Skip to content

All scan containers are using the same temporary directory, which leads to failure #2859

New issue
New issue
Open
Open
All scan containers are using the same temporary directory, which leads to failure#2859
Labels
kind/bugCategorizes issue or PR as related to a bug.
@sathieu

Description

@sathieu
sathieu
opened on Jan 23, 2026

What steps did you take and what happened:

trivy temp directory should be unique. This is done by using the PID to discriminate. However, with trivy-operator pid is always 1 (one). The result is always the same: /tmp/trivy-1:

	tempDir := filepath.Join(os.TempDir(), fmt.Sprintf("trivy-%d", pid))

ref

At the end of the scan, trivy is cleaning this directory (ref). This can lead to no such file or directory when a file is deleted in a container while another container is about to delete it.

What did you expect to happen:

No failure of trivy scan jobs on multi-containers pods.

Anything else you would like to add:

Proposed fix: use a different emptyDir for each container (but keep /tmp/trivy/.cache and /tmp/scan shared).

Environment:

  • Trivy-Operator version (use trivy-operator version):
  • Kubernetes version (use kubectl version):
  • OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc):

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions