trivy-operator: trivy-db fails to download with UNAUTHORIZED: The client does not have permission for manifest aquasecurity/trivy-db/2/manifest.json

What steps did you take and what happened:

trivy-operator pod failed to update db with error :

init error: DB error: failed to download vulnerability DB:
 OCI artifact error: OCI artifact error: OCI repository error: GET https://******/v2/aquasecurity/trivy-db/manifests/2: UNAUTHORIZED: The client does not have permission for manifest; map[manifest:aquasecurity/trivy-db/2/manifest.json]\n"
,"stacktrace":"github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport.(*WorkloadController).processFailedScanJob\n\t/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller.go:551\ngithub.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport.(*WorkloadController).reconcileJobs.func1\n\t/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller.go:376\nsigs.k8s.io/controller-runtime/pkg/reconcile.Func.Reconcile\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.1/pkg/reconcile/reconcile.go:102\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.1/pkg/internal/controller/controller.go:121\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.1/pkg/internal/controller/controller.go:320\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.1/pkg/internal/controller/controller.go:273\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.1/pkg/internal/controller/controller.go:234"}

What did you expect to happen:

I expected the trivy-db to be downloaded fine.

Anything else you would like to add:

What permission do i have to look for and authorized to fix this issue ?
Thanks a lot for advice.

Environment:

  • Trivy-Operator version : 0.33.0
  • Helm-chart install : trivy-operator-0.6.0
  • Kubernetes version : 1;24.4
  • OS : Redhat 7.9

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 39 (6 by maintainers)

Most upvoted comments

@chen-keinan the PR for this issue on trivy has just been merged, and the issue is closed.

@mfilotto great. once trivy v0.39.0 will be released I’ll update trivy-operator

+1
chen-keinan on Mar 30, 2023

ok, i will fix that on the registry to get the image from ghcr.io and get back to you if i got the same behaviour

+1
seb-835 on Nov 16, 2022
Read more comments on GitHub
← trivy-operator: timage scan error: scan error: unable to initialize a scanner: the length of usernames and passwords must match
trivy-operator: trivy-operator - error: json: cannot unmarshal number into Go value of type trivy.ScanReport →