Contents

Amazon Linux 2 Container Scan with Trivy [2022-12-12]

Contents

Amazon Linux 2 Container Security Scan with Trivy [ December 12 2022]

Step 1/2 : FROM public.ecr.aws/amazonlinux/amazonlinux:latest
latest: Pulling from amazonlinux/amazonlinux
68028ec3b506: Pulling fs layer
68028ec3b506: Verifying Checksum
68028ec3b506: Download complete
68028ec3b506: Pull complete
Digest: sha256:f4b5d60ba75876e8a8b02618fd0de3ab796eb210ab37075adf56eab38ec8c3bf
Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:latest
 ---> 612cb4399951
Step 2/2 : RUN yum -y update
 ---> Running in 79701f0b9b9c
Loaded plugins: ovl, priorities
Resolving Dependencies
--> Running transaction check
---> Package curl.x86_64 0:7.79.1-6.amzn2.0.1 will be updated
---> Package curl.x86_64 0:7.79.1-7.amzn2.0.1 will be an update
---> Package expat.x86_64 0:2.1.0-15.amzn2.0.1 will be updated
---> Package expat.x86_64 0:2.1.0-15.amzn2.0.2 will be an update
---> Package libblkid.x86_64 0:2.30.2-2.amzn2.0.9 will be updated
---> Package libblkid.x86_64 0:2.30.2-2.amzn2.0.10 will be an update
---> Package libcom_err.x86_64 0:1.42.9-19.amzn2 will be updated
---> Package libcom_err.x86_64 0:1.42.9-19.amzn2.0.1 will be an update
---> Package libcurl.x86_64 0:7.79.1-6.amzn2.0.1 will be updated
---> Package libcurl.x86_64 0:7.79.1-7.amzn2.0.1 will be an update
---> Package libmount.x86_64 0:2.30.2-2.amzn2.0.9 will be updated
---> Package libmount.x86_64 0:2.30.2-2.amzn2.0.10 will be an update
---> Package libuuid.x86_64 0:2.30.2-2.amzn2.0.9 will be updated
---> Package libuuid.x86_64 0:2.30.2-2.amzn2.0.10 will be an update
---> Package ncurses.x86_64 0:6.0-8.20170212.amzn2.1.3 will be updated
---> Package ncurses.x86_64 0:6.0-8.20170212.amzn2.1.4 will be an update
---> Package ncurses-base.noarch 0:6.0-8.20170212.amzn2.1.3 will be updated
---> Package ncurses-base.noarch 0:6.0-8.20170212.amzn2.1.4 will be an update
---> Package ncurses-libs.x86_64 0:6.0-8.20170212.amzn2.1.3 will be updated
---> Package ncurses-libs.x86_64 0:6.0-8.20170212.amzn2.1.4 will be an update
---> Package nspr.x86_64 0:4.32.0-1.amzn2.0.1 will be updated
---> Package nspr.x86_64 0:4.34.0-3.1.amzn2 will be an update
---> Package nss.x86_64 0:3.67.0-4.amzn2.0.2 will be updated
---> Package nss.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-softokn.x86_64 0:3.67.0-3.amzn2.0.1 will be updated
---> Package nss-softokn.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-softokn-freebl.x86_64 0:3.67.0-3.amzn2.0.1 will be updated
---> Package nss-softokn-freebl.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-sysinit.x86_64 0:3.67.0-4.amzn2.0.2 will be updated
---> Package nss-sysinit.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-tools.x86_64 0:3.67.0-4.amzn2.0.2 will be updated
---> Package nss-tools.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-util.x86_64 0:3.67.0-1.amzn2.0.1 will be updated
---> Package nss-util.x86_64 0:3.79.0-1.amzn2 will be an update
---> Package tzdata.noarch 0:2022e-1.amzn2.0.1 will be updated
---> Package tzdata.noarch 0:2022f-1.amzn2.0.1 will be an update
---> Package vim-data.noarch 2:9.0.475-1.amzn2.0.1 will be updated
---> Package vim-data.noarch 2:9.0.828-1.amzn2.0.1 will be an update
---> Package vim-minimal.x86_64 2:9.0.475-1.amzn2.0.1 will be updated
---> Package vim-minimal.x86_64 2:9.0.828-1.amzn2.0.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package              Arch     Version                       Repository    Size
================================================================================
Updating:
 curl                 x86_64   7.79.1-7.amzn2.0.1            amzn2-core   360 k
 expat                x86_64   2.1.0-15.amzn2.0.2            amzn2-core    89 k
 libblkid             x86_64   2.30.2-2.amzn2.0.10           amzn2-core   191 k
 libcom_err           x86_64   1.42.9-19.amzn2.0.1           amzn2-core    42 k
 libcurl              x86_64   7.79.1-7.amzn2.0.1            amzn2-core   322 k
 libmount             x86_64   2.30.2-2.amzn2.0.10           amzn2-core   213 k
 libuuid              x86_64   2.30.2-2.amzn2.0.10           amzn2-core    79 k
 ncurses              x86_64   6.0-8.20170212.amzn2.1.4      amzn2-core   351 k
 ncurses-base         noarch   6.0-8.20170212.amzn2.1.4      amzn2-core    75 k
 ncurses-libs         x86_64   6.0-8.20170212.amzn2.1.4      amzn2-core   306 k
 nspr                 x86_64   4.34.0-3.1.amzn2              amzn2-core   126 k
 nss                  x86_64   3.79.0-4.amzn2                amzn2-core   887 k
 nss-softokn          x86_64   3.79.0-4.amzn2                amzn2-core   376 k
 nss-softokn-freebl   x86_64   3.79.0-4.amzn2                amzn2-core   347 k
 nss-sysinit          x86_64   3.79.0-4.amzn2                amzn2-core    66 k
 nss-tools            x86_64   3.79.0-4.amzn2                amzn2-core   549 k
 nss-util             x86_64   3.79.0-1.amzn2                amzn2-core    79 k
 tzdata               noarch   2022f-1.amzn2.0.1             amzn2-core   480 k
 vim-data             noarch   2:9.0.828-1.amzn2.0.1         amzn2-core    77 k
 vim-minimal          x86_64   2:9.0.828-1.amzn2.0.1         amzn2-core   732 k

