Amazon Linux 2 Container Scan with Trivy [2022-12-12]
Contents
Amazon Linux 2 Container Security Scan with Trivy [ December 12 2022]
Step 1/2 : FROM public.ecr.aws/amazonlinux/amazonlinux:latest
latest: Pulling from amazonlinux/amazonlinux
68028ec3b506: Pulling fs layer
68028ec3b506: Verifying Checksum
68028ec3b506: Download complete
68028ec3b506: Pull complete
Digest: sha256:f4b5d60ba75876e8a8b02618fd0de3ab796eb210ab37075adf56eab38ec8c3bf
Status: Downloaded newer image for public.ecr.aws/amazonlinux/amazonlinux:latest
---> 612cb4399951
Step 2/2 : RUN yum -y update
---> Running in 79701f0b9b9c
Loaded plugins: ovl, priorities
Resolving Dependencies
--> Running transaction check
---> Package curl.x86_64 0:7.79.1-6.amzn2.0.1 will be updated
---> Package curl.x86_64 0:7.79.1-7.amzn2.0.1 will be an update
---> Package expat.x86_64 0:2.1.0-15.amzn2.0.1 will be updated
---> Package expat.x86_64 0:2.1.0-15.amzn2.0.2 will be an update
---> Package libblkid.x86_64 0:2.30.2-2.amzn2.0.9 will be updated
---> Package libblkid.x86_64 0:2.30.2-2.amzn2.0.10 will be an update
---> Package libcom_err.x86_64 0:1.42.9-19.amzn2 will be updated
---> Package libcom_err.x86_64 0:1.42.9-19.amzn2.0.1 will be an update
---> Package libcurl.x86_64 0:7.79.1-6.amzn2.0.1 will be updated
---> Package libcurl.x86_64 0:7.79.1-7.amzn2.0.1 will be an update
---> Package libmount.x86_64 0:2.30.2-2.amzn2.0.9 will be updated
---> Package libmount.x86_64 0:2.30.2-2.amzn2.0.10 will be an update
---> Package libuuid.x86_64 0:2.30.2-2.amzn2.0.9 will be updated
---> Package libuuid.x86_64 0:2.30.2-2.amzn2.0.10 will be an update
---> Package ncurses.x86_64 0:6.0-8.20170212.amzn2.1.3 will be updated
---> Package ncurses.x86_64 0:6.0-8.20170212.amzn2.1.4 will be an update
---> Package ncurses-base.noarch 0:6.0-8.20170212.amzn2.1.3 will be updated
---> Package ncurses-base.noarch 0:6.0-8.20170212.amzn2.1.4 will be an update
---> Package ncurses-libs.x86_64 0:6.0-8.20170212.amzn2.1.3 will be updated
---> Package ncurses-libs.x86_64 0:6.0-8.20170212.amzn2.1.4 will be an update
---> Package nspr.x86_64 0:4.32.0-1.amzn2.0.1 will be updated
---> Package nspr.x86_64 0:4.34.0-3.1.amzn2 will be an update
---> Package nss.x86_64 0:3.67.0-4.amzn2.0.2 will be updated
---> Package nss.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-softokn.x86_64 0:3.67.0-3.amzn2.0.1 will be updated
---> Package nss-softokn.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-softokn-freebl.x86_64 0:3.67.0-3.amzn2.0.1 will be updated
---> Package nss-softokn-freebl.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-sysinit.x86_64 0:3.67.0-4.amzn2.0.2 will be updated
---> Package nss-sysinit.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-tools.x86_64 0:3.67.0-4.amzn2.0.2 will be updated
---> Package nss-tools.x86_64 0:3.79.0-4.amzn2 will be an update
---> Package nss-util.x86_64 0:3.67.0-1.amzn2.0.1 will be updated
---> Package nss-util.x86_64 0:3.79.0-1.amzn2 will be an update
