Deion of Problem / Feature Request I've implemented Clair, T

I just tried this on the alpine base image too, same situation: <div class="highli

Not finding any CVEs despite Trivy and Grype finding many,about quay/clair

Comments (9)

HariSekhon commented on May 28, 2024

I just tried this on the alpine base image too, same situation:

$ ./clairctl -D report --host http://clair.clair.svc.cluster.local:8080 alpine
2023-05-16T21:16:12Z DBG fetching ref=alpine
2023-05-16T21:16:12Z DBG using text output
2023-05-16T21:16:13Z DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:13Z DBG requesting index_report attempt=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
2023-05-16T21:16:14Z DBG manifest may be out-of-date digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda manifest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG found layers count=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG requesting index_report attempt=2 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T21:16:14Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
2023-05-16T21:16:15Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=POST path=/indexer/api/v1/index_report ref=alpine status="201 Created"
2023-05-16T21:16:15Z DBG setting validator digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine validator="\"7a5f5333aeda3d3d3c679da74d74cab5\""
2023-05-16T21:16:15Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/matcher/api/v1/vulnerability_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
alpine ok

but both Trivy and Grype have the same findings:

$ trivy image alpine
2023-05-16T22:15:06.074+0100    INFO    Vulnerability scanning is enabled
2023-05-16T22:15:06.074+0100    INFO    Secret scanning is enabled
2023-05-16T22:15:06.074+0100    INFO    If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-05-16T22:15:06.074+0100    INFO    Please see also https://aquasecurity.github.io/trivy/v0.41/docs/secret/scanning/#recommendation for faster secret detection
2023-05-16T22:15:06.893+0100    INFO    Detected OS: alpine
2023-05-16T22:15:06.893+0100    INFO    Detecting Alpine vulnerabilities...
2023-05-16T22:15:07.034+0100    INFO    Number of language-specific files: 0

alpine (alpine 3.17.3)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│  Library   │ Vulnerability │ Severity │ Installed Version │ Fixed Version │                           Title                            │
├────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2023-1255 │ MEDIUM   │ 3.0.8-r3          │ 3.0.8-r4      │ Input buffer over-read in AES-XTS implementation on 64 bit │
│            │               │          │                   │               │ ARM                                                        │
│            │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-1255                  │
├────────────┤               │          │                   │               │                                                            │
│ libssl3    │               │          │                   │               │                                                            │
│            │               │          │                   │               │                                                            │
│            │               │          │                   │               │                                                            │
└────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

$ gype alpine
bash: gype: command not found
22:15:14 hari@agrippa:master ~/github/templates > grype alpine
 ✔ Vulnerability DB        [no update available]
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [16 packages]
 ✔ Scanning image...       [2 vulnerabilities]
   ├── 0 critical, 0 high, 2 medium, 0 low, 0 negligible
   └── 2 fixed
NAME        INSTALLED  FIXED-IN  TYPE  VULNERABILITY  SEVERITY
libcrypto3  3.0.8-r3   3.0.8-r4  apk   CVE-2023-1255  Medium
libssl3     3.0.8-r3   3.0.8-r4  apk   CVE-2023-1255  Medium

Have I configured Claire wrong is this a bug or limitation as I can see alpine in the list of matchers and updater_sets?

And in the clair pod logs it does look like it is updating for alpine:

{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-community-v3.11-updater","time":"2023-05-16T21:18:01Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.11-updater","time":"2023-05-16T21:18:01Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.11-updater","time":"2023-05-16T21:18:01Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-community-v3.8-updater","time":"2023-05-16T21:18:01Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.8-updater","time":"2023-05-16T21:18:01Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.8-updater","time":"2023-05-16T21:18:01Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-community-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-community-v3.12-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.12-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-community-v3.12-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-main-v3.11-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.11-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.11-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-main-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.7-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}
{"level":"info","component":"alpine/Updater.Fetch","updater":"alpine-main-v3.3-updater","time":"2023-05-16T21:18:02Z","message":"database unchanged since last fetch"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.3-updater","time":"2023-05-16T21:18:02Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"alpine-main-v3.3-updater","time":"2023-05-16T21:18:02Z","message":"finished update"}

from clair.

hdonnay commented on May 28, 2024

Does this occur against a current release? 4.3 is pretty old

from clair.

