-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
too many requests error again #430
Comments
Thank you for looking into this |
I'd love to see a fix!! |
Received same error, TOOMANYREQUESTS. A fix would be greatly appreciated. Thanks. |
A fix for this would be helpful in our pipeline process - thx |
Have run into this problem also. |
Hi @DChevrier1, as far as I see, you can simply add the following env to your
This should work - at least when using current Oliver Grüneberg <[email protected]>, Mercedes-Benz Tech Innovation GmbH |
Seems related to #107 |
As far as I see, it's a DB download error rather related #389 |
Mind providing a source for that repo? https://pkg.go.dev/github.com/aquasecurity/trivy-db#readme-download-the-vulnerability-database only refers to the github container registry |
So, it seems that 0.26 was supposed to have added caching and the README says specifically: _ The action has a built-in functionality for caching and restoring [the vulnerability DB]_. While I am seeing some caching happening in our runs:
when it comes to getting the vulnerabilities DB, the cache does not seem to be getting used:
So why is caching happening only partially? Is there a bug related to vulnerability DB caching? |
Afaik these containers get released every 6 hours, is it possible that those runs were 6 hours apart? |
I don't think so. It even happens when I "rerun failed jobs" in GitHub Actions repeatedly in quick succession when the jobs fail (i.e. minutes apart). |
Trivy tool has a mechanism to verify that the database is not older than one day. If this is the case Trivy tries to download a new database. This mechanism does not take into consideration if the Trivy database is restored from the GitHub cache or not. |
Clearly that mechanism is not working or at least is not being effective enough as I can have many runs in a day fail and even have two runs fail within minutes of each other. |
IMHO, the database update shall be blocked when the database is restored from the GitHub cache. |
But that makes this action break and therefore is a bug. And frankly makes this action worthless to use if it always breaks due to global download limits. |
It seems that to root cause is inside Trivy tool. It does not support the scenario that the database download fails but scanning could be executed based on cached resources. |
That seems like a reasonable summary. |
We upgraded to 0.28 when it came out and these errors went away, but they have come back again. What can we do to help fix this as it is part of our CI/CD pipeline? Thanks
ERROR [vulndb] Failed to download artifact repo="ghcr.io/aquasecurity/trivy-db:2" err="oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:c3afeb28c808216cc2fa69d1e682164efd3c9967451a061778329ce94ce1a069: TOOMANYREQUESTS: retry-after: 217.944µs, allowed: 44000/minute"
1902024-11-05T13:55:48Z FATAL Fatal error init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source
The text was updated successfully, but these errors were encountered: