diff --git a/pkg/image/vulnerability_scan.go b/pkg/image/vulnerability_scan.go index 1eaf1beaad..d60d3d0779 100644 --- a/pkg/image/vulnerability_scan.go +++ b/pkg/image/vulnerability_scan.go @@ -11,6 +11,7 @@ import ( "os/exec" "sort" "strings" + "time" "github.com/google/go-containerregistry/pkg/authn" buildapi "github.com/shipwright-io/build/pkg/apis/build/v1beta1" @@ -51,14 +52,33 @@ func RunVulnerabilityScan(ctx context.Context, imagePath string, settings builda } } - cmd := exec.CommandContext(ctx, "trivy", trivyArgs...) - - cmd.Stdin = nil - - result, err := cmd.CombinedOutput() - if err != nil { - log.Printf("failed to run trivy:\n%s", string(result)) - return nil, fmt.Errorf("failed to run trivy: %w", err) + var result []byte + var err error + + for i := 0; i < 10; i++ { + cmd := exec.CommandContext(ctx, "trivy", trivyArgs...) + cmd.Stdin = nil + + if result, err = cmd.CombinedOutput(); err != nil { + sResult := string(result) + log.Printf("failed to run trivy:\n%s", sResult) + + // Retry the following errors + // + // FATAL Fatal error init error: DB error: failed to download vulnerability DB: database download error: OCI repository error: 1 error occurred: + // GET https://ghcr.io/v2/aquasecurity/trivy-db/manifests/2: TOOMANYREQUESTS: retry-after: 508.904┬Ás, allowed: 44000/minute + // + // FATAL Fatal error init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source + + if i < 10 && strings.Contains(sResult, "failed to download vulnerability DB") { + log.Println("Will retry") + time.Sleep(time.Second) + } else { + return nil, fmt.Errorf("failed to run trivy: %w", err) + } + } else { + break + } } var trivyResult TrivyResult