You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After I run export AWS_PROFILE=some_profile and then I run the command trivy vm to scan an AMI , and I got this following error
2024-03-21T19:04:42.318Z INFO Need to update DB 2024-03-21T19:04:42.318Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2024-03-21T19:04:42.318Z INFO Downloading DB... 44.49 MiB / 44.49 MiB [---------------------------------------------------------------------------------------------] 100.00% 16.19 MiB p/s 2.9s 2024-03-21T19:04:45.685Z INFO Vulnerability scanning is enabled 2024-03-21T19:04:45.685Z INFO Secret scanning is enabled 2024-03-21T19:04:45.685Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-03-21T19:04:45.685Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection 2024-03-21T19:04:45.701Z FATAL vm scan error: scan error: unable to initialize a scanner: unable to initialize a vm scanner: aws config load error: failed to get shared config profile, dev-cloud-iam-infra
But I use the same AWS_PROFILE , i can use my aws cli command as this the output
Seems something wrong with trivy when export the AWS_PROFILE, and other is also there is no aws_profile flag option when using trivy
Desired Behavior
After export AWS_PROFILE=some__aws_profile, the trivy should scan the VM with that aws_profie
Actual Behavior
The actual Behavior is :
export AWS_PROFILE=dev-cloud-iam-infra
When I run the scan trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
I got this error
`zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z FATAL vm scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445
unable to initialize a scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
unable to initialize a vm scanner:
github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
/home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
failed to get shared config profile, dev-cloud-iam-infra`
Reproduction Steps
1. export AWS_PROFILE=dev-cloud-iam-infra
2. trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
3. Error
zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN""LOW""MEDIUM""HIGH""CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled2024-03-21T19:15:52.181Z FATAL vm scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.Run /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445 - scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269 - unable to initialize a scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.scan /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700 - unable to initialize a vm scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118 - aws config load error: github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig /home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39 - failed to get shared config profile, dev-cloud-iam-infra
Target
AWS
Scanner
Vulnerability
Output Format
None
Mode
None
Debug Output
trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN""LOW""MEDIUM""HIGH""CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled2024-03-21T19:15:52.181Z FATAL vm scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.Run /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445 - scan error: github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269 - unable to initialize a scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.scan /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700 - unable to initialize a vm scanner: github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118 - aws config load error: github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig /home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39 - failed to get shared config profile, dev-cloud-iam-infra
Operating System
ubuntu 22.04
Version
trivy --version
Version: 0.49.1
Vulnerability DB:
Version: 2
UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC
NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC
DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
Discussed in #6370
Originally posted by wangzhihaocom March 22, 2024
Description
After I run
export AWS_PROFILE=some_profile
and then I run the commandtrivy vm
to scan an AMI , and I got this following error2024-03-21T19:04:42.318Z INFO Need to update DB 2024-03-21T19:04:42.318Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2024-03-21T19:04:42.318Z INFO Downloading DB... 44.49 MiB / 44.49 MiB [---------------------------------------------------------------------------------------------] 100.00% 16.19 MiB p/s 2.9s 2024-03-21T19:04:45.685Z INFO Vulnerability scanning is enabled 2024-03-21T19:04:45.685Z INFO Secret scanning is enabled 2024-03-21T19:04:45.685Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-03-21T19:04:45.685Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection 2024-03-21T19:04:45.701Z FATAL vm scan error: scan error: unable to initialize a scanner: unable to initialize a vm scanner: aws config load error: failed to get shared config profile, dev-cloud-iam-infra
But I use the same AWS_PROFILE , i can use my aws cli command as this the output
aws s3 ls --profile dev-cloud-iam-infra
2024-02-08 21:04:51 cf-templates-j1vskhoonux6-ap-east-1
2024-02-08 20:19:54 cf-templates-j1vskhoonux6-ap-northeast-1
2024-02-08 22:41:46 cf-templates-j1vskhoonux6-ap-southeast-1
2024-02-22 00:25:55 cf-templates-j1vskhoonux6-us-east-1
2023-11-15 21:33:05 cf-templates-j1vskhoonux6-us-east-2
2024-03-21 18:00:56 infstones-logs-dev-cloud
2024-02-29 18:44:58 infstones-logs-test-dev-cloud
Seems something wrong with trivy when export the AWS_PROFILE, and other is also there is no aws_profile flag option when using trivy
Desired Behavior
After
export AWS_PROFILE=some__aws_profile
, the trivy should scan the VM with that aws_profieActual Behavior
The actual Behavior is :
export AWS_PROFILE=dev-cloud-iam-infra
`zhihao@ip-172-0-1-30 ~ (⎈|dev-cloud-eks-cluster-infpools-io:N/A) ~$ trivy vm -d --aws-region us-east-2 ami:ami-0130c365b91184af1
2024-03-21T19:15:52.130Z DEBUG Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-03-21T19:15:52.132Z DEBUG Ignore statuses {"statuses": null}
2024-03-21T19:15:52.137Z DEBUG Timeout is set to less than 30 min - upgrading to 30 min for this command.
2024-03-21T19:15:52.140Z DEBUG cache dir: /home/zhihao/snap/trivy/271/.cache/trivy
2024-03-21T19:15:52.140Z DEBUG DB update was skipped because the local DB is the latest
2024-03-21T19:15:52.140Z DEBUG DB Schema: 2, UpdatedAt: 2024-03-21 18:10:27.594557904 +0000 UTC, NextUpdate: 2024-03-22 00:10:27.594557554 +0000 UTC, DownloadedAt: 2024-03-21 19:04:45.684887737 +0000 UTC
2024-03-21T19:15:52.140Z INFO Vulnerability scanning is enabled
2024-03-21T19:15:52.140Z DEBUG Vulnerability type: [os library]
2024-03-21T19:15:52.141Z INFO Secret scanning is enabled
2024-03-21T19:15:52.141Z INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-03-21T19:15:52.141Z INFO Please see also https://aquasecurity.github.io/trivy/v0.49/docs/scanner/secret/#recommendation for faster secret detection
2024-03-21T19:15:52.141Z DEBUG Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan]
2024-03-21T19:15:52.141Z DEBUG No secret config detected: trivy-secret.yaml
2024-03-21T19:15:52.141Z DEBUG The nuget packages directory couldn't be found. License search disabled
2024-03-21T19:15:52.181Z FATAL vm scan error:
github.com/aquasecurity/trivy/pkg/commands/artifact.Run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:445
github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:269
github.com/aquasecurity/trivy/pkg/commands/artifact.scan
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:700
github.com/aquasecurity/trivy/pkg/commands/artifact.vmStandaloneScanner
/home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:118
github.com/aquasecurity/trivy/pkg/cloud/aws/config.LoadDefaultAWSConfig
/home/runner/work/trivy/trivy/pkg/cloud/aws/config/config.go:39
Reproduction Steps
Target
AWS
Scanner
Vulnerability
Output Format
None
Mode
None
Debug Output
Operating System
ubuntu 22.04
Version
Checklist
trivy image --reset
The text was updated successfully, but these errors were encountered: