Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Failed to download trivy

See original GitHub issue

We are trying to integrate this action with one of our current workflows in a private repo, but our workflow keeps failing with the following error:

Error: Failed to download trivy from

I went ahead and enabled additional logging by setting the ACTIONS_RUNNER_DEBUG and ACTIONS_STEP_DEBUG secrets to true, and we are seeing the following logs:

Could not find allowedlist file.
##[debug]Downloading /home/runner/work/_temp/8472635f-cf05-4075-a5c2-b755d65851c4
##[debug]download complete
##[debug]isExplicit: 0.16.0
##[debug]explicit? true
##[debug]checking cache: /opt/hostedtoolcache/trivy/0.16.0/x64
##[debug]not found
##[debug]Could not find trivy in cache, downloading from
##[debug]Downloading /home/runner/work/****/****/_temp/tools/trivy
Error: Failed to download trivy from
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: Scan Docker Image

Additional information about environment:

Current runner version: '2.277.1'
Operating System
Virtual Environment
  Environment: ubuntu-20.04
  Version: 20210208.0
  Included Software:

By chance, has anyone else ran into this issue before?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:13 (8 by maintainers)

github_iconTop GitHub Comments

scottwestovercommented, Mar 10, 2021

Thanks for the quick response. We haven’t been able to pin down how this one branch/repo is different, will try to investigate further.

I also tried to recreate the issue, and have had no success in doing so. We are able to run this action on the non-default branch in this repo, and it downloads trivy without any issues. However, as soon as I setup this action on our develop branch, it fails. I also tried creating a new branch that is not the default branch, and I ran into the same issue.

shigupt202commented, Feb 17, 2021

@scottwestover Are you using a private runner to run this workflow? It may be possible that the firewall rules on the runner are not allowing the action to download the tool. If you’re using GitHub hosted runners, then this shouldn’t be the problem.

Read more comments on GitHub >

github_iconTop Results From Across the Web

failed to download vulnerability DB in trivy 0.32.0+ · Issue #3146
I've been having trouble using trivy versions 0.32.0 and higher for several weeks. Trivy cli 0.32.0 and higher cannot seem to download the ......
Read more >
Troubleshooting - Trivy - Aqua Security
Error downloading vulnerability DB. Error. FATAL failed to download vulnerability DB. If trivy is running behind corporate firewall try to whitelist urls below:....
Read more >
Trivy Scan Always fails : failed to download vulnerability DB
I am trying to run a Trivy Scan from within CircleCI and always get the same problem. I keep disabling this, but clearly...
Read more >
Failed to download vulnerability DB - Trivy by aquasecurity ...
[Solved]-Failed to download vulnerability DB - Trivy by aquasecurity-docker ... As ridiculous as it sounds. It turned out that my network was blocking...
Read more >
Container vulnerability scanning with Trivy - Bluetab
Trivy is an open source tool focused on detecting vulnerabilities in OS-level ... 1/') - wget${ ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found