Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cve): Fix CVE scanning in images containing Jar files #1475

Merged
merged 1 commit into from
May 31, 2023
Merged

fix(cve): Fix CVE scanning in images containing Jar files #1475

merged 1 commit into from
May 31, 2023

Conversation

andaaron
Copy link
Contributor

@andaaron andaaron commented May 25, 2023
edited
Loading

Closes #1428

Looks like Trivy uses a separate DB for jar scanning. This DB is very large and takes additional time to download It has 430 MB at download time, and will grow afterwards

sqlite is a dependency for trivy to use this DB

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@andaaron andaaron force-pushed the java branch 2 times, most recently from 8cf9eb7 to 08d27ec Compare May 26, 2023 14:45
andaaron
andaaron commented May 26, 2023
View reviewed changes
Makefile Outdated Show resolved Hide resolved
@codecov
Copy link

codecov bot commented May 26, 2023
edited
Loading

Codecov Report

Merging #1475 (b0a7d45) into main (40180f8) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##             main    #1475   +/-   ##
=======================================
  Coverage   91.13%   91.14%           
=======================================
  Files         114      114           
  Lines       22726    22751   +25     
=======================================
+ Hits        20711    20736   +25     
  Misses       1504     1504           
  Partials      511      511
Impacted Files Coverage Δ
pkg/cli/root.go 96.47% <100.00%> (+0.14%) ⬆️
pkg/extensions/extension_search.go 100.00% <100.00%> (ø)
pkg/extensions/search/cve/cve.go 93.46% <100.00%> (ø)
pkg/extensions/search/cve/trivy/scanner.go 98.65% <100.00%> (+0.04%) ⬆️
pkg/storage/local/local.go 81.83% <100.00%> (ø)
pkg/storage/s3/s3.go 82.67% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@andaaron andaaron force-pushed the java branch 3 times, most recently from 83703f0 to 3b6cdbf Compare May 26, 2023 18:14
@andaaron andaaron marked this pull request as ready for review May 26, 2023 18:24
@andaaron andaaron force-pushed the java branch 3 times, most recently from 691ae11 to 9c868a4 Compare May 31, 2023 18:34
@andaaron
fix(cve): Fix CVE scanning in images containing Jar files
b0a7d45 
See project-zot#1428

Looks like Trivy uses a separate DB for jar scanning.
This DB is very large and takes additional time to download
It has 430 MB at download time, and will grow afterwards

sqlite is a dependency for trivy to use this DB

Also decrease priority of dedupe tasks, since the Trivy download
task was delayed too much after the server started.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
rchincha
rchincha approved these changes May 31, 2023
View reviewed changes
Copy link
Contributor

@rchincha rchincha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@andaaron andaaron merged commit 96d00cd into project-zot:main May 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rchincha rchincha rchincha approved these changes

@shimish2 shimish2 Awaiting requested review from shimish2 shimish2 is a code owner

@eusebiu-constantin-petu-dbk eusebiu-constantin-petu-dbk Awaiting requested review from eusebiu-constantin-petu-dbk

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] CVE scanning failures: Investigate failure to scan images containing jar files
2 participants
@andaaron @rchincha