---> Package tzdata.noarch 0:2022e-1.amzn2.0.1 will be updated
---> Package tzdata.noarch 0:2022f-1.amzn2.0.1 will be an update
---> Package vim-data.noarch 2:9.0.475-1.amzn2.0.1 will be updated
---> Package vim-data.noarch 2:9.0.828-1.amzn2.0.1 will be an update
---> Package vim-minimal.x86_64 2:9.0.475-1.amzn2.0.1 will be updated
---> Package vim-minimal.x86_64 2:9.0.828-1.amzn2.0.1 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
curl x86_64 7.79.1-7.amzn2.0.1 amzn2-core 360 k
expat x86_64 2.1.0-15.amzn2.0.2 amzn2-core 89 k
libblkid x86_64 2.30.2-2.amzn2.0.10 amzn2-core 191 k
libcom_err x86_64 1.42.9-19.amzn2.0.1 amzn2-core 42 k
libcurl x86_64 7.79.1-7.amzn2.0.1 amzn2-core 322 k
libmount x86_64 2.30.2-2.amzn2.0.10 amzn2-core 213 k
libuuid x86_64 2.30.2-2.amzn2.0.10 amzn2-core 79 k
ncurses x86_64 6.0-8.20170212.amzn2.1.4 amzn2-core 351 k
ncurses-base noarch 6.0-8.20170212.amzn2.1.4 amzn2-core 75 k
ncurses-libs x86_64 6.0-8.20170212.amzn2.1.4 amzn2-core 306 k
nspr x86_64 4.34.0-3.1.amzn2 amzn2-core 126 k
nss x86_64 3.79.0-4.amzn2 amzn2-core 887 k
nss-softokn x86_64 3.79.0-4.amzn2 amzn2-core 376 k
nss-softokn-freebl x86_64 3.79.0-4.amzn2 amzn2-core 347 k
nss-sysinit x86_64 3.79.0-4.amzn2 amzn2-core 66 k
nss-tools x86_64 3.79.0-4.amzn2 amzn2-core 549 k
nss-util x86_64 3.79.0-1.amzn2 amzn2-core 79 k
tzdata noarch 2022f-1.amzn2.0.1 amzn2-core 480 k
vim-data noarch 2:9.0.828-1.amzn2.0.1 amzn2-core 77 k
vim-minimal x86_64 2:9.0.828-1.amzn2.0.1 amzn2-core 732 k
Transaction Summary
================================================================================
Upgrade 20 Packages
Total download size: 5.6 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
--------------------------------------------------------------------------------
Total 8.2 MB/s | 5.6 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : nspr-4.34.0-3.1.amzn2.x86_64 1/40
Updating : nss-util-3.79.0-1.amzn2.x86_64 2/40
Updating : libcom_err-1.42.9-19.amzn2.0.1.x86_64 3/40
Updating : libuuid-2.30.2-2.amzn2.0.10.x86_64 4/40
Updating : libblkid-2.30.2-2.amzn2.0.10.x86_64 5/40
Updating : libcurl-7.79.1-7.amzn2.0.1.x86_64 6/40
Updating : nss-softokn-freebl-3.79.0-4.amzn2.x86_64 7/40
Updating : nss-softokn-3.79.0-4.amzn2.x86_64 8/40
Updating : nss-sysinit-3.79.0-4.amzn2.x86_64 9/40
Updating : nss-3.79.0-4.amzn2.x86_64 10/40
Updating : ncurses-base-6.0-8.20170212.amzn2.1.4.noarch 11/40
Updating : ncurses-libs-6.0-8.20170212.amzn2.1.4.x86_64 12/40
Updating : 2:vim-data-9.0.828-1.amzn2.0.1.noarch 13/40
Updating : 2:vim-minimal-9.0.828-1.amzn2.0.1.x86_64 14/40
Updating : ncurses-6.0-8.20170212.amzn2.1.4.x86_64 15/40
Updating : nss-tools-3.79.0-4.amzn2.x86_64 16/40
Updating : curl-7.79.1-7.amzn2.0.1.x86_64 17/40
Updating : libmount-2.30.2-2.amzn2.0.10.x86_64 18/40
Updating : tzdata-2022f-1.amzn2.0.1.noarch 19/40
Updating : expat-2.1.0-15.amzn2.0.2.x86_64 20/40
Cleanup : nss-tools-3.67.0-4.amzn2.0.2.x86_64 21/40
Cleanup : nss-sysinit-3.67.0-4.amzn2.0.2.x86_64 22/40
