azure-devopsazure-pipelinestrivy
Pipelin Trivy [error]Unable to process command '##vso[task.addattachment type=JSON_RESULT;name=trivy0.002331999684293873.json;]
I am trying to scan image in Azure DevOps pipeline via Trivy tool,encountered following error:
2024-08-10T12:13:40Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-10T12:13:40Z INFO [secret] Secret scanning is enabled
2024-08-10T12:13:40Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-10T12:13:40Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-10T12:13:40Z FATAL Fatal error image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: failed to parse the image name: could not parse reference: acrguo.azurecr.io/imageName.guo:117
##[debug]task result: Failed
##[error]Failed: Trivy detected problems.
##[debug]Processed: ##vso[task.issue type=error;]Failed: Trivy detected problems.
##[debug]Processed: ##vso[task.complete result=Failed;]Failed: Trivy detected problems.
Publishing JSON results...
##[error]Unable to process command '##vso[task.addattachment type=JSON_RESULT;name=trivy0.002331999684293873.json;]/tmp/trivy-results-0.32230546845629693.json' successfully. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)
##[error]Value cannot be null. (Parameter 'Cannot upload task attachment file, attachment file location is not specified or attachment file does not exist on disk.')
##[debug]System.ArgumentNullException: Value cannot be null. (Parameter 'Cannot upload task attachment file, attachment file location is not specified or attachment file does not exist on disk.')
at Microsoft.VisualStudio.Services.Agent.Worker.TaskAddAttachmentCommand.AddAttachment(IExecutionContext context, Dictionary`2 eventProperties, String data) in /mnt/vss/_work/1/s/src/Agent.Worker/TaskCommandExtension.cs:line 355
at Microsoft.VisualStudio.Services.Agent.Worker.TaskAddAttachmentCommand.Execute(IExecutionContext context, Command command) in /mnt/vss/_work/1/s/src/Agent.Worker/TaskCommandExtension.cs:line 314
at Microsoft.VisualStudio.Services.Agent.Worker.BaseWorkerCommandExtension.ProcessCommand(IExecutionContext context, Command command) in /mnt/vss/_work/1/s/src/Agent.Worker/WorkerCommandManager.cs:line 217
at Microsoft.VisualStudio.Services.Agent.Worker.WorkerCommandManager.TryProcessCommand(IExecutionContext context, String input) in /mnt/vss/_work/1/s/src/Agent.Worker/WorkerCommandManager.cs:line 148
##[debug]Processed: ##vso[task.addattachment type=JSON_RESULT;name=trivy0.002331999684293873.json;]/tmp/trivy-results-0.32230546845629693.json
Done!
Finishing: Scan Docker image with Trivy
I have tryed to fix it according this article: https://github.com/aquasecurity/trivy-azure-pipelines-task/issues/64
but still exist this error.
My pipeline code:
- stage: 'ScanImageVulnerability'
displayName: 'Scan image vulnerability'
dependsOn: Build
condition: succeeded()
jobs:
- job: ScanImage
displayName: 'Scan Image Job'
steps:
- task: trivy@1
displayName: Scan Docker image with Trivy
inputs:
version: 'v0.54.1'
loginDockerConfig: true
ignoreUnfixed: true
docker: false
image: '$(acrServerName)/$(imageRepository):$(tag)'
And the full Trivy stage log is:
2024-08-10T12:13:38.3511410Z ##[debug]Evaluating condition for step: 'Scan Docker image with Trivy'
2024-08-10T12:13:38.3512693Z ##[debug]Evaluating: SucceededNode()
2024-08-10T12:13:38.3512891Z ##[debug]Evaluating SucceededNode:
2024-08-10T12:13:38.3513461Z ##[debug]=> True
2024-08-10T12:13:38.3513672Z ##[debug]Result: True
2024-08-10T12:13:38.3513907Z ##[section]Starting: Scan Docker image with Trivy
2024-08-10T12:13:38.3518260Z ==============================================================================
2024-08-10T12:13:38.3518378Z Task : Trivy: Take control of your application security
2024-08-10T12:13:38.3518638Z Description : Trivy is the world’s most popular open source vulnerability and misconfiguration scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.
