Comments (9)
I just tried this on the alpine base image too, same situation:
$ ./clairctl -D report --host http://clair.clair.svc.cluster.local:8080 alpine
2023-05-16T21:16:12Z DBG fetching ref=alpine
2023-05-16T21:16:12Z DBG using text output
2023-05-16T21:16:13Z DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:13Z DBG requesting index_report attempt=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
2023-05-16T21:16:14Z DBG manifest may be out-of-date digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda manifest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG found layers count=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG requesting index_report attempt=2 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
2023-05-16T21:16:15Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=POST path=/indexer/api/v1/index_report ref=alpine status="201 Created"
2023-05-16T21:16:15Z DBG setting validator digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine validator="\"7a5f5333aeda3d3d3c679da74d74cab5\""
2023-05-16T21:16:15Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/matcher/api/v1/vulnerability_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
alpine ok
but both Trivy and Grype have the same findings:
$ trivy image alpine
2023-05-16T22:15:06.074+0100 INFO Vulnerability scanning is enabled
2023-05-16T22:15:06.074+0100 INFO Secret scanning is enabled
2023-05-16T22:15:06.074+0100 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-05-16T22:15:06.074+0100 INFO Please see also https://aquasecurity.github.io/trivy/v0.41/docs/secret/scanning/#recommendation for faster secret detection
2023-05-16T22:15:06.893+0100 INFO Detected OS: alpine
2023-05-16T22:15:06.893+0100 INFO Detecting Alpine vulnerabilities...
2023-05-16T22:15:07.034+0100 INFO Number of language-specific files: 0
alpine (alpine 3.17.3)
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)
┌────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2023-1255 │ MEDIUM │ 3.0.8-r3 │ 3.0.8-r4 │ Input buffer over-read in AES-XTS implementation on 64 bit │
│ │ │ │ │ │ ARM │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1255 │
├────────────┤ │ │ │ │ │
│ libssl3 │ │ │ │ │ │
│ │ │ │ │ │ │
│ │ │ │ │ │ │
└────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘
$ gype alpine
bash: gype: command not found
22:15:14 hari@agrippa:master ~/github/templates > grype alpine
✔ Vulnerability DB [no update available]
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [16 packages]
✔ Scanning image... [2 vulnerabilities]
├── 0 critical, 0 high, 2 medium, 0 low, 0 negligible
└── 2 fixed
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
libcrypto3 3.0.8-r3 3.0.8-r4 apk CVE-2023-1255 Medium
libssl3 3.0.8-r3 3.0.8-r4 apk CVE-2023-1255 Medium
Have I configured Claire wrong is this a bug or limitation as I can see alpine in the list of matchers and updater_sets?
And in the clair pod logs it does look like it is updating for alpine:
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-community-v3.11-updater","time":"2023-05-16T21:18:01Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.11-updater","time":"2023-05-16T21:18:01Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.11-updater","time":"2023-05-16T21:18:01Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-community-v3.8-updater","time":"2023-05-16T21:18:01Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.8-updater","time":"2023-05-16T21:18:01Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.8-updater","time":"2023-05-16T21:18:01Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-community-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-community-v3.12-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.12-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.12-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-main-v3.11-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.11-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.11-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-main-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-main-v3.3-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.3-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.3-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
from clair.
Does this occur against a current release? 4.3 is pretty old
from clair.
Yes I've just upgraded the Kubernetes deployment to use the Clair 4.6.1 docker image and run clairctl again after the pod was replaced with the new version and still got the same result:
$ ./clairctl -D report --host http://clair.clair.svc.cluster.local:8080 alpine
2023-05-16T23:22:50Z DBG fetching ref=alpine
2023-05-16T23:22:50Z DBG using text output
2023-05-16T23:22:50Z DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:50Z DBG requesting index_report attempt=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
2023-05-16T23:22:51Z DBG manifest may be out-of-date digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda manifest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG found layers count=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG requesting index_report attempt=2 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
2023-05-16T23:22:53Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=POST path=/indexer/api/v1/index_report ref=alpine status="201 Created"
2023-05-16T23:22:53Z DBG setting validator digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine validator="\"72c02bd8d137de68c2a998932cc427a2\""
2023-05-16T23:22:53Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/matcher/api/v1/vulnerability_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
alpine ok
from clair.
Can you post server logs and the JSON output of clairctl?
from clair.
This can also be reproduced by looking at vulnerabilities found by AWS ECR, which uses Clair under the hood.
In our setup, we use Harbor, which scans using Trivy, after which it replicates the images in ECR, which scans on push.
