fix(misconf): Trivy helm chart misconfiguration scanning fails after creating helm package

[simar7]

Discussed in #5205

^{Originally posted by tihoslc September 18, 2023}

Description

Helm chart config scanning does not work after helm package has been created.

Desired Behavior

To be able to scan after creating the helm package

Actual Behavior

filesystem scan error

Reproduction Steps

(Used helm version v3.11.2)
$ helm create myapp
$ trivy config --debug --exit-code 1 --severity CRITICAL .
$ helm package myapp
$ trivy config --debug --exit-code 1 --severity CRITICAL .

Target

Filesystem

Scanner

Misconfiguration

Output Format

None

Mode

Standalone

Debug Output

$ trivy config --debug --exit-code 1 --severity CRITICAL .
2023-09-18T11:50:09.043+0300    DEBUG    Severities: ["CRITICAL"]
2023-09-18T11:50:09.057+0300    DEBUG    cache dir:  /Users/user/Library/Caches/trivy
2023-09-18T11:50:09.057+0300    INFO    Misconfiguration scanning is enabled
2023-09-18T11:50:09.057+0300    DEBUG    Policies successfully loaded from disk
2023-09-18T11:50:09.076+0300    DEBUG    Walk the file tree rooted at '.' in parallel
2023-09-18T11:50:09.078+0300    DEBUG    Scanning Helm files for misconfigurations...
2023-09-18T11:50:09.865+0300    FATAL    filesystem scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:428
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:268
  - scan failed:
    github.com/aquasecurity/trivy/pkg/commands/artifact.scan
        github.com/aquasecurity/trivy/pkg/commands/artifact/run.go:685
  - failed analysis:
    github.com/aquasecurity/trivy/pkg/scanner.Scanner.ScanArtifact
        github.com/aquasecurity/trivy/pkg/scanner/scan.go:147
  - post analysis error:
    github.com/aquasecurity/trivy/pkg/fanal/artifact/local.Artifact.Inspect
        github.com/aquasecurity/trivy/pkg/fanal/artifact/local/fs.go:172
  - post analysis error:
    github.com/aquasecurity/trivy/pkg/fanal/analyzer.AnalyzerGroup.PostAnalyze
        github.com/aquasecurity/trivy/pkg/fanal/analyzer/analyzer.go:496
  - helm scan error:
    github.com/aquasecurity/trivy/pkg/fanal/analyzer/config.(*Analyzer).PostAnalyze
        github.com/aquasecurity/trivy/pkg/fanal/analyzer/config/config.go:47
  - scan config error:
    github.com/aquasecurity/trivy/pkg/misconf.(*Scanner).Scan
        github.com/aquasecurity/trivy/pkg/misconf/scanner.go:150
  - write myapp/Chart.yaml: bad file descriptor

Operating System

macOS Ventura 13.4

Version

$ trivy --version
Version: 0.45.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2023-09-14 12:13:48.541444755 +0000 UTC
  NextUpdate: 2023-09-14 18:13:48.541444255 +0000 UTC
  DownloadedAt: 2023-09-14 12:26:08.350871 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2023-09-12 00:59:11.791125684 +0000 UTC
  NextUpdate: 2023-09-15 00:59:11.791125084 +0000 UTC
  DownloadedAt: 2023-09-12 08:15:29.004285 +0000 UTC
Policy Bundle:
  Digest: sha256:fd5f1ce3d8efb1fe158cb41f9adb9d7c7cc5c4c863b261053c962e6d950350b3
  DownloadedAt: 2023-09-18 05:43:48.138868 +0000 UTC

Checklist

• Run trivy image --reset
• Read the troubleshooting