Transaction Summary
================================================================================
Upgrade  20 Packages

Total download size: 5.6 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total                                              8.2 MB/s | 5.6 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : nspr-4.34.0-3.1.amzn2.x86_64                                1/40 
  Updating   : nss-util-3.79.0-1.amzn2.x86_64                              2/40 
  Updating   : libcom_err-1.42.9-19.amzn2.0.1.x86_64                       3/40 
  Updating   : libuuid-2.30.2-2.amzn2.0.10.x86_64                          4/40 
  Updating   : libblkid-2.30.2-2.amzn2.0.10.x86_64                         5/40 
  Updating   : libcurl-7.79.1-7.amzn2.0.1.x86_64                           6/40 
  Updating   : nss-softokn-freebl-3.79.0-4.amzn2.x86_64                    7/40 
  Updating   : nss-softokn-3.79.0-4.amzn2.x86_64                           8/40 
  Updating   : nss-sysinit-3.79.0-4.amzn2.x86_64                           9/40 
  Updating   : nss-3.79.0-4.amzn2.x86_64                                  10/40 
  Updating   : ncurses-base-6.0-8.20170212.amzn2.1.4.noarch               11/40 
  Updating   : ncurses-libs-6.0-8.20170212.amzn2.1.4.x86_64               12/40 
  Updating   : 2:vim-data-9.0.828-1.amzn2.0.1.noarch                      13/40 
  Updating   : 2:vim-minimal-9.0.828-1.amzn2.0.1.x86_64                   14/40 
  Updating   : ncurses-6.0-8.20170212.amzn2.1.4.x86_64                    15/40 
  Updating   : nss-tools-3.79.0-4.amzn2.x86_64                            16/40 
  Updating   : curl-7.79.1-7.amzn2.0.1.x86_64                             17/40 
  Updating   : libmount-2.30.2-2.amzn2.0.10.x86_64                        18/40 
  Updating   : tzdata-2022f-1.amzn2.0.1.noarch                            19/40 
  Updating   : expat-2.1.0-15.amzn2.0.2.x86_64                            20/40 
  Cleanup    : nss-tools-3.67.0-4.amzn2.0.2.x86_64                        21/40 
  Cleanup    : nss-sysinit-3.67.0-4.amzn2.0.2.x86_64                      22/40 
  Cleanup    : nss-3.67.0-4.amzn2.0.2.x86_64                              23/40 
  Cleanup    : nss-softokn-3.67.0-3.amzn2.0.1.x86_64                      24/40 
  Cleanup    : nss-softokn-freebl-3.67.0-3.amzn2.0.1.x86_64               25/40 
  Cleanup    : 2:vim-minimal-9.0.475-1.amzn2.0.1.x86_64                   26/40 
  Cleanup    : libmount-2.30.2-2.amzn2.0.9.x86_64                         27/40 
  Cleanup    : curl-7.79.1-6.amzn2.0.1.x86_64                             28/40 
  Cleanup    : libcurl-7.79.1-6.amzn2.0.1.x86_64                          29/40 
  Cleanup    : libblkid-2.30.2-2.amzn2.0.9.x86_64                         30/40 
  Cleanup    : nss-util-3.67.0-1.amzn2.0.1.x86_64                         31/40 
  Cleanup    : ncurses-6.0-8.20170212.amzn2.1.3.x86_64                    32/40 
  Cleanup    : 2:vim-data-9.0.475-1.amzn2.0.1.noarch                      33/40 
  Cleanup    : tzdata-2022e-1.amzn2.0.1.noarch                            34/40 
  Cleanup    : ncurses-libs-6.0-8.20170212.amzn2.1.3.x86_64               35/40 
  Cleanup    : ncurses-base-6.0-8.20170212.amzn2.1.3.noarch               36/40 
  Cleanup    : nspr-4.32.0-1.amzn2.0.1.x86_64                             37/40 
  Cleanup    : libuuid-2.30.2-2.amzn2.0.9.x86_64                          38/40 
  Cleanup    : libcom_err-1.42.9-19.amzn2.x86_64                          39/40 
  Cleanup    : expat-2.1.0-15.amzn2.0.1.x86_64                            40/40 
  Verifying  : libuuid-2.30.2-2.amzn2.0.10.x86_64                          1/40 
  Verifying  : nss-util-3.79.0-1.amzn2.x86_64                              2/40 
  Verifying  : nss-tools-3.79.0-4.amzn2.x86_64                             3/40 
  Verifying  : nss-softokn-freebl-3.79.0-4.amzn2.x86_64                    4/40 
  Verifying  : libcurl-7.79.1-7.amzn2.0.1.x86_64                           5/40 
  Verifying  : nss-sysinit-3.79.0-4.amzn2.x86_64                           6/40 
  Verifying  : expat-2.1.0-15.amzn2.0.2.x86_64                             7/40 
  Verifying  : curl-7.79.1-7.amzn2.0.1.x86_64                              8/40 
  Verifying  : libmount-2.30.2-2.amzn2.0.10.x86_64                         9/40 
  Verifying  : nss-softokn-3.79.0-4.amzn2.x86_64                          10/40 
  Verifying  : libcom_err-1.42.9-19.amzn2.0.1.x86_64                      11/40 
  Verifying  : 2:vim-data-9.0.828-1.amzn2.0.1.noarch                      12/40 
  Verifying  : ncurses-6.0-8.20170212.amzn2.1.4.x86_64                    13/40 
  Verifying  : nspr-4.34.0-3.1.amzn2.x86_64                               14/40 
  Verifying  : ncurses-base-6.0-8.20170212.amzn2.1.4.noarch               15/40 
  Verifying  : tzdata-2022f-1.amzn2.0.1.noarch                            16/40 
  Verifying  : 2:vim-minimal-9.0.828-1.amzn2.0.1.x86_64                   17/40 
  Verifying  : nss-3.79.0-4.amzn2.x86_64                                  18/40 
  Verifying  : ncurses-libs-6.0-8.20170212.amzn2.1.4.x86_64               19/40 
  Verifying  : libblkid-2.30.2-2.amzn2.0.10.x86_64                        20/40 
  Verifying  : nspr-4.32.0-1.amzn2.0.1.x86_64                             21/40 
  Verifying  : nss-util-3.67.0-1.amzn2.0.1.x86_64                         22/40 
  Verifying  : ncurses-libs-6.0-8.20170212.amzn2.1.3.x86_64               23/40 
  Verifying  : tzdata-2022e-1.amzn2.0.1.noarch                            24/40 
  Verifying  : nss-tools-3.67.0-4.amzn2.0.2.x86_64                        25/40 
  Verifying  : nss-3.67.0-4.amzn2.0.2.x86_64                              26/40 
  Verifying  : ncurses-base-6.0-8.20170212.amzn2.1.3.noarch               27/40 
  Verifying  : nss-sysinit-3.67.0-4.amzn2.0.2.x86_64                      28/40 
  Verifying  : libuuid-2.30.2-2.amzn2.0.9.x86_64                          29/40 
  Verifying  : 2:vim-data-9.0.475-1.amzn2.0.1.noarch                      30/40 
  Verifying  : libcom_err-1.42.9-19.amzn2.x86_64                          31/40 
  Verifying  : nss-softokn-freebl-3.67.0-3.amzn2.0.1.x86_64               32/40 
  Verifying  : curl-7.79.1-6.amzn2.0.1.x86_64                             33/40 
  Verifying  : libmount-2.30.2-2.amzn2.0.9.x86_64                         34/40 
  Verifying  : libcurl-7.79.1-6.amzn2.0.1.x86_64                          35/40 
  Verifying  : expat-2.1.0-15.amzn2.0.1.x86_64                            36/40 
  Verifying  : ncurses-6.0-8.20170212.amzn2.1.3.x86_64                    37/40 
  Verifying  : 2:vim-minimal-9.0.475-1.amzn2.0.1.x86_64                   38/40 
  Verifying  : nss-softokn-3.67.0-3.amzn2.0.1.x86_64                      39/40 
  Verifying  : libblkid-2.30.2-2.amzn2.0.9.x86_64                         40/40 

Updated:
  curl.x86_64 0:7.79.1-7.amzn2.0.1                                              
  expat.x86_64 0:2.1.0-15.amzn2.0.2                                             
  libblkid.x86_64 0:2.30.2-2.amzn2.0.10                                         
  libcom_err.x86_64 0:1.42.9-19.amzn2.0.1                                       
  libcurl.x86_64 0:7.79.1-7.amzn2.0.1                                           
  libmount.x86_64 0:2.30.2-2.amzn2.0.10                                         
  libuuid.x86_64 0:2.30.2-2.amzn2.0.10                                          
  ncurses.x86_64 0:6.0-8.20170212.amzn2.1.4                                     
  ncurses-base.noarch 0:6.0-8.20170212.amzn2.1.4                                
  ncurses-libs.x86_64 0:6.0-8.20170212.amzn2.1.4                                
  nspr.x86_64 0:4.34.0-3.1.amzn2                                                
  nss.x86_64 0:3.79.0-4.amzn2                                                   
  nss-softokn.x86_64 0:3.79.0-4.amzn2                                           
  nss-softokn-freebl.x86_64 0:3.79.0-4.amzn2                                    
  nss-sysinit.x86_64 0:3.79.0-4.amzn2                                           
  nss-tools.x86_64 0:3.79.0-4.amzn2                                             
  nss-util.x86_64 0:3.79.0-1.amzn2                                              
  tzdata.noarch 0:2022f-1.amzn2.0.1                                             
  vim-data.noarch 2:9.0.828-1.amzn2.0.1                                         
  vim-minimal.x86_64 2:9.0.828-1.amzn2.0.1                                      

Complete!
Info

amazon:scan (amazon 2 (Karoo))

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

[Aquasec Trivy] Searching for all files in '/var/lib/jenkins/workspace/trivy-amazon-linux' that match the pattern 'results.json'
[Aquasec Trivy] Traversing of symbolic links: enabled
[Aquasec Trivy] -> found 1 file
[Aquasec Trivy] Successfully parsed file /var/lib/jenkins/workspace/trivy-amazon-linux/results.json
[Aquasec Trivy] -> found 0 issues (skipped 0 duplicates)
[Aquasec Trivy] Successfully processed file 'results.json'
[Aquasec Trivy] Skipping post processing
[Aquasec Trivy] No filter has been set, publishing all 0 issues
[Aquasec Trivy] Repository miner is not configured, skipping repository mining
[Aquasec Trivy] Reference build recorder is not configured
[Aquasec Trivy] Obtaining reference build from same job (trivy-amazon-linux)
[Aquasec Trivy] Using reference build 'trivy-amazon-linux #2' to compute new, fixed, and outstanding issues
[Aquasec Trivy] Issues delta (vs. reference build): outstanding: 0, new: 0, fixed: 0
[Aquasec Trivy] No quality gates have been set - skipping
[Aquasec Trivy] Health report is disabled - skipping
[Aquasec Trivy] Created analysis result for 0 issues (found 0 new issues, fixed 0 issues)
[Aquasec Trivy] Attaching ResultAction with ID 'trivy' to build 'trivy-amazon-linux #3'.
[Checks API] No suitable checks publisher found.
[Pipeline] sh
+ trivy image amazon:scan
2022-12-13T18:59:06.931-0500	INFO	Vulnerability scanning is enabled
2022-12-13T18:59:06.931-0500	INFO	Secret scanning is enabled
2022-12-13T18:59:06.931-0500	INFO	If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-12-13T18:59:06.931-0500	INFO	Please see also https://aquasecurity.github.io/trivy/v0.34/docs/secret/scanning/#recommendation for faster secret detection
2022-12-13T18:59:06.974-0500	INFO	Detected OS: amazon
2022-12-13T18:59:06.974-0500	INFO	Detecting Amazon Linux vulnerabilities...
2022-12-13T18:59:06.979-0500	INFO	Number of language-specific files: 0