Intermittent errors - DB error: failed to download vulnerability DB

[jpomfret]

Description

I'm getting intermittent errors at the moment when trying to run trivy scans against images - the error says TOOMANYREQUESTS but this has been working fine until recently (tracking down when this broke at the moment) and I don't have a massive number of scans running at any one time.

init error: DB error: failed to download vulnerability DB: OCI artifact error: OCI artifact error: OCI repository error: GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 547.2µs, allowed: 44000/minute

My pipelines are having this issue and are using 0.37.3

But also seeing the same error with the latest version

Desired Behavior

Vulnerability database is successfully downloaded

Actual Behavior

Database is not downloaded and then can't scan images for vulnerabilities

Reproduction Steps

Either of these commands to use the docker image

- `docker run aquasec/trivy:0.37.3 image dbatools/sqlinstance`
- `docker run aquasec/trivy image dbatools/sqlinstance1`

Target

Container Image

Scanner

Vulnerability

Output Format

Table

Mode

Standalone

Debug Output

➜  docker run aquasec/trivy image dbatools/sqlinstance1 --debug
2024-11-13T13:05:46Z    DEBUG   No plugins loaded
2024-11-13T13:05:46Z    DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2024-11-13T13:05:46Z    DEBUG   Cache dir       dir="/root/.cache/trivy"
2024-11-13T13:05:46Z    DEBUG   Cache dir       dir="/root/.cache/trivy"
2024-11-13T13:05:46Z    DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-11-13T13:05:46Z    DEBUG   Ignore statuses statuses=[]
2024-11-13T13:05:46Z    DEBUG   [vulndb] There is no valid metadata file        err="unable to open a file: open /root/.cache/trivy/db/metadata.json: no such file or directory"
2024-11-13T13:05:46Z    INFO    [vulndb] Need to update DB
2024-11-13T13:05:46Z    DEBUG   [vulndb] No metadata file
2024-11-13T13:05:46Z    INFO    [vulndb] Downloading vulnerability DB...
2024-11-13T13:05:46Z    INFO    [vulndb] Downloading artifact...        repo="ghcr.io/aquasecurity/trivy-db:2"
2024-11-13T13:05:46Z    ERROR   [vulndb] Failed to download artifact    repo="ghcr.io/aquasecurity/trivy-db:2" err="oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:751b837a7140b557dc44e9483f74ec11449e558ba4f60d63f1fbb70222551fe1: TOOMANYREQUESTS: retry-after: 872.105µs, allowed: 44000/minute"
2024-11-13T13:05:46Z    FATAL   Fatal error
  - init error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:367
  - DB error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.NewRunner
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:119
  - failed to download vulnerability DB:
    github.com/aquasecurity/trivy/pkg/commands/operation.DownloadDB
        /home/runner/work/trivy/trivy/pkg/commands/operation/operation.go:40
  - OCI artifact error:
    github.com/aquasecurity/trivy/pkg/db.(*Client).Download
        /home/runner/work/trivy/trivy/pkg/db/db.go:158
  - failed to download vulnerability DB:
    github.com/aquasecurity/trivy/pkg/db.(*Client).downloadDB
        /home/runner/work/trivy/trivy/pkg/db/db.go:207
  - failed to download artifact from any source:
    github.com/aquasecurity/trivy/pkg/oci.Artifacts.Download
        /home/runner/work/trivy/trivy/pkg/oci/artifact.go:247
  - 1 error occurred:
        * oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:751b837a7140b557dc44e9483f74ec11449e558ba4f60d63f1fbb70222551fe1: TOOMANYREQUESTS: retry-after: 872.105µs, allowed: 44000/minute

Operating System

Windows 11

Version

0.37.3 or 0.57.0

Checklist

• Run trivy clean --all
• Read the troubleshooting