trivy: Unexpected EOF errors while analyzing image layers

Description

Trivy image scans fail intermittently with unexpected EOF errors while analysing layers.

What did you expect to happen?

Scan should complete without errors.

What happened instead?

2023-03-10T00:53:13.273+0530	FATAL	image scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:427
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:266
  - scan failed:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:669
  - failed analysis:
    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:146
  - analyze error:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.Inspect
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:139
  - failed to analyze layer (sha256:2e9407335169dd770c900a232ae640b6fcd78d799788770f865ad867ccd5ca35):
    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspect.func1
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:242
  - walk error:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/image.Artifact.inspectLayer
        /home/runner/work/trivy/trivy/pkg/fanal/artifact/image/image.go:312
  - failed to extract the archive:
    github.com/aquasecurity/trivy/pkg/fanal/walker.LayerTar.Walk
        /home/runner/work/trivy/trivy/pkg/fanal/walker/tar.go:48
  - unexpected EOF
  -

Output of run with -debug:

trivy_0.38.2.txt

Output of trivy -v:

Version: 0.38.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-03-09 18:07:12.23041002 +0000 UTC
  NextUpdate: 2023-03-10 00:07:12.23040942 +0000 UTC
  DownloadedAt: 2023-03-09 18:26:20.593016 +0000 UTC

Additional details (base image name, container registry info…):

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 15

Most upvoted comments

Hello @AguangMikeZhang We talked about Drupal image and EOF error in #4003

Can you send me an image for investigation in #4003?

Hi @DmitriyLewen , thank you for the reply. It turns out it was trying to scan a different composer.lock that was empty, which caused the issue. It’s all good now. Thanks again!

+1
AguangMikeZhang on Apr 20, 2023

v0.39.0 should fix the issue. Please let us know if it is not the case.

I’m scanning a Drupal application and getting the same error. Composer.json file is 443.31 KB. I’m using the version 0.40.0.

+1
AguangMikeZhang on Apr 18, 2023
Read more comments on GitHub
← trivy: Trivy in docker not able to scan local image since verison v0.10.0
parrot: Concurrent playlist queuing causes out-of-order queue →