej) Paruszewski