Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't perform a scan of a Kubernetes cluster: get k8s artifacts error #5813

Closed
chen-keinan opened this issue Dec 20, 2023 Discussed in #5547 · 5 comments · Fixed by #5939
Closed

Can't perform a scan of a Kubernetes cluster: get k8s artifacts error #5813

chen-keinan opened this issue Dec 20, 2023 Discussed in #5547 · 5 comments · Fixed by #5939
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug. target/kubernetes Issues relating to kubernetes cluster scanning

Comments

@chen-keinan
Copy link
Contributor

Discussed in #5547

Originally posted by nlamirault November 9, 2023

Description

I would like to perform a scan of the Kubernetes cluster and i've got an error.

SBOM works fine in this cluster:

$ trivy k8s cluster --format cyclonedx --output kbom.json
2023-11-09T08:00:05.502+0100    INFO    "k8s with --format cyclonedx" disable security scanning

$ trivy sbom kbom.json
2023-11-09T08:00:12.366+0100    INFO    Vulnerability scanning is enabled
2023-11-09T08:00:12.366+0100    INFO    Detected SBOM format: cyclonedx-json
2023-11-09T08:00:12.377+0100    WARN    No OS package is detected. Make sure you haven't deleted any files that contain information about the installed packages.
2023-11-09T08:00:12.377+0100    WARN    e.g. files under "/lib/apk/db/", "/var/lib/dpkg/" and "/var/lib/rpm"
2023-11-09T08:00:12.377+0100    INFO    Detected OS: ubuntu
2023-11-09T08:00:12.377+0100    WARN    This OS version is not on the EOL list: ubuntu 22.04.3
2023-11-09T08:00:12.377+0100    INFO    Detecting Ubuntu vulnerabilities...
2023-11-09T08:00:12.377+0100    INFO    Number of language-specific files: 3
2023-11-09T08:00:12.377+0100    INFO    Detecting gobinary vulnerabilities...
2023-11-09T08:00:12.379+0100    INFO    Detecting kubernetes vulnerabilities...

kbom.json (ubuntu 22.04.3)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)


Kubernetes (kubernetes)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)

┌────────────────┬───────────────┬──────────┬────────┬───────────────────┬──────────────────────────────────────────┬───────────────────────────────────────────────────────────┐
│    Library     │ Vulnerability │ Severity │ Status │ Installed Version │              Fixed Version               │                           Title                           │
├────────────────┼───────────────┼──────────┼────────┼───────────────────┼──────────────────────────────────────────┼───────────────────────────────────────────────────────────┤
│ k8s.io/kubelet │ CVE-2023-3676 │ HIGH     │ fixed  │ 1.27.5-rc1+k3s1   │ 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 │ Insufficient input sanitization on Windows nodes leads to │
│                │               │          │        │                   │                                          │ privilege escalation                                      │
│                │               │          │        │                   │                                          │ https://avd.aquasec.com/nvd/cve-2023-3676                 │
│                ├───────────────┤          │        │                   │                                          ├───────────────────────────────────────────────────────────┤
│                │ CVE-2023-3955 │          │        │                   │                                          │ Insufficient input sanitization on Windows nodes leads to │
│                │               │          │        │                   │                                          │ privilege escalation                                      │
│                │               │          │        │                   │                                          │ https://avd.aquasec.com/nvd/cve-2023-3955                 │
└────────────────┴───────────────┴──────────┴────────┴───────────────────┴──────────────────────────────────────────┴───────────────────────────────────────────────────────────┘

But not scanner:

└─ ✗  trivy k8s cluster --scanners vuln --report summary -d
2023-11-09T08:04:54.305+0100    DEBUG   Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-11-09T08:04:54.306+0100    DEBUG   Ignore statuses {"statuses": null}
2023-11-09T08:05:07.027+0100    FATAL   get k8s artifacts error:
    github.com/aquasecurity/trivy/pkg/k8s/commands.clusterRun
        /home/runner/work/trivy/trivy/pkg/k8s/commands/cluster.go:39
  - .spec.template.spec.initContainers accessor error: <nil> is of the type <nil>, expected []interface{}

Desired Behavior

Have a report

Actual Behavior

Trivy have an error (See logs)

Reproduction Steps

1.
2.
3.
...

Target

Kubernetes

Scanner

Vulnerability

Output Format

None

Mode

None

Debug Output

See logs

Operating System

Ubuntu

Version

$ trivy version
Version: 0.47.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-11-09 06:10:37.995807911 +0000 UTC
  NextUpdate: 2023-11-09 12:10:37.99580693 +0000 UTC
  DownloadedAt: 2023-11-09 06:47:27.95129 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2023-03-22 00:58:27.964412713 +0000 UTC
  NextUpdate: 2023-03-25 00:58:27.964412013 +0000 UTC
  DownloadedAt: 2023-03-22 07:24:57.510968 +0000 UTC


### Checklist

- [ ] Run `trivy image --reset`
- [ ] Read [the troubleshooting](https://aquasecurity.github.io/trivy/latest/docs/references/troubleshooting/)</div>
@chen-keinan chen-keinan added kind/bug Categorizes issue or PR as related to a bug. target/kubernetes Issues relating to kubernetes cluster scanning labels Dec 20, 2023
@chen-keinan chen-keinan self-assigned this Dec 20, 2023
@chen-keinan
Copy link
Contributor Author

@nlamirault @mingqing could you please test it with trivy v0.48.0 I think this issue was fixed with it.

@pbtrudel
Copy link

Hi,
I have the same issue and using trivy v0.48.1.

trivy version
Version: 0.48.1

trivy k8s cluster --scanners vuln --report summary -d
2023-12-21T15:50:33.098-0500 DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2023-12-21T15:50:33.099-0500 DEBUG Ignore statuses {"statuses": null}
2023-12-21T15:50:40.742-0500 FATAL get k8s artifacts error:
github.com/aquasecurity/trivy/pkg/k8s/commands.clusterRun
/home/runner/work/trivy/trivy/pkg/k8s/commands/cluster.go:43

  • .spec.template.spec.initContainers accessor error: is of the type , expected []interface{}

@mingqing
Copy link

@nlamirault @mingqing could you please test it with trivy v0.48.0 I think this issue was fixed with it.

Yes, the issue still exists in trivy 0.48.1. You can use this example YAML to validate: #5547 (reply in thread).

@nlamirault
Copy link

@chen-keinan same errors using Trivy 0.48.3

@chen-keinan
Copy link
Contributor Author

@nlamirault creating a fix now aquasecurity/trivy-kubernetes#275 will be included with trivy next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug. target/kubernetes Issues relating to kubernetes cluster scanning
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants