From caaac8922b0d7081ac1922e2e04844667f91c1b8 Mon Sep 17 00:00:00 2001 From: Sascha Schwarze Date: Mon, 28 Oct 2024 15:13:49 +0100 Subject: [PATCH] Retry trivy when it fails to download the vulnerability database due to rate-limiting Signed-off-by: Sascha Schwarze --- pkg/image/vulnerability_scan.go | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/pkg/image/vulnerability_scan.go b/pkg/image/vulnerability_scan.go index 1eaf1beaad..bdc5649d88 100644 --- a/pkg/image/vulnerability_scan.go +++ b/pkg/image/vulnerability_scan.go @@ -11,6 +11,7 @@ import ( "os/exec" "sort" "strings" + "time" "github.com/google/go-containerregistry/pkg/authn" buildapi "github.com/shipwright-io/build/pkg/apis/build/v1beta1" @@ -51,14 +52,33 @@ func RunVulnerabilityScan(ctx context.Context, imagePath string, settings builda } } - cmd := exec.CommandContext(ctx, "trivy", trivyArgs...) + var result []byte + var err error - cmd.Stdin = nil + for i := 0; i < 10; i++ { + cmd := exec.CommandContext(ctx, "trivy", trivyArgs...) + cmd.Stdin = nil - result, err := cmd.CombinedOutput() - if err != nil { - log.Printf("failed to run trivy:\n%s", string(result)) - return nil, fmt.Errorf("failed to run trivy: %w", err) + result, err = cmd.CombinedOutput() + if err == nil { + break + } + + sResult := string(result) + log.Printf("failed to run trivy:\n%s", sResult) + + // Retry the following errors + // + // FATAL Fatal error init error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred: + // GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 508.904┬Ás, allowed: 44000/minute + // + // FATAL Fatal error init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source + if i < 10 && strings.Contains(sResult, "failed to download vulnerability DB") { + log.Println("Will retry") + time.Sleep(time.Second) + } else { + return nil, fmt.Errorf("failed to run trivy: %w", err) + } } var trivyResult TrivyResult