Trivy 掃描在 Qcow2 圖像上失敗

Question

我正在嘗試使用 Trivy 掃描 qcow2 圖像，但它沒有通過測試？

trivy --debug fs /home/user/fedora32_image.qcow2
2021-04-13T14:01:53.535-0700 DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2021-04-13T14:01:53.557-0700 DEBUG cache dir: /home/user/.cache/trivy
2021-04-13T14:01:53.558-0700 DEBUG DB update was skipped because DB is the latest
2021-04-13T14:01:53.558-0700 DEBUG DB Schema: 1, Type: 1, UpdatedAt: 2021-04-13 12:07:40.493338704 +0000 UTC, NextUpdate: 2021-04-14 00:07:40.493338404 +0000 UTC, DownloadedAt: 2021-04-13 17:17:26.74233259 +0000 UTC
2021-04-13T14:01:53.558-0700 DEBUG Vulnerability type: [os library]
2021-04-13T14:01:53.624-0700 DEBUG Artifact ID: sha256:3404e98968ad338dc60ef74c0dd5bdd893478415cd2296b0c265a5650b3ae4d6
2021-04-13T14:01:53.624-0700 DEBUG Blob IDs: [sha256:3404e98968ad338dc60ef74c0dd5bdd893478415cd2296b0c265a5650b3ae4d6]
2021-04-13T14:01:53.624-0700 WARN OS is not detected and vulnerabilities in OS packages are not detected.
2021-04-13T14:01:53.624-0700 INFO Trivy skips scanning programming language libraries because no supported file was detected

關於調試的任何建議？

Answer 1

Trivy 的fs模式需要一個實際的解壓文件系統才能讀取。 您可以掛載該磁盤映像並將 Trivy 指向它，或者從 VM 內部運行 Trivy。 它理解的唯一打包圖像格式是容器，因為它主要是一個容器工具。