Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error when scanning image - Trivy - No help topic for image name

See original GitHub issue

I am seeing the following error logs when trying to scan an image:

/usr/bin/tar --version
tar (GNU tar) 1.30
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by John Gilmore and Jay Fenlason.
/usr/bin/tar xz --warning=no-unknown-keyword -C /home/runner/work/_temp/027f57e6-0bba-4a99-87b7-823b887b56bb -f /home/runner/work/maven-consumer-profile/maven-consumer-profile/_temp/tools/trivy
##[debug]Caching tool trivy 0.23.0 x64
##[debug]source dir: /home/runner/work/_temp/027f57e6-0bba-4a99-87b7-823b887b56bb
##[debug]destination /opt/hostedtoolcache/trivy/0.23.0/x64
##[debug]finished caching tool
##[debug]Trivy executable found at path  /opt/hostedtoolcache/trivy/0.23.0/x64/trivy
Scanning for vulnerabilties in image: test_docker_for_scan
ommand]/opt/hostedtoolcache/trivy/0.23.0/x64/trivy test_docker_for_scan
##[debug]No help topic for 'test_docker_for_scan'
##[debug]
Error: An error occurred while scanning container image: test_docker_for_scan for vulnerabilities.
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Scan Docker Image

I think this issue might be tied to the latest release of trivy: 0.23.0. In this release, there were breaking changes: https://github.com/aquasecurity/trivy/discussions/1652, where the trivy command is no longer supported and you must use trivy image.

Here is an example snippet of my current GitHub Workflow file:

- name: Build Docker image and Push to GitHub Packages
  uses: docker/build-push-action@v2
  with:
    context: .
    load: true
    push: false
    pull: true
    tags: |
      test_docker_for_scan
- name: Scan Docker Image
  uses: azure/container-scan@v0
  with:
    image-name: test_docker_for_scan
    username: USER
    password: ${{ secrets.GITHUB_TOKEN }}

This issue just started happening today. If you need any additional details, please let me know.

Issue Analytics

State:
Created 2 years ago
Reactions:18
Comments:7 (2 by maintainers)

Top GitHub Comments

6reactions

patrick-stephenscommented, Jan 31, 2022

Same here, if it is a Trivy version issue it would be good to be able to pin that version in future.

5reactions

koushdeycommented, Feb 3, 2022

Updated the binaries in v0 and v0.1. Please verify.

Top Results From Across the Web

Scan Local Image using Trivy · Issue #1506 - GitHub

Seems like your image doesn't exist in your local Docker daemon. Please make sure the image name and tag is correct.

Troubleshooting - Trivy - Aqua Security

If it happens frequently, try the --offline-scan option to stop Trivy from making API requests. This option affects only vulnerability scanning. The ...

Container Scanning - GitLab Docs

By default, container scanning assumes that the image naming convention stores any branch-specific identifiers in the image tag rather than the image name....

Vulnerability Testing with Trivy, as a Vital Element of Your CI/CD

Scanning the image artifact is not the end of the story; there's one more thing we can do to improve its security: check...

Container scanning · Application security · User · Help · GitLab

The image name is retrieved from one of the environment variables used to specify the Docker image to be scanned, such as $CI_APPLICATION_REPOSITORY:$ ......