Cleanup : nss-3.67.0-4.amzn2.0.2.x86_64 23/40
Cleanup : nss-softokn-3.67.0-3.amzn2.0.1.x86_64 24/40
Cleanup : nss-softokn-freebl-3.67.0-3.amzn2.0.1.x86_64 25/40
Cleanup : 2:vim-minimal-9.0.475-1.amzn2.0.1.x86_64 26/40
Cleanup : libmount-2.30.2-2.amzn2.0.9.x86_64 27/40
Cleanup : curl-7.79.1-6.amzn2.0.1.x86_64 28/40
Cleanup : libcurl-7.79.1-6.amzn2.0.1.x86_64 29/40
Cleanup : libblkid-2.30.2-2.amzn2.0.9.x86_64 30/40
Cleanup : nss-util-3.67.0-1.amzn2.0.1.x86_64 31/40
Cleanup : ncurses-6.0-8.20170212.amzn2.1.3.x86_64 32/40
Cleanup : 2:vim-data-9.0.475-1.amzn2.0.1.noarch 33/40
Cleanup : tzdata-2022e-1.amzn2.0.1.noarch 34/40
Cleanup : ncurses-libs-6.0-8.20170212.amzn2.1.3.x86_64 35/40
Cleanup : ncurses-base-6.0-8.20170212.amzn2.1.3.noarch 36/40
Cleanup : nspr-4.32.0-1.amzn2.0.1.x86_64 37/40
Cleanup : libuuid-2.30.2-2.amzn2.0.9.x86_64 38/40
Cleanup : libcom_err-1.42.9-19.amzn2.x86_64 39/40
Cleanup : expat-2.1.0-15.amzn2.0.1.x86_64 40/40
Verifying : libuuid-2.30.2-2.amzn2.0.10.x86_64 1/40
Verifying : nss-util-3.79.0-1.amzn2.x86_64 2/40
Verifying : nss-tools-3.79.0-4.amzn2.x86_64 3/40
Verifying : nss-softokn-freebl-3.79.0-4.amzn2.x86_64 4/40
Verifying : libcurl-7.79.1-7.amzn2.0.1.x86_64 5/40
Verifying : nss-sysinit-3.79.0-4.amzn2.x86_64 6/40
Verifying : expat-2.1.0-15.amzn2.0.2.x86_64 7/40
Verifying : curl-7.79.1-7.amzn2.0.1.x86_64 8/40
Verifying : libmount-2.30.2-2.amzn2.0.10.x86_64 9/40
Verifying : nss-softokn-3.79.0-4.amzn2.x86_64 10/40
Verifying : libcom_err-1.42.9-19.amzn2.0.1.x86_64 11/40
Verifying : 2:vim-data-9.0.828-1.amzn2.0.1.noarch 12/40
Verifying : ncurses-6.0-8.20170212.amzn2.1.4.x86_64 13/40
Verifying : nspr-4.34.0-3.1.amzn2.x86_64 14/40
Verifying : ncurses-base-6.0-8.20170212.amzn2.1.4.noarch 15/40
Verifying : tzdata-2022f-1.amzn2.0.1.noarch 16/40
Verifying : 2:vim-minimal-9.0.828-1.amzn2.0.1.x86_64 17/40
Verifying : nss-3.79.0-4.amzn2.x86_64 18/40
Verifying : ncurses-libs-6.0-8.20170212.amzn2.1.4.x86_64 19/40
Verifying : libblkid-2.30.2-2.amzn2.0.10.x86_64 20/40
Verifying : nspr-4.32.0-1.amzn2.0.1.x86_64 21/40
Verifying : nss-util-3.67.0-1.amzn2.0.1.x86_64 22/40
Verifying : ncurses-libs-6.0-8.20170212.amzn2.1.3.x86_64 23/40
Verifying : tzdata-2022e-1.amzn2.0.1.noarch 24/40
Verifying : nss-tools-3.67.0-4.amzn2.0.2.x86_64 25/40
Verifying : nss-3.67.0-4.amzn2.0.2.x86_64 26/40
Verifying : ncurses-base-6.0-8.20170212.amzn2.1.3.noarch 27/40
Verifying : nss-sysinit-3.67.0-4.amzn2.0.2.x86_64 28/40
Verifying : libuuid-2.30.2-2.amzn2.0.9.x86_64 29/40
Verifying : 2:vim-data-9.0.475-1.amzn2.0.1.noarch 30/40
Verifying : libcom_err-1.42.9-19.amzn2.x86_64 31/40
Verifying : nss-softokn-freebl-3.67.0-3.amzn2.0.1.x86_64 32/40
Verifying : curl-7.79.1-6.amzn2.0.1.x86_64 33/40
Verifying : libmount-2.30.2-2.amzn2.0.9.x86_64 34/40
Verifying : libcurl-7.79.1-6.amzn2.0.1.x86_64 35/40
Verifying : expat-2.1.0-15.amzn2.0.1.x86_64 36/40
Verifying : ncurses-6.0-8.20170212.amzn2.1.3.x86_64 37/40