HariSekhon commented on May 28, 2024

Yes I've just upgraded the Kubernetes deployment to use the Clair 4.6.1 docker image and run clairctl again after the pod was replaced with the new version and still got the same result:

$ ./clairctl -D report --host http://clair.clair.svc.cluster.local:8080 alpine
2023-05-16T23:22:50Z DBG fetching ref=alpine
2023-05-16T23:22:50Z DBG using text output
2023-05-16T23:22:50Z DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:50Z DBG requesting index_report attempt=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
2023-05-16T23:22:51Z DBG manifest may be out-of-date digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda manifest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG found layers count=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG requesting index_report attempt=2 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-05-16T23:22:51Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
2023-05-16T23:22:53Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=POST path=/indexer/api/v1/index_report ref=alpine status="201 Created"
2023-05-16T23:22:53Z DBG setting validator digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine validator="\"72c02bd8d137de68c2a998932cc427a2\""
2023-05-16T23:22:53Z DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/matcher/api/v1/vulnerability_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="200 OK"
alpine ok

from clair.

hdonnay commented on May 28, 2024

Can you post server logs and the JSON output of clairctl?

from clair.

pachico commented on May 28, 2024

This can also be reproduced by looking at vulnerabilities found by AWS ECR, which uses Clair under the hood.
In our setup, we use Harbor, which scans using Trivy, after which it replicates the images in ECR, which scans on push.
The difference in findings is abysmal:
For the same image, Trivy finds 148 items while ECR/Clair only has 12.

from clair.

hdonnay commented on May 28, 2024

It's impossible to help any further without the relevant server logs and the JSON output.

As far as ECR, I'd advise you to take it up with their support. We don't operate ECR.

from clair.

HariSekhon commented on May 28, 2024

I just tried to run this again quickly but it looks like it got an error:

$ kubectl port-forward svc/clair 8080:8080 &

$ clairctl -D report --host http://localhost:8080 alpine
2023-06-01T17:45:55+01:00 DBG fetching ref=alpine
2023-06-01T17:45:55+01:00 DBG using text output
2023-06-01T17:45:58+01:00 DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-06-01T17:45:58+01:00 DBG requesting index_report attempt=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
Handling connection for 8080
2023-06-01T17:46:00+01:00 DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="404 Not Found"
2023-06-01T17:46:00+01:00 DBG don't have needed manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda manifest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-06-01T17:46:00+01:00 DBG found manifest digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-06-01T17:46:00+01:00 DBG found layers count=1 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
2023-06-01T17:46:01+01:00 DBG requesting index_report attempt=2 digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine
Handling connection for 8080
2023-06-01T17:46:01+01:00 DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="404 Not Found"
Handling connection for 8080
2023-06-01T17:46:03+01:00 DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=POST path=/indexer/api/v1/index_report ref=alpine status="201 Created"
2023-06-01T17:46:03+01:00 DBG setting validator digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda path=/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine validator="\"72c02bd8d137de68c2a998932cc427a2\""
E0601 17:46:03.091917   92963 portforward.go:391] error copying from local connection to remote stream: read tcp4 127.0.0.1:8080->127.0.0.1:56990: read: connection reset by peer
2023-06-01T17:46:03+01:00 DBG digest=sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda method=GET path=/matcher/api/v1/vulnerability_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda ref=alpine status="404 Not Found"
alpine error alpine(sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda): unexpected return status: 404

