Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trivy version 0.44 panics with assignment to entry in nil map for npm repository #4923

Closed
DmitriyLewen opened this issue Aug 2, 2023 Discussed in #4907 · 4 comments · Fixed by #4936
Closed

Trivy version 0.44 panics with assignment to entry in nil map for npm repository #4923

DmitriyLewen opened this issue Aug 2, 2023 Discussed in #4907 · 4 comments · Fixed by #4936
Assignees
@DmitriyLewen
Labels
kind/bug Categorizes issue or PR as related to a bug.
Milestone
v0.44.1

Comments

@DmitriyLewen
Copy link
Contributor

Discussed in #4907

Trivy returns error, if package-lock.json file doesn't contains root Dependencies field(packages[""].Dependencies) , but does have links.
@DmitriyLewen DmitriyLewen added the kind/bug Categorizes issue or PR as related to a bug. label Aug 2, 2023
@DmitriyLewen DmitriyLewen self-assigned this Aug 2, 2023
@DmitriyLewen DmitriyLewen mentioned this issue Aug 2, 2023
Merged
@knqyf263 knqyf263 added this to the v0.44.1 milestone Aug 2, 2023
@DmitriyLewen DmitriyLewen mentioned this issue Aug 4, 2023
Merged
7 tasks
@woodsjd-cr
Copy link

woodsjd-cr commented Aug 9, 2023
edited
Loading

Hi, I still have this exact issue. However, when I manually add to the package-lock.json the following - > field(packages[""].dependencies={},
I am able to run 'trivy fs ' without errors and receive the report correctly.
This of course isn't great because we shouldn't manually update the package-lock.json but also because on 'npm install' the change will be undone

@DmitriyLewen
Copy link
Contributor Author

Hello @woodsjd-cr
Thanks for your information!

We know about this problem and fixed it.
v0.44.1 will include this fix.
But your solution will be useful until next release.
Thanks!

@knqyf263
Copy link
Collaborator

v0.44.1 was out.

@woodsjd-cr
Copy link

Boom! great job, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DmitriyLewen DmitriyLewen

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
Trivy Roadmap
Archived in project
Milestone
v0.44.1
3 participants
@knqyf263 @DmitriyLewen @woodsjd-cr