--download-db-only doesn't work with the latest version of Trivy #6228
-
DescriptionRunning
Results in FATAL unknown flag: --download-db-only. I have a Dockerfile that installs trivy and downloads the database file:
It does seem that it works if I run each command on its own on a basic alpine image, which is odd. Desired BehaviorThe command to successfully pull down the database file Actual BehaviorFailed with Reproduction Steps1. Run `docker build -t trivy:local .` with the above Dockerfile
2. See the error returned by the docker command TargetContainer Image ScannerVulnerability Output FormatNone ModeStandalone Debug Output$ trivy --cache-dir $TRIVY_TEMP_DIR image --download-db-only --debug
Error: unknown flag: --download-db-only
Usage:
trivy [global flags] command [flags] target
trivy [command]
Examples:
# Scan a container image
$ trivy image python:3.4-alpine
# Scan a container image from a tar archive
$ trivy image --input ruby-3.1.tar
# Scan local filesystem
$ trivy fs .
# Run in server mode
$ trivy server
Scanning Commands
aws [EXPERIMENTAL] Scan AWS account
config Scan config files for misconfigurations
filesystem Scan local filesystem
image Scan a container image
kubernetes [EXPERIMENTAL] Scan kubernetes cluster
repository Scan a repository
rootfs Scan rootfs
sbom Scan SBOM for vulnerabilities
vm [EXPERIMENTAL] Scan a virtual machine image
Management Commands
module Manage modules
plugin Manage plugins
Utility Commands
completion Generate the autocompletion script for the specified shell
convert Convert Trivy JSON report into a different format
help Help about any command
server Server mode
version Print the version
Flags:
--cache-dir string cache directory (default "/Users/adrianasprouse/Library/Caches/trivy")
-c, --config string config path (default "trivy.yaml")
-d, --debug debug mode
-f, --format string version format (json)
--generate-default-config write the default config to trivy-default.yaml
-h, --help help for trivy
--insecure allow insecure server connections
-q, --quiet suppress progress bar and log output
--timeout duration timeout (default 5m0s)
-v, --version show version
Use "trivy [command] --help" for more information about a command.
2024-02-28T14:06:34.499-0500 FATAL unknown flag: --download-db-only Operating SystemAlpine 3.19.1 Version$ trivy --version
Version: 0.49.1 Checklist
|
Beta Was this translation helpful? Give feedback.
Answered by
DmitriyLewen
Feb 29, 2024
Replies: 1 comment
-
Hello @asprouse5
FROM alpine
RUN apk add --update --no-cache curl
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -x -s -- -b /usr/local/bin
RUN export TRIVY_TEMP_DIR=$(mktemp -d)
RUN trivy --cache-dir $TRIVY_TEMP_DIR image image --download-db-only ➜ 6228 docker build -t 6228 .
[+] Building 0.0s (9/9) FINISHED docker:desktop-linux
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 367B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/alpine:latest 0.0s
=> [1/5] FROM docker.io/library/alpine 0.0s
=> CACHED [2/5] RUN apk add --update --no-cache curl 0.0s
=> CACHED [3/5] RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contr 0.0s
=> CACHED [4/5] RUN export TRIVY_TEMP_DIR=$(mktemp -d) 0.0s
=> CACHED [5/5] RUN trivy --cache-dir $TRIVY_TEMP_DIR image image --download-db-only 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:2445af64341d203c8680ded287997ea00d8be16533a0d3810c501d3563499f1a 0.0s
=> => naming to docker.io/library/6228 0.0s
What's Next?
View summary of image vulnerabilities and recommendations → docker scout quickview
➜ 6228 docker run -it --rm 6228 ls -hl ./image
total 8K
drwxr-xr-x 2 root root 4.0K Feb 29 06:22 db
drwx------ 2 root root 4.0K Feb 29 06:22 fanal Regards, Dmitriy |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
DmitriyLewen
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello @asprouse5
Thanks for your report.
$TRIVY_TEMP_DIR
env is empty.So Trivy takes
image
as cache dir:Take a look this example: