Failed to download vulnerability DB: failed to download vulnerability DB: DB file not found #434

mamathak412 · 2021-03-18T10:41:30Z

mamathak412
Mar 18, 2021

I'm using starboard operator for trivy. Used used my company github_token which is private github. I'm getting below error.

"status.reason": "Error", "status.message": "2021-03-18T10:33:56.770Z\t\u001b[34mINFO\u001b[0m\tUse your github token\n2021-03-18T10:33:56.7 tNeed to update DB\n2021-03-18T10:33:56.770Z\t\u001b[34mINFO\u001b[0m\tDownloading DB...\n2021-03-18T10:33:58.681Z\t\u001b[31mFATAL\u001b[0m\tfailed to download vulnerability DB: failed to download vulnerability DB: DB file not found\n"}

Answered by danielpacak

Mar 18, 2021

👋 @mamathak412 We've seen already that GitHub API may be unstable and if that's the case you will see such errors. Trivy is trying to download release assets from https://github.com/aquasecurity/trivy-db/releases. Make sure that you can download trivy-db.tgz archive with wget or curl command and then retry scanning with Starboard. Do let us know if the problem persists.

View full answer

danielpacak · 2021-03-18T14:05:03Z

danielpacak
Mar 18, 2021

👋 @mamathak412 We've seen already that GitHub API may be unstable and if that's the case you will see such errors. Trivy is trying to download release assets from https://github.com/aquasecurity/trivy-db/releases. Make sure that you can download trivy-db.tgz archive with wget or curl command and then retry scanning with Starboard. Do let us know if the problem persists.

2 replies

cicdblr123 Mar 24, 2021

@danielpacak, I have tried to download mutiple times

wget https://api.github.com/repos/aquasecurity/trivy-db/release s
--2021-03-24 06:46:09-- https://api.github.com/repos/aquasecurity/trivy-db/releases
Resolving api.github.com (api.github.com)... 140.82.121.6
Connecting to api.github.com (api.github.com)|140.82.121.6|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 29496 (29K) [application/json]
Saving to: ‘releases.2’

releases.2 100%[===================>] 28.80K --.-KB/s in 0.1s

2021-03-24 06:46:09 (232 KB/s) - ‘releases.2’ saved [29496/29496]

Stili I see same error.

mamathak412 Mar 24, 2021
Author

@danielpacak, I have tried to download mutiple times

wget https://api.github.com/repos/aquasecurity/trivy-db/release s
--2021-03-24 06:46:09-- https://api.github.com/repos/aquasecurity/trivy-db/releases
Resolving api.github.com (api.github.com)... 140.82.121.6
Connecting to api.github.com (api.github.com)|140.82.121.6|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 29496 (29K) [application/json]
Saving to: ‘releases.2’

releases.2 100%[===================>] 28.80K --.-KB/s in 0.1s

2021-03-24 06:46:09 (232 KB/s) - ‘releases.2’ saved [29496/29496]

Stili I see same error.

danielpacak · 2021-04-27T15:09:20Z

danielpacak
Apr 27, 2021

That looks weird @mamathak412 and I cannot reproduce the same with GitHub personal access token. Could you please do one more test and run Trivy in your cluster as a Kubernetes job? This is after all what Starboard does under the covers. For example:

Create a Secret named trivy with your GitHub personal access token:

kubectl create secret generic trivy --from-literal GITHUB_TOKEN=<YOUR TOKEN GOES HERE>

Create a Job named trivy to scan the nignx:1.16 image:

cat << EOF | kubectl apply -f -
apiVersion: batch/v1
kind: Job
metadata:
  name: trivy
spec:
  template:
    spec:
      containers:
      - name: trivy
        image: docker.io/aquasec/trivy:0.16.0
        command: ["trivy", "--quiet", "image", "--format", "json", "--severity", "CRITICAL", "nginx:1.16"]
        env:
        - name: GITHUB_TOKEN
          valueFrom:
            secretKeyRef:
              name: trivy
              key: GITHUB_TOKEN
      restartPolicy: Never
  backoffLimit: 3
EOF

Check that the Job has completed:

$ kubectl get job trivy
NAME    COMPLETIONS   DURATION   AGE
trivy   1/1           7s         15s

Check logs:

$ kubectl logs job/trivy
[
  {
    "Target": "nginx:1.16 (debian 10.3)",
    "Type": "debian",
    "Vulnerabilities": [
      {
        "VulnerabilityID": "CVE-2019-20367",
        "PkgName": "libbsd0",
        "InstalledVersion": "0.9.1-2",
        "FixedVersion": "0.9.1-2+deb10u1",
        "Layer": {
          "Digest": "sha256:5546cfc927724eff7f5a134801904dee21064bd49912a7c4daa550175939cbce",
          "DiffID": "sha256:82068c842707f3491e7398973688d8abd66f1494f00e646d801be1545c539f1c"
        },
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20367",
        "Description": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).",
        "Severity": "CRITICAL",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "V2Score": 6.4,
            "V3Score": 9.1
          }
        },
...

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Failed to download vulnerability DB: failed to download vulnerability DB: DB file not found #434

{{title}}

Replies: 2 comments 2 replies

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Failed to download vulnerability DB: failed to download vulnerability DB: DB file not found #434

mamathak412 Mar 18, 2021

Replies: 2 comments · 2 replies

danielpacak Mar 18, 2021

cicdblr123 Mar 24, 2021

mamathak412 Mar 24, 2021 Author

danielpacak Apr 27, 2021

mamathak412
Mar 18, 2021

Replies: 2 comments 2 replies

danielpacak
Mar 18, 2021

mamathak412 Mar 24, 2021
Author

danielpacak
Apr 27, 2021