Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(k8s): k8s scan works too long #7662

Closed
afdesk opened this issue Oct 7, 2024 Discussed in #7661 · 0 comments · Fixed by #7690
Closed

bug(k8s): k8s scan works too long #7662

afdesk opened this issue Oct 7, 2024 Discussed in #7661 · 0 comments · Fixed by #7690
Assignees
@afdesk
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@afdesk
Copy link
Contributor

afdesk commented Oct 7, 2024
edited
Loading

Description

Trivy kubernetes scan takes a lot of time for small minikube cluster:

$ time trivy k8s --report summary --debug --disable-node-collector --timeout 30m0s  
491,23s user 49,05s system 55% cpu 16:21,43 total

As said in #7661 Trivy fails even for test environment.

Reason

Trivy creates a new scanner for each kubernetes artifact:

trivy/pkg/k8s/scanner/scanner.go

Line 158 in ab3a3b2

imageReport, err := s.runner.ScanImage(ctx, opts)

trivy/pkg/k8s/scanner/scanner.go

Line 184 in ab3a3b2

configReport, err := s.runner.ScanFilesystem(ctx, s.opts)

Solution

As an idea we can try to optimize using of scanners.

Reproduction Steps

$ trivy k8s --report summary --debug --disable-node-collector --timeout 30m0s

Discussed in #7661
@afdesk afdesk added the kind/bug Categorizes issue or PR as related to a bug. label Oct 7, 2024
@afdesk afdesk self-assigned this Oct 7, 2024
@afdesk afdesk mentioned this issue Oct 10, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@afdesk afdesk

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

refactor(k8s): scan config files as a folder afdesk/trivy
1 participant
@afdesk