Bug: Medium Severity GuardDuty finding for each image vulnerability scan task

[tanmaymohan]

📜 Description

While using the trivy image scanner for devtron , on each run , AWS GuardDuty flags it as a medium severity bug as it is accessing a host docker socket. Don't know if it's a false positive being raised multiple times or something is occurring in wrong.

👟 Reproduction steps

1. EKS cluster 1.29 on AWS
2. Region : ap-south-1
3. Addon : Amazon GuardDuty EKS Runtime Monitoring Enabled
4. GuardDuty service enabled at the account level
5. Run an image scan in a CI step

👍 Expected behavior

Shouldn't trigger a medium vulnerability.

👎 Actual Behavior

Triggers the following:

☸ Kubernetes version

EKS 1.29

Cloud provider

AWS ap-south-1

🌍 Browser

Chrome

🧱 Your Environment

Chrome browser

✅ Proposed Solution

No response

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find any similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[satyampsoni]

The container image executes the Trivy container using the command docker run trivy. To avoid this issue, you can adjust your Trivy configuration settings to ignore this specific alert.