(v0.17.0) trivy scan local filesystem returns FATAL error

[hin-fan-alt]

Description

trivy fs [pathToDirectory] no longer works.

What did you expect to happen?

package-lock.json
=================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

What happened instead?

[DateTime]    FATAL   scan error: image scan failed: failed analysis: walk dir: failed to analyze file: analyze file (.): unable to open a file (.): unable to read file: read [pathToDirectory]: is a directory

Output of run with -debug:

FATAL   scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.runWithTimeout
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:64
  - image scan failed:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:153
  - failed analysis:
    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
        /home/runner/work/trivy/trivy/pkg/scanner/scan.go:98
  - walk dir:
    github.com/aquasecurity/fanal/artifact/local.Artifact.Inspect
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20210429142135-6e71d2a9d3be/artifact/local/fs.go:60
  - failed to analyze file:
    github.com/aquasecurity/fanal/walker.WalkDir.func1
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20210429142135-6e71d2a9d3be/walker/fs.go:24
  - analyze file (.):
    github.com/aquasecurity/fanal/artifact/local.Artifact.Inspect.func1
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20210429142135-6e71d2a9d3be/artifact/local/fs.go:55
  - unable to open a file (.):
    github.com/aquasecurity/fanal/analyzer.Analyzer.AnalyzeFile
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20210429142135-6e71d2a9d3be/analyzer/analyzer.go:197
  - unable to read file:
    github.com/aquasecurity/fanal/walker.fileOnceOpener.func1
        /home/runner/go/pkg/mod/github.com/aquasecurity/fanal@v0.0.0-20210429142135-6e71d2a9d3be/walker/fs.go:58
  - read [pathToDirectory]: is a directory

Output of trivy -v:

Version: 0.17.0
Vulnerability DB:
  Type: Light
  Version: 1
  UpdatedAt: 2021-04-29 12:06:10.526283725 +0000 UTC
  NextUpdate: 2021-04-30 00:06:10.526283225 +0000 UTC
  DownloadedAt: 2021-04-29 21:02:47.8855251 +0000 UTC

[SharkMachine]

Downgrading to 0.16.0 fixed the issue for me.

[knqyf263]

Thanks, we'll take a look.

[knqyf263]

I'm sorry for the inconvenience. v0.17.1 should fix the issue. Please check it out.

[rutvikmiq]

@knqyf263 I am getting this error now (after the latest fix v0.17.1):
FATAL scan error: image scan failed: failed analysis: walk dir: unknown error with //dev: failed to analyze file: analyze file (dev/core): unable to open a file (dev/core): unable to read file: open /dev/core: permission denied
Is this related to the fix that is given?
Can you help with this?
Thanks in advance !

[boxcee]

Same here:

FATAL scan error: image scan failed: failed analysis: walk dir: unknown error with //dev: failed to analyze file: analyze file (dev/core): unable to open a file (dev/core): unable to read file: open /dev/core: permission denied

[knqyf263]

@rutvikmiq @boxcee What command did you run?

[boxcee]

@knqyf263 Running the command within a docker build.

Dockerfile:

FROM nginx:1.19

# Used in template
ARG ENVIRONMENT_ARG=development
ENV ENVIRONMENT=$ENVIRONMENT_ARG

RUN apt-get update && apt-get upgrade -y \
  && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin \
  && trivy filesystem --format=table --severity=MEDIUM,HIGH,CRITICAL --exit-code=1 --ignore-unfixed=true /

COPY out/ /usr/share/nginx/html

# Use env substitution: https://github.com/docker-library/docs/tree/master/nginx#using-environment-variables-in-nginx-configuration-new-in-119
COPY nginx/templates /etc/nginx/templates

[knqyf263]

Thanks. I'll have a look.

[arshdeeptinna]

I am seeing the issue noted above as well. Also saw another issue for a file that was a symlink to a directory.

[SharkMachine]

0.17.1 works for me. I'm not using a docker image, just using the deb package

[knqyf263]

@rutvikmiq @boxcee @arshdeeptinna v0.17.2 is out. We believe it fixes your issue.

[boxcee]

Works like a charm! Thanks for putting attention to this!

[knqyf263]

@boxcee Thank you for confirming! Nice work @rahul2393!