fix(k8s): no error logged if trivy can't get docker image in kubernet…

…es mode (aquasecurity#2521) * Enable k8s logging and increase log level of the image scan errors * Rework errors reporting * Rework GetErrors method into printErrors Print errors during report writing * Increase log level for scan errors logging
cebidhem · Jul 21, 2022 · 8467790 · 8467790
1 parent e1e02d7
commit 8467790
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/pkg/k8s/commands/run.go b/pkg/k8s/commands/run.go
@@ -71,6 +71,7 @@ func run(ctx context.Context, opts flag.Options, cluster string, artifacts []*ar
 	if err != nil {
 		return xerrors.Errorf("k8s scan error: %w", err)
 	}
+
 	if err := report.Write(r, report.Option{
 		Format:     opts.Format,
 		Report:     opts.ReportFormat,

diff --git a/pkg/k8s/report/report.go b/pkg/k8s/report/report.go
@@ -14,6 +14,7 @@ import (
 	"github.com/aquasecurity/trivy-kubernetes/pkg/artifacts"
 	ftypes "github.com/aquasecurity/trivy/pkg/fanal/types"
 
+	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/types"
 )
 
@@ -129,6 +130,8 @@ type Writer interface {
 
 // Write writes the results in the give format
 func Write(report Report, option Option, securityChecks []string, showEmpty bool) error {
+	report.printErrors()
+
 	switch option.Format {
 	case jsonFormat:
 		jwriter := JSONWriter{Output: option.Output, Report: option.Report}
@@ -220,3 +223,17 @@ func CreateResource(artifact *artifacts.Artifact, report types.Report, err error
 
 	return r
 }
+
+func (r Report) printErrors() {
+	for _, resource := range r.Vulnerabilities {
+		if resource.Error != "" {
+			log.Logger.Errorf("Error during vulnerabilities scan: %s", resource.Error)
+		}
+	}
+
+	for _, resource := range r.Misconfigurations {
+		if resource.Error != "" {
+			log.Logger.Errorf("Error during misconfiguration scan: %s", resource.Error)
+		}
+	}
+}
diff --git a/pkg/k8s/scanner/scanner.go b/pkg/k8s/scanner/scanner.go
@@ -97,7 +97,7 @@ func (s *Scanner) scanVulns(ctx context.Context, artifact *artifacts.Artifact) (
 		imageReport, err := s.runner.ScanImage(ctx, s.opts)
 
 		if err != nil {
-			log.Logger.Debugf("failed to scan image %s: %s", image, err)
+			log.Logger.Warnf("failed to scan image %s: %s", image, err)
 			resources = append(resources, report.CreateResource(artifact, imageReport, err))
 			continue
 		}