terrascan: Scanning container images inside helm chart returns 0 vulnerabilities

  • terrascan version: v1.15.2
  • Operating System: Windows (GitBash)

Description

I am trying to scan container images in my helm chart using terrascan.

What I Did

I installed terrascan using below steps:

$ git clone git@github.com:tenable/terrascan.git
$ cd terrascan
$ make build
$ ./bin/terrascan

I am using option --find-vuln of terrascan to scan container images in my helm chart. Below is the command: terrascan scan -i helm --find-vuln

The scan results 0 vulnerabilities for all images I used to check. I tried this with dockerhub image and gcr image both but the result is same.

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Comments: 22 (10 by maintainers)

Most upvoted comments

@gaurav-gogia Sure. Please share your finding once you have something.

+2
vistasunil on Aug 26, 2022

@vistasunil

Yes, I edited my comment earlier because of the same issue.

I’ll have to look into it again. Will take some time to debug.

+2
gaurav-gogia on Aug 26, 2022

Hello @gaurav-gogia I am trying to scan image that is part of kubernetes yaml or helm chart. Please find the same sample helm chart attached here: test-chart.zip .

+2
vistasunil on Aug 25, 2022

@vistasunil

terrascan finds vulnerabilities in container images. And as far as I understand helm charts, they are just package managers, container images aren’t defined in them, so that’s the reason you don’t see any vulnerabilities.

Does this answer your question?

+1
gaurav-gogia on Aug 25, 2022
Read more comments on GitHub
← terrascan: cli/run.go:110 scan run failed{error 26 0 failed to initialize OPA policy engine}
multi-tenant: 5.4 breaks multiple hostnames for website →