trivy-action: Uploading sarif files: instance.runs[0].tool.driver.rules contains duplicate item

Hi guys,

Hope you are all well !

I tried trivy action and I have the following error:

Uploading sarif files: ["trivy-results.sarif"]
Error details: instance.runs[0].tool.driver.rules contains duplicate item
Screenshot 2020-12-14 at 15 33 21

Is there a parameter to set in trivy to avoid duplicates ?

Here is my workflow file: https://github.com/lucmichalski/prestashop-docker/blob/trivy/.github/workflows/security.yml

Cheers, Luc Michalski

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 25 (16 by maintainers)

Most upvoted comments

@jsjoeio Thanks for your confirmation! We’re sorry for the inconvenience 🙏

+4
knqyf263 on May 14, 2021

@rahul2393 could you look into this?

+3
simar7 on May 5, 2021

I’m experiencing the same 🐛 on some images Thanks for the PR @rahul2393

+2
douglasduteil on May 7, 2021

@simar7 please help check this https://github.com/aquasecurity/trivy/pull/984

+2
rahul2393 on May 6, 2021

@lucmichalski please feel free to reopen this if your issue still persists.

+1
simar7 on May 27, 2021

@jsjoeio can you check this one now? https://github.com/aquasecurity/trivy-action/releases/tag/0.0.17

+1
rahul2393 on May 13, 2021

Sorry I did typo in previous message, we are going to push a new version then you can use it, I will inform you.

+1
rahul2393 on May 13, 2021

@jsjoeio I just ran the latest fix here in my forked version of your repo https://github.com/rahul2393/code-server/runs/2573437202?check_suite_focus=true, it passed, so we will not do a new release and you can then use it

+1
rahul2393 on May 13, 2021

Checking

+1
rahul2393 on May 12, 2021

@jsjoeio Update your workflow to use latest commit in master branch I see you are using previous commitID here https://github.com/cdr/code-server/blob/main/.github/workflows/ci.yaml#L450, the issue should be fixed.

+1
rahul2393 on May 12, 2021

Thanks for the quick response! That’s what I thought but for some reason, I’m still seeing this error:

https://github.com/cdr/code-server/pull/3296/checks?check_run_id=2512446010#step:5:158

Any ideas on what we might be doing wrong?

Additional context: our ci.yaml pointing at the trivy jobs

Thanks. We’ll investigate and get back to you.

+1
simar7 on May 5, 2021

Thanks for the quick response! That’s what I thought but for some reason, I’m still seeing this error:

https://github.com/cdr/code-server/pull/3296/checks?check_run_id=2512446010#step:5:158

Any ideas on what we might be doing wrong?

Additional context: our ci.yaml pointing at the trivy jobs

+1
jsjoeio on May 5, 2021

Is this fix in the latest release of TrivyAction?

Trivy Action uses the latest released version of Trivy https://github.com/aquasecurity/trivy-action/blob/master/Dockerfile#L1

Trivy recently had a new release which includes this fix so by the virtue of that the new Trivy Action will also have it.

+1
simar7 on May 5, 2021

Is this fix in the latest release of TrivyAction?

+1
jsjoeio on May 5, 2021
Read more comments on GitHub
← trivy: 0.39.0 - Error with parsing package.json alongside yarn.lock
trivy: Can trivy filter false positive vulnerabilities for centos 7 (epel, remi)? →