Error: Failed to download vulnerability DB - Trivy v0.24.2

[Simsjustin91]

2022-03-30T21:41:44Z [INFO] [/pkg/scan/job.go:167]: Report mime types: [application/vnd.security.vulnerability.report; version=1.1] 2022-03-30T21:41:44Z [INFO] [/pkg/scan/job.go:222]: Get report for mime type: application/vnd.security.vulnerability.report; version=1.1 2022-03-30T21:41:46Z [INFO] [/pkg/scan/job.go:243]: Report with mime type application/vnd.security.vulnerability.report; version=1.1 is not ready yet, retry after 5 seconds 2022-03-30T21:41:51Z [ERROR] [/pkg/scan/job.go:292]: check scan report with mime type application/vnd.security.vulnerability.report; version=1.1: running trivy wrapper: running trivy: exit status 1: 2022-03-30T21:41:48.778Z �[34mINFO�[0m Need to update DB 2022-03-30T21:41:48.778Z �[34mINFO�[0m Downloading DB... 2022-03-30T21:41:49.012Z �[31mFATAL�[0m DB error: failed to download vulnerability DB: OCI artifact error: OCI artifact error: OCI repository error: Get "https://ghcr.io/v2/": read tcp 172.20.6.8:53678->140.82.113.34:443: read: connection reset by peer : general response handler: unexpected status code: 500, expected: 200

We have recently update Trivy from 20.2 to 24.2 under the guise it would fix a previous DB download issue. now we are getting this new one. We have opened all of the requested URLs but still getting the same error. I have ran: # oras pull ghcr.io/aquasecurity/trivy-db:2 -a and it still failed. has anyone else experienced this?

[ntkach]

I think I'm getting the same type of issue

$ trivy i rancher/k3s
2022-04-15T10:24:23.653-0500 INFO Need to update DB
2022-04-15T10:24:23.653-0500 INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2022-04-15T10:24:23.653-0500 INFO Downloading DB...
2022-04-15T10:24:52.975-0500 FATAL DB error: failed to download vulnerability DB: OCI artifact error: OCI artifact error: OCI repository error: Get "https://ghcr.io/v2/": dial tcp: lookup ghcr.io: i/o timeout{code}

[maulik-modi]

With Trivy 0.26, getting the same error - Failed to download vulnerability DB. Also attached debug mode screenshot

[knqyf263]

I guess GHCR was down for a while or your network was just slow. Could you try again with --timeout 20m?

[mikulass]

Hello, apologize if this is wrong place to ask for a help. I'm running trivy v0.24.2 with harbor 2.5.0. During vulnerability scan I'm getting following ERROR 500 while downloading DB:

Any idea or link to right documentation is highly appreciated. Thanks in advance. Best, Mikulas.

[knqyf263]

It says 500, so I guess it was a temporal issue. Are you still facing it?

[tcarlander]

I am facing same issue on Mac OS
Have not manage to make it work even downloading db manually
$ trivy -v
Version: 0.28.1
$ trivy -d image farm2go
2022-05-30T15:07:53.615+0300 DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2022-05-30T15:07:53.670+0300 DEBUG cache dir: /Users/xxx/Library/Caches/trivy
2022-05-30T15:07:53.671+0300 DEBUG There is no valid metadata file: unable to open a file: open /Users/xxx/Library/Caches/trivy/db/metadata.json: no such file or directory
2022-05-30T15:07:53.671+0300 INFO Need to update DB
2022-05-30T15:07:53.671+0300 INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2022-05-30T15:07:53.671+0300 INFO Downloading DB...
2022-05-30T15:07:53.672+0300 DEBUG no metadata file
2022-05-30T15:08:23.063+0300 FATAL init error:
github.com/aquasecurity/trivy/pkg/commands/artifact.run
/home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:314

• DB error:
  github.com/aquasecurity/trivy/pkg/commands/artifact.NewRunner
  /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:98
• failed to download vulnerability DB:
  github.com/aquasecurity/trivy/pkg/commands/operation.DownloadDB
  /home/runner/work/trivy/trivy/pkg/commands/operation/operation.go:114
• OCI artifact error:
  github.com/aquasecurity/trivy/pkg/db.(*Client).Download
  /home/runner/work/trivy/trivy/pkg/db/db.go:151
• OCI artifact error:
  github.com/aquasecurity/trivy/pkg/db.(*Client).populateOCIArtifact
  /home/runner/work/trivy/trivy/pkg/db/db.go:188
• OCI repository error:
  github.com/aquasecurity/trivy/pkg/oci.NewArtifact
  /home/runner/work/trivy/trivy/pkg/oci/artifact.go:55
• Get "https://ghcr.io/v2/": dial tcp: lookup ghcr.io: i/o timeout

[github-actions]

This issue is stale because it has been labeled with inactivity.