2024-08-10T12:13:38.3518895Z Version : 1.5.1
2024-08-10T12:13:38.3518971Z Author : Aqua Security
2024-08-10T12:13:38.3519032Z Help : [Learn more about this task](https://github.com/aquasecurity/trivy-azure-pipelines-task)
2024-08-10T12:13:38.3519189Z ==============================================================================
2024-08-10T12:13:38.3586885Z ##[debug]Resource Utilization warnings is disabled, switch "DISABLE_RESOURCE_UTILIZATION_WARNINGS" variable to "true" if you want to enable it
2024-08-10T12:13:38.3812671Z ##[debug]Using node path: /home/guo/myagent/externals/node10/bin/node
2024-08-10T12:13:38.5116405Z ##[debug]agent.TempDirectory=/home/guo/myagent/_work/_temp
2024-08-10T12:13:38.5141645Z ##[debug]loading inputs and endpoints
2024-08-10T12:13:38.5143167Z ##[debug]loading INPUT_VERSION
2024-08-10T12:13:38.5155186Z ##[debug]loading INPUT_DOCKER
2024-08-10T12:13:38.5157324Z ##[debug]loading INPUT_DEBUG
2024-08-10T12:13:38.5158998Z ##[debug]loading INPUT_LOGINDOCKERCONFIG
2024-08-10T12:13:38.5160418Z ##[debug]loading INPUT_IMAGE
2024-08-10T12:13:38.5161852Z ##[debug]loading INPUT_IGNOREUNFIXED
2024-08-10T12:13:38.5163180Z ##[debug]loading INPUT_EXITCODE
2024-08-10T12:13:38.5164656Z ##[debug]loading INPUT_DEVMODE
2024-08-10T12:13:38.5166108Z ##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
2024-08-10T12:13:38.5167591Z ##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
2024-08-10T12:13:38.5168987Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
2024-08-10T12:13:38.5175381Z ##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
2024-08-10T12:13:38.5176584Z ##[debug]loaded 12
2024-08-10T12:13:38.5183129Z ##[debug]Agent.ProxyUrl=undefined
2024-08-10T12:13:38.5184296Z ##[debug]Agent.CAInfo=undefined
2024-08-10T12:13:38.5185271Z ##[debug]Agent.ClientCert=undefined
2024-08-10T12:13:38.5186108Z ##[debug]Agent.SkipCertValidation=undefined
2024-08-10T12:13:38.5193718Z ##[debug]Agent.ProxyUrl=undefined
2024-08-10T12:13:38.5194801Z ##[debug]Agent.CAInfo=undefined
2024-08-10T12:13:38.5195664Z ##[debug]Agent.ClientCert=undefined
2024-08-10T12:13:38.5196711Z ##[debug]check path : /home/guo/myagent/_work/_tasks/trivy_8f9cb13f-f551-439c-83e4-fac6801c3fab/1.5.1/node_modules/azure-pipelines-tool-lib/lib.json
2024-08-10T12:13:38.5201140Z ##[debug]adding resource file: /home/guo/myagent/_work/_tasks/trivy_8f9cb13f-f551-439c-83e4-fac6801c3fab/1.5.1/node_modules/azure-pipelines-tool-lib/lib.json
2024-08-10T12:13:38.5202466Z ##[debug]system.culture=en-US
2024-08-10T12:13:38.5237222Z Preparing output location...
2024-08-10T12:13:38.5242174Z ##[debug]rm -rf /tmp/trivy-results-0.32230546845629693.json
2024-08-10T12:13:38.5261070Z ##[debug]path=undefined
2024-08-10T12:13:38.5261937Z ##[debug]image=acrguo.azurecr.io/imageName.guo:117
2024-08-10T12:13:38.5262713Z ##[debug]loginDockerConfig=true
2024-08-10T12:13:38.5263389Z ##[debug]ignoreUnfixed=true
2024-08-10T12:13:38.5264074Z ##[debug]severities=undefined
2024-08-10T12:13:38.5264732Z ##[debug]options=undefined
2024-08-10T12:13:38.5265352Z ##[debug]aquaKey=undefined
2024-08-10T12:13:38.5266023Z ##[debug]aquaSecret=undefined
2024-08-10T12:13:38.5266638Z ##[debug]docker=false
2024-08-10T12:13:38.5267459Z ##[debug]version=v0.54.1
2024-08-10T12:13:38.5268233Z Run requested using local Trivy binary...