kubectl logs

{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL8-openstack-17-including-unpatched","time":"2023-06-01T16:34:50Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/jessie","time":"2023-06-01T16:34:50Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/jessie","time":"2023-06-01T16:34:50Z","message":"finished update"}
{"level":"info","updater":"debian/updater/stretch","component":"libvuln/updates/Manager.driveUpdater","time":"2023-06-01T16:34:50Z","message":"vulnerability database unchanged"}
{"level":"info","updater":"debian/updater/stretch","component":"libvuln/updates/Manager.driveUpdater","time":"2023-06-01T16:34:50Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/wheezy","time":"2023-06-01T16:34:50Z","message":"starting update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/bullseye","time":"2023-06-01T16:34:50Z","message":"starting update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/buster","time":"2023-06-01T16:34:50Z","message":"starting update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/wheezy","time":"2023-06-01T16:34:50Z","message":"vulnerability database unchanged"}
{"level":"info","updater":"debian/updater/wheezy","component":"libvuln/updates/Manager.driveUpdater","time":"2023-06-01T16:34:50Z","message":"finished update"}
{"level":"info","updater":"debian/updater/bullseye","component":"libvuln/updates/Manager.driveUpdater","time":"2023-06-01T16:34:51Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/bullseye","time":"2023-06-01T16:34:51Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/buster","time":"2023-06-01T16:34:51Z","message":"vulnerability database unchanged"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"debian/updater/buster","time":"2023-06-01T16:34:51Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-storage-ceph-3-including-unpatched","ref":"3c249929-a060-4ed0-a92a-6f79c1063246","time":"2023-06-01T16:34:52Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-storage-ceph-3-including-unpatched","time":"2023-06-01T16:34:52Z","message":"finished update"}
{"level":"info","updater":"RHEL8-rhel-8-including-unpatched","component":"rhel/Updater.Parse","time":"2023-06-01T16:34:52Z","message":"starting parse"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"rhel-container-updater","ref":"64aaaf5c-af98-4105-9d0d-d228e9d0ab0f","time":"2023-06-01T16:35:38Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"rhel-container-updater","time":"2023-06-01T16:35:38Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-storage-gluster-3-including-unpatched","ref":"04259941-cc4f-4a8b-a657-c6d233e1058f","time":"2023-06-01T16:35:50Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-storage-gluster-3-including-unpatched","time":"2023-06-01T16:35:50Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL9-rhel-9-including-unpatched","ref":"5f01296d-26b3-4106-bb08-2b8816ecb2f3","time":"2023-06-01T16:36:59Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL9-rhel-9-including-unpatched","time":"2023-06-01T16:36:59Z","message":"finished update"}
{"level":"info","updater":"RHEL6-rhel-6-including-unpatched","component":"libvuln/updates/Manager.driveUpdater","ref":"57e8fd00-0d64-4b8c-b3f2-b371a2d23130","time":"2023-06-01T16:37:54Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL6-rhel-6-including-unpatched","time":"2023-06-01T16:37:54Z","message":"finished update"}
{"level":"info","updater":"RHEL7-rhel-7-including-unpatched","component":"libvuln/updates/Manager.driveUpdater","ref":"df731e8e-1229-4ef7-ae95-aa67c29394f0","time":"2023-06-01T16:39:06Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL7-rhel-7-including-unpatched","time":"2023-06-01T16:39:06Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL8-rhel-8-including-unpatched","ref":"ce305f90-5500-40aa-959a-80b3b9d447aa","time":"2023-06-01T16:40:20Z","message":"successful update"}
{"level":"info","component":"libvuln/updates/Manager.driveUpdater","updater":"RHEL8-rhel-8-including-unpatched","time":"2023-06-01T16:40:20Z","message":"finished update"}
{"level":"info","component":"libvuln/updates/Manager.Run","retention":10,"time":"2023-06-01T16:40:20Z","message":"GC started"}
{"level":"info","component":"httptransport/New","request_id":"193a9932ac6df8df","remote_addr":"127.0.0.1:56574","method":"GET","request_uri":"/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","status":404,"duration":2141.806282,"time":"2023-06-01T16:46:00Z","message":"handled HTTP request"}
{"level":"info","component":"httptransport/New","request_id":"c2f192cdcce9c801","remote_addr":"127.0.0.1:56584","method":"GET","request_uri":"/indexer/api/v1/index_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","status":404,"duration":1.338389,"time":"2023-06-01T16:46:01Z","message":"handled HTTP request"}
{"level":"info","manifest":"sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","request_id":"12d7bc91d06d8de3","component":"libindex/Libindex.Index","time":"2023-06-01T16:46:01Z","message":"index request start"}
{"level":"info","request_id":"12d7bc91d06d8de3","component":"indexer/controller/Controller.Index","manifest":"sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","time":"2023-06-01T16:46:01Z","message":"starting scan"}
{"level":"info","manifest":"sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","state":"CheckManifest","request_id":"12d7bc91d06d8de3","component":"indexer/controller/Controller.Index","error":"failed to upsert index report: ERROR: null value in column \"manifest_id\" of relation \"indexreport\" violates not-null constraint (SQLSTATE 23502)","time":"2023-06-01T16:46:03Z","message":"failed persisting index report"}
{"level":"info","request_id":"12d7bc91d06d8de3","component":"libindex/Libindex.Index","manifest":"sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","time":"2023-06-01T16:46:03Z","message":"index request done"}
{"level":"info","request_id":"12d7bc91d06d8de3","component":"httptransport/New","remote_addr":"127.0.0.1:56594","method":"POST","request_uri":"/indexer/api/v1/index_report","status":201,"duration":1733.370372,"time":"2023-06-01T16:46:03Z","message":"handled HTTP request"}
{"level":"info","component":"httptransport/New","request_id":"e5902acd0f66b763","remote_addr":"127.0.0.1:56594","method":"GET","request_uri":"/matcher/api/v1/vulnerability_report/sha256:c0669ef34cdc14332c0f1ab0c2c01acb91d96014b172f1a76f3a39e63d1f0bda","status":404,"duration":570.820485,"time":"2023-06-01T16:46:03Z","message":"handled HTTP request"}

from clair.

hdonnay commented on May 28, 2024

I looks like there's something up with the indexer, but the provided logs don't have any clues as to why except the error from the database, which is an error that I don't see, at a glance, how it would happen. Debug logs filtered down to a single request_id would be most helpful.

from clair.

Not finding any CVEs despite Trivy and Grype finding many about clair HOT 9 OPEN

Comments (9)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent