devtron icon indicating copy to clipboard operation
devtron copied to clipboard
verified publisher icon devtron-labs

Bug: Medium Severity GuardDuty finding for each image vulnerability scan task

Open tanmaymohan opened this issue 10 months ago • 1 comments

📜 Description

While using the trivy image scanner for devtron , on each run , AWS GuardDuty flags it as a medium severity bug as it is accessing a host docker socket. Don't know if it's a false positive being raised multiple times or something is occurring in wrong.

👟 Reproduction steps

  1. EKS cluster 1.29 on AWS
  2. Region : ap-south-1
  3. Addon : Amazon GuardDuty EKS Runtime Monitoring Enabled
  4. GuardDuty service enabled at the account level
  5. Run an image scan in a CI step

👍 Expected behavior

Shouldn't trigger a medium vulnerability.

👎 Actual Behavior

Triggers the following:

Image Image Image

☸ Kubernetes version

EKS 1.29

Cloud provider

AWS ap-south-1

🌍 Browser

Chrome

🧱 Your Environment

Chrome browser

✅ Proposed Solution

No response

👀 Have you spent some time to check if this issue has been raised before?

  • [x] I checked and didn't find any similar issue

🏢 Have you read the Code of Conduct?

tanmaymohan avatar Mar 17 '25 06:03 tanmaymohan

The container image executes the Trivy container using the command docker run trivy. To avoid this issue, you can adjust your Trivy configuration settings to ignore this specific alert.

satyampsoni avatar Mar 18 '25 05:03 satyampsoni