Latest Docker release is broken, giving manfiest errors.

[andyr8939]

Description

When doing a docker pull aquasec/trivy be it locally or in the Azure Devops Pipeline Task, this morning it is throwing errors.

If you pin it to the last stable version 0.45.1 it will pull fine.

Unable to find image 'aquasec/trivy:latest' locally docker: Error response from daemon: Head "[https://registry-1.docker.io/v2/aquasec/trivy/manifests/latest"](https://registry-1.docker.io/v2/aquasec/trivy/manifests/latest%22): Get "[https://auth.docker.io/token?account=githubactions&scope=repository%3Aaquasec%2Ftrivy%3Apull&service=registry.docker.io"](https://auth.docker.io/token?account=githubactions&scope=repository%3Aaquasec%2Ftrivy%3Apull&service=registry.docker.io%22): EOF.

Desired Behavior

Pull fine with the docker pull aquasec/trivy to get latest tag.

Actual Behavior

Unable to find image 'aquasec/trivy:latest' locally docker: Error response from daemon: Head "[https://registry-1.docker.io/v2/aquasec/trivy/manifests/latest"](https://registry-1.docker.io/v2/aquasec/trivy/manifests/latest%22): Get "[https://auth.docker.io/token?account=githubactions&scope=repository%3Aaquasec%2Ftrivy%3Apull&service=registry.docker.io"](https://auth.docker.io/token?account=githubactions&scope=repository%3Aaquasec%2