Replies: 2 comments
-
|
I have created draft pull request for fixing this issue. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Track #9323 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Description
When scanning an image hosted in AWS ECR using a proxy, I pass the
--insecureflag to ignore certificate verification. However, the flag has no effect in this case, and the scan fails during the credentials retrieval step.The failure occurs here:
ecr.go#L81
Looking at the code, it appears that the default HTTP client is being used, regardless of the
--insecureflag. But when--insecureis set (registryOptions.Insecure == true), the HTTP client should be configured withInsecureSkipVerify: truein the TLS config to skip certificate verification.Desired Behavior
When
--insecureis set, the HTTP client used in ECR interactions should honor it by settingInsecureSkipVerify: truein the TLS config.Actual Behavior
Failing with error
unexpected status code 401 Unauthorized: Not AuthorizedReproduction Steps
Target
Container Image
Scanner
Vulnerability
Output Format
None
Mode
Standalone
Debug Output
Operating System
macOS Sequoia 15.5
Version
Checklist
trivy clean --allBeta Was this translation helpful? Give feedback.
All reactions