2024-08-10T12:13:38.5270820Z Finding correct Trivy version to install...
2024-08-10T12:13:38.5273104Z Required Trivy version is v0.54.1
2024-08-10T12:13:38.5286966Z ##[debug]rm -rf /tmp/trivy
2024-08-10T12:13:38.5288749Z ##[debug]removing file
2024-08-10T12:13:38.5466198Z Downloading Trivy...
2024-08-10T12:13:38.5467036Z ##[debug]/tmp/trivy
2024-08-10T12:13:38.5468106Z ##[debug]testing directory '/tmp'
2024-08-10T12:13:38.5476793Z Downloading: https://github.com/aquasecurity/trivy/releases/download/v0.54.1/trivy_0.54.1_Linux-64bit.tar.gz
2024-08-10T12:13:38.5477858Z ##[debug]destination /tmp/trivy
2024-08-10T12:13:38.5478585Z ##[debug]downloading
2024-08-10T12:13:38.6602429Z ##[debug]Content-Length of downloaded file: 39180445
2024-08-10T12:13:38.6603437Z ##[debug]creating stream
2024-08-10T12:13:38.9547868Z ##[debug]download complete
2024-08-10T12:13:38.9549996Z ##[debug]Downloaded file size: 39180445 bytes
2024-08-10T12:13:38.9550445Z Extracting Trivy...
2024-08-10T12:13:38.9552784Z Extracting archive
2024-08-10T12:13:38.9553932Z ##[debug]testing directory '/tmp/'
2024-08-10T12:13:38.9559050Z ##[debug]which 'tar'
2024-08-10T12:13:38.9565532Z ##[debug]found: '/usr/bin/tar'
2024-08-10T12:13:38.9566791Z ##[debug]/usr/bin/tar arg: ["xC","/tmp/","-f","/tmp/trivy"]
2024-08-10T12:13:38.9571076Z ##[debug]exec tool: /usr/bin/tar
2024-08-10T12:13:38.9571910Z ##[debug]arguments:
2024-08-10T12:13:38.9572544Z ##[debug] xC
2024-08-10T12:13:38.9573140Z ##[debug] /tmp/
2024-08-10T12:13:38.9574181Z ##[debug] -f
2024-08-10T12:13:38.9574819Z ##[debug] /tmp/trivy
2024-08-10T12:13:38.9576769Z [command]/usr/bin/tar xC /tmp/ -f /tmp/trivy
2024-08-10T12:13:39.9351568Z ##[debug]Exit code 0 received from tool '/usr/bin/tar'
2024-08-10T12:13:39.9353033Z ##[debug]STDIO streams have closed for tool '/usr/bin/tar'
2024-08-10T12:13:39.9363114Z Setting permissions...
2024-08-10T12:13:39.9364165Z ##[debug]which 'chmod'
2024-08-10T12:13:39.9366744Z ##[debug]found: '/usr/bin/chmod'
2024-08-10T12:13:39.9367531Z ##[debug]/usr/bin/chmod arg: ["+x","/tmp/trivy"]
2024-08-10T12:13:39.9368292Z ##[debug]/usr/bin/chmod arg: ["+x","/tmp/trivy"]
2024-08-10T12:13:39.9369009Z ##[debug]exec tool: /usr/bin/chmod
2024-08-10T12:13:39.9369669Z ##[debug]exec tool: /usr/bin/chmod
2024-08-10T12:13:39.9370281Z ##[debug]arguments:
2024-08-10T12:13:39.9370894Z ##[debug]arguments:
2024-08-10T12:13:39.9371479Z ##[debug] +x
2024-08-10T12:13:39.9372275Z ##[debug] +x
2024-08-10T12:13:39.9372849Z ##[debug] /tmp/trivy
2024-08-10T12:13:39.9373386Z ##[debug] /tmp/trivy
2024-08-10T12:13:39.9373771Z [command]/usr/bin/chmod +x /tmp/trivy
2024-08-10T12:13:39.9436883Z ##[debug]Exit code 0 received from tool '/usr/bin/chmod'
2024-08-10T12:13:39.9439027Z ##[debug]Exit code 0 received from tool '/usr/bin/chmod'
2024-08-10T12:13:39.9439789Z ##[debug]STDIO streams have closed for tool '/usr/bin/chmod'
2024-08-10T12:13:39.9440460Z ##[debug]STDIO streams have closed for tool '/usr/bin/chmod'
2024-08-10T12:13:39.9441099Z ##[debug]which '/tmp/trivy'
2024-08-10T12:13:39.9441828Z ##[debug]found: '/tmp/trivy'
2024-08-10T12:13:39.9442441Z ##[debug]debug=false
2024-08-10T12:13:39.9443810Z Configuring options for image scan...