The difference in findings is abysmal:
For the same image, Trivy finds 148 items while ECR/Clair only has 12.
from clair.
It's impossible to help any further without the relevant server logs and the JSON output.
As far as ECR, I'd advise you to take it up with their support. We don't operate ECR.
from clair.
I just tried to run this again quickly but it looks like it got an error:
$ kubectl port-forward svc/clair 8080:8080 &
$ clairctl -D report --host http://localhost:8080 alpine
2023-06-01T17:45:55+01:00 DBG fetching ref=alpine
2023-06-01T17:45:55+01:00 DBG using text output
2023-06-01T17:45:58+01:00 DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-06-01T17:45:58+01:00 DBG requesting index_report attempt=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
Handling connection for 8080
2023-06-01T17:46:00+01:00 DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="404 Not Found"
2023-06-01T17:46:00+01:00 DBG don't have needed manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda manifest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-06-01T17:46:00+01:00 DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-06-01T17:46:00+01:00 DBG found layers count=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-06-01T17:46:01+01:00 DBG requesting index_report attempt=2 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
Handling connection for 8080
2023-06-01T17:46:01+01:00 DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="404 Not Found"
Handling connection for 8080
2023-06-01T17:46:03+01:00 DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=POST path=/indexer/api/v1/index_report ref=alpine status="201 Created"
2023-06-01T17:46:03+01:00 DBG setting validator digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine validator="\"72c02bd8d137de68c2a998932cc427a2\""
E0601 17:46:03.091917 92963 portforward.go:391] error copying from local connection to remote stream: read tcp4 127.0.0.1:8080->127.0.0.1:56990: read: connection reset by peer
2023-06-01T17:46:03+01:00 DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/matcher/api/v1/vulnerability_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="404 Not Found"
alpine error alpine(sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda): unexpected return status: 404
kubectl logs
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL8-openstack-17-including-unpatched","time":"2023-06-01T16:34:50Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/jessie","time":"2023-06-01T16:34:50Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/jessie","time":"2023-06-01T16:34:50Z","message":"finished update"}
{"level":"info","updater":"debian/updater/stretch","component":"libvuln/updates/Manager.driveUpdater","time":"2023-06-01T16:34:50Z","message":"vulnerability database unchanged"}
{"level":"info","updater":"debian/updater/stretch","component":"libvuln/updates/Manager.driveUpdater","time":"2023-06-01T16:34:50Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/wheezy","time":"2023-06-01T16:34:50Z","message":"starting update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/bullseye","time":"2023-06-01T16:34:50Z","message":"starting update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/buster","time":"2023-06-01T16:34:50Z","message":"starting update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/wheezy","time":"2023-06-01T16:34:50Z","message":"vulnerability database unchanged"}
{"level":"info","updater":"debian/updater/wheezy","component":"libvuln/updates/Manager.driveUpdater","time":"2023-06-01T16:34:50Z","message":"finished update"}
{"level":"info","updater":"debian/updater/bullseye","component":"libvuln/updates/Manager.driveUpdater","time":"2023-06-01T16:34:51Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/bullseye","time":"2023-06-01T16:34:51Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/buster","time":"2023-06-01T16:34:51Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/buster","time":"2023-06-01T16:34:51Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-storage-ceph-3-including-unpatched","ref":"3c249929-a060-4ed0-a92a-6f79c1063246","time":"2023-06-01T16:34:52Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-storage-ceph-3-including-unpatched","time":"2023-06-01T16:34:52Z","message":"finished update"}
{"level":"info","updater":"RHEL8-rhel-8-including-unpatched","component":"rhel/Updater.Parse","time":"2023-06-01T16:34:52Z","message":"starting parse"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"rhel-container-updater","ref":"64aaaf5c-af98-4105-9d0d-d228e9d0ab0f","time":"2023-06-01T16:35:38Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"rhel-container-updater","time":"2023-06-01T16:35:38Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-storage-gluster-3-including-unpatched","ref":"04259941-cc4f-4a8b-a657-c6d233e1058f","time":"2023-06-01T16:35:50Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-storage-gluster-3-including-unpatched","time":"2023-06-01T16:35:50Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL9-rhel-9-including-unpatched","ref":"5f01296d-26b3-4106-bb08-2b8816ecb2f3","time":"2023-06-01T16:36:59Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL9-rhel-9-including-unpatched","time":"2023-06-01T16:36:59Z","message":"finished update"}