Verifying : 2:vim-minimal-9.0.475-1.amzn2.0.1.x86_64 38/40
Verifying : nss-softokn-3.67.0-3.amzn2.0.1.x86_64 39/40
Verifying : libblkid-2.30.2-2.amzn2.0.9.x86_64 40/40
Updated:
curl.x86_64 0:7.79.1-7.amzn2.0.1
expat.x86_64 0:2.1.0-15.amzn2.0.2
libblkid.x86_64 0:2.30.2-2.amzn2.0.10
libcom_err.x86_64 0:1.42.9-19.amzn2.0.1
libcurl.x86_64 0:7.79.1-7.amzn2.0.1
libmount.x86_64 0:2.30.2-2.amzn2.0.10
libuuid.x86_64 0:2.30.2-2.amzn2.0.10
ncurses.x86_64 0:6.0-8.20170212.amzn2.1.4
ncurses-base.noarch 0:6.0-8.20170212.amzn2.1.4
ncurses-libs.x86_64 0:6.0-8.20170212.amzn2.1.4
nspr.x86_64 0:4.34.0-3.1.amzn2
nss.x86_64 0:3.79.0-4.amzn2
nss-softokn.x86_64 0:3.79.0-4.amzn2
nss-softokn-freebl.x86_64 0:3.79.0-4.amzn2
nss-sysinit.x86_64 0:3.79.0-4.amzn2
nss-tools.x86_64 0:3.79.0-4.amzn2
nss-util.x86_64 0:3.79.0-1.amzn2
tzdata.noarch 0:2022f-1.amzn2.0.1
vim-data.noarch 2:9.0.828-1.amzn2.0.1
vim-minimal.x86_64 2:9.0.828-1.amzn2.0.1
Complete!
Info
amazon:scan (amazon 2 (Karoo))
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
[Aquasec Trivy] Searching for all files in '/var/lib/jenkins/workspace/trivy-amazon-linux' that match the pattern 'results.json'
[Aquasec Trivy] Traversing of symbolic links: enabled
[Aquasec Trivy] -> found 1 file
[Aquasec Trivy] Successfully parsed file /var/lib/jenkins/workspace/trivy-amazon-linux/results.json
[Aquasec Trivy] -> found 0 issues (skipped 0 duplicates)
[Aquasec Trivy] Successfully processed file 'results.json'
[Aquasec Trivy] Skipping post processing
[Aquasec Trivy] No filter has been set, publishing all 0 issues
[Aquasec Trivy] Repository miner is not configured, skipping repository mining
[Aquasec Trivy] Reference build recorder is not configured
[Aquasec Trivy] Obtaining reference build from same job (trivy-amazon-linux)
[Aquasec Trivy] Using reference build 'trivy-amazon-linux #2' to compute new, fixed, and outstanding issues
[Aquasec Trivy] Issues delta (vs. reference build): outstanding: 0, new: 0, fixed: 0
[Aquasec Trivy] No quality gates have been set - skipping
[Aquasec Trivy] Health report is disabled - skipping
[Aquasec Trivy] Created analysis result for 0 issues (found 0 new issues, fixed 0 issues)
[Aquasec Trivy] Attaching ResultAction with ID 'trivy' to build 'trivy-amazon-linux #3'.
[Checks API] No suitable checks publisher found.
[Pipeline] sh
+ trivy image amazon:scan
2022-12-13T18:59:06.931-0500 [34mINFO[0m Vulnerability scanning is enabled
2022-12-13T18:59:06.931-0500 [34mINFO[0m Secret scanning is enabled
2022-12-13T18:59:06.931-0500 [34mINFO[0m If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2022-12-13T18:59:06.931-0500 [34mINFO[0m Please see also https://aquasecurity.github.io/trivy/v0.34/docs/secret/scanning/#recommendation for faster secret detection
2022-12-13T18:59:06.974-0500 [34mINFO[0m Detected OS: amazon
2022-12-13T18:59:06.974-0500 [34mINFO[0m Detecting Amazon Linux vulnerabilities...
2022-12-13T18:59:06.979-0500 [34mINFO[0m Number of language-specific files: 0