2024-08-10T12:13:39.9446207Z ##[debug]exitCode=1
2024-08-10T12:13:39.9446979Z ##[debug]/tmp/trivy arg: ["image"]
2024-08-10T12:13:39.9447680Z ##[debug]/tmp/trivy arg: ["--exit-code","1"]
2024-08-10T12:13:39.9448337Z ##[debug]/tmp/trivy arg: ["--format","json"]
2024-08-10T12:13:39.9449049Z ##[debug]/tmp/trivy arg: ["--output","/tmp/trivy-results-0.32230546845629693.json"]
2024-08-10T12:13:39.9449842Z ##[debug]/tmp/trivy arg: ["--ignore-unfixed"]
2024-08-10T12:13:39.9450654Z ##[debug]/tmp/trivy arg: ["--scanners","vuln,misconfig,secret"]
2024-08-10T12:13:39.9451415Z ##[debug]/tmp/trivy arg: acrguo.azurecr.io/imageName.guo:117
2024-08-10T12:13:39.9451943Z Running Trivy...
2024-08-10T12:13:39.9452500Z ##[debug]exec tool: /tmp/trivy
2024-08-10T12:13:39.9453102Z ##[debug]arguments:
2024-08-10T12:13:39.9453680Z ##[debug] image
2024-08-10T12:13:39.9455003Z ##[debug] --exit-code
2024-08-10T12:13:39.9455589Z ##[debug] 1
2024-08-10T12:13:39.9456156Z ##[debug] --format
2024-08-10T12:13:39.9456701Z ##[debug] json
2024-08-10T12:13:39.9457279Z ##[debug] --output
2024-08-10T12:13:39.9457917Z ##[debug] /tmp/trivy-results-0.32230546845629693.json
2024-08-10T12:13:39.9458626Z ##[debug] --ignore-unfixed
2024-08-10T12:13:39.9459239Z ##[debug] --scanners
2024-08-10T12:13:39.9459863Z ##[debug] vuln,misconfig,secret
2024-08-10T12:13:39.9461558Z ##[debug] acrguo.azurecr.io/imageName.guo:117
2024-08-10T12:13:39.9466393Z [command]/tmp/trivy image --exit-code 1 --format json --output /tmp/trivy-results-0.32230546845629693.json --ignore-unfixed --scanners vuln,misconfig,secret acrguo.azurecr.io/imageName.guo:117
2024-08-10T12:13:40.6483980Z 2024-08-10T12:13:40Z INFO [vuln] Vulnerability scanning is enabled
2024-08-10T12:13:40.6485212Z 2024-08-10T12:13:40Z INFO [misconfig] Misconfiguration scanning is enabled
2024-08-10T12:13:40.6486243Z 2024-08-10T12:13:40Z INFO [secret] Secret scanning is enabled
2024-08-10T12:13:40.6488880Z 2024-08-10T12:13:40Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-08-10T12:13:40.6489949Z 2024-08-10T12:13:40Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.54/docs/scanner/secret#recommendation for faster secret detection
2024-08-10T12:13:40.6491059Z 2024-08-10T12:13:40Z FATAL Fatal error image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: failed to parse the image name: could not parse reference: acrguo.azurecr.io/imageName.guo:117
2024-08-10T12:13:40.6497511Z ##[debug]task result: Failed
2024-08-10T12:13:40.6546626Z ##[error]Failed: Trivy detected problems.
2024-08-10T12:13:40.6556701Z ##[debug]Processed: ##vso[task.issue type=error;]Failed: Trivy detected problems.
2024-08-10T12:13:40.6565700Z ##[debug]Processed: ##vso[task.complete result=Failed;]Failed: Trivy detected problems.
2024-08-10T12:13:40.6566246Z Publishing JSON results...