{"level":"info","updater":"RHEL6-rhel-6-including-unpatched","component":"libvuln/updates/Manager.driveUpdater","ref":"57e8fd00-0d64-4b8c-b3f2-b371a2d23130","time":"2023-06-01T16:37:54Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL6-rhel-6-including-unpatched","time":"2023-06-01T16:37:54Z","message":"finished update"}
{"level":"info","updater":"RHEL7-rhel-7-including-unpatched","component":"libvuln/updates/Manager.driveUpdater","ref":"df731e8e-1229-4ef7-ae95-aa67c29394f0","time":"2023-06-01T16:39:06Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-rhel-7-including-unpatched","time":"2023-06-01T16:39:06Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL8-rhel-8-including-unpatched","ref":"ce305f90-5500-40aa-959a-80b3b9d447aa","time":"2023-06-01T16:40:20Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL8-rhel-8-including-unpatched","time":"2023-06-01T16:40:20Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.Run","retention":10,"time":"2023-06-01T16:40:20Z","message":"GC started"}
{"level":"info","component":"httptransport/New","request_id":"193a9932ac6df8df","remote_addr":"127.0.0.1:56574","method":"GET","request_uri":"/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","status":404,"duration":2141.806282,"time":"2023-06-01T16:46:00Z","message":"handled HTTP request"}
{"level":"info","component":"httptransport/New","request_id":"c2f192cdcce9c801","remote_addr":"127.0.0.1:56584","method":"GET","request_uri":"/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","status":404,"duration":1.338389,"time":"2023-06-01T16:46:01Z","message":"handled HTTP request"}
{"level":"info","manifest":"sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","request_id":"12d7bc91d06d8de3","component":"libindex/Libindex.Index","time":"2023-06-01T16:46:01Z","message":"index request start"}
{"level":"info","request_id":"12d7bc91d06d8de3","component":"indexer/controller/Controller.Index","manifest":"sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","time":"2023-06-01T16:46:01Z","message":"starting scan"}
{"level":"info","manifest":"sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","state":"CheckManifest","request_id":"12d7bc91d06d8de3","component":"indexer/controller/Controller.Index","error":"failed to upsert index report: ERROR: null value in column \"manifest_id\" of relation \"indexreport\" violates not-null constraint (SQLSTATE 23502)","time":"2023-06-01T16:46:03Z","message":"failed persisting index report"}
{"level":"info","request_id":"12d7bc91d06d8de3","component":"libindex/Libindex.Index","manifest":"sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","time":"2023-06-01T16:46:03Z","message":"index request done"}
{"level":"info","request_id":"12d7bc91d06d8de3","component":"httptransport/New","remote_addr":"127.0.0.1:56594","method":"POST","request_uri":"/indexer/api/v1/index_report","status":201,"duration":1733.370372,"time":"2023-06-01T16:46:03Z","message":"handled HTTP request"}
{"level":"info","component":"httptransport/New","request_id":"e5902acd0f66b763","remote_addr":"127.0.0.1:56594","method":"GET","request_uri":"/matcher/api/v1/vulnerability_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","status":404,"duration":570.820485,"time":"2023-06-01T16:46:03Z","message":"handled HTTP request"}
from clair.
I looks like there's something up with the indexer, but the provided logs don't have any clues as to why except the error from the database, which is an error that I don't see, at a glance, how it would happen. Debug logs filtered down to a single request_id
would be most helpful.
from clair.
Related Issues (20)
- Documented updated.filters feature is not implemented HOT 1
- failed to scan all layer contents: rhel: unable to create a mappingFile object HOT 3
- vulnerabilities not matched for `node:12.22-buster` image
- Problems trying to integrate the clair notifier
- Running Clair locally is DOA HOT 2
- clair-matcher warning unable to parse python vulnerability range HOT 4
- docs: `--host` incorrectly documented as main command flag HOT 3
- docs: cmd: document dropins scheme
- notifier: migrate to `amqp091` HOT 1
- docs: Add grafana and pyroscope to the testing.md docs HOT 1
- Verifying the Clair Installation HOT 3
- CVE-2023-38408 is not found on any images that other scanners show have it HOT 2
- CVE-2020-7712 is for node json package but clair false positives by flagging ruby json package as vulnerable HOT 1
- Clair Vulnerability Databases/Sources HOT 2
- config: lint for `jaeger` protocol & support for OTLP export HOT 1
- clairctl: export-updaters OOM issues HOT 7
- Incorrect old CVES are being report with COPY and python virtualenv HOT 1
- Error during the internal updaters process for rhel, alpine and ubuntu url HOT 1
- Graceful shutdown ... isn't HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from clair.