2024-08-10T12:13:40.6577173Z ##[error]Unable to process command '##vso[task.addattachment type=JSON_RESULT;name=trivy0.002331999684293873.json;]/tmp/trivy-results-0.32230546845629693.json' successfully. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)
2024-08-10T12:13:40.6588260Z ##[error]Value cannot be null. (Parameter 'Cannot upload task attachment file, attachment file location is not specified or attachment file does not exist on disk.')
2024-08-10T12:13:40.6598353Z ##[debug]System.ArgumentNullException: Value cannot be null. (Parameter 'Cannot upload task attachment file, attachment file location is not specified or attachment file does not exist on disk.')
at Microsoft.VisualStudio.Services.Agent.Worker.TaskAddAttachmentCommand.AddAttachment(IExecutionContext context, Dictionary`2 eventProperties, String data) in /mnt/vss/_work/1/s/src/Agent.Worker/TaskCommandExtension.cs:line 355
at Microsoft.VisualStudio.Services.Agent.Worker.TaskAddAttachmentCommand.Execute(IExecutionContext context, Command command) in /mnt/vss/_work/1/s/src/Agent.Worker/TaskCommandExtension.cs:line 314
at Microsoft.VisualStudio.Services.Agent.Worker.BaseWorkerCommandExtension.ProcessCommand(IExecutionContext context, Command command) in /mnt/vss/_work/1/s/src/Agent.Worker/WorkerCommandManager.cs:line 217
at Microsoft.VisualStudio.Services.Agent.Worker.WorkerCommandManager.TryProcessCommand(IExecutionContext context, String input) in /mnt/vss/_work/1/s/src/Agent.Worker/WorkerCommandManager.cs:line 148
2024-08-10T12:13:40.6600242Z ##[debug]Processed: ##vso[task.addattachment type=JSON_RESULT;name=trivy0.002331999684293873.json;]/tmp/trivy-results-0.32230546845629693.json
2024-08-10T12:13:40.6600552Z Done!
2024-08-10T12:13:40.6610039Z ##[section]Finishing: Scan Docker image with Trivy
The Pipeline work flow and acr screenshot:
Could somebody help to analyze this issue? THanks a ton.
Solution
I am not an expert for this kind of task, but when comparing the output [...] could not parse reference: acrguo.azurecr.io/imageName.guo:117 with your screenshot, one can spot the difference:
Your variable has a capital N, while the image name is with a lower n.
Try running it again with the correct image name or convert your variable to lowercase with lower.
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- How to use environment variables in React app hosted in Azure
- How to manage variable declarations according to parameters
- Get All Pipeline Parameters Through Azure DevOps REST API
- Create a counter variable in Azure Devops for every pipeline successful run
- Use script file in Azure Devops yaml deployment pipeline
- How to properly use Azure Function Build and Deploy in Azure DevOps with multiple projects
- Azure devops - build number vs build id
- Run script on Azure VM Scale Set when deprovisioning
- Azure Pipeline to trigger Pipeline using YAML
- Make Azure Keyvault secrets available in entire pipeline
- Cannot authorize variable group in Azure Pipelines
- How to set up a simple Next.js web app with CI/CD on Azure?
- How to override the object and array parameters in the Arm template?
- Azure DevOps Oryx build of my ReactJS app fails with 'unable to resolve' error
- Secret Pipeline Parameter in Azure Devops
- Build validation on Azure DevOps branch: YAML in different repository?
- Azure Devops yml pipeline if else condition with variables
- How to Generate .AAB file and Sign Android app Bundle using azure pipeline
- Azure DevOps Yaml pipeline - GitVersionfor additional repository
- Azure Web App Cannot Access Azure Container Registry Using Managed Identity
- Azure pipeline - run shell script on the remote server
- How to Enable Docker layer caching in Azure DevOps
- Notification send when second pipeline run completes
- Variable evaluates fine for displayName but not for condition, why is that?
- Not possible to use containers in Azure Pipelines self-hosted agents deployed as Azure K8s pods
- Triggering 2nd Azure Pipeline After Successful Run on 1st pipeline
- Unexpected value 'condition'
- mvn release + azure pipeline - deploy
- Azure DevOps Pipeline trying to access Git: you do not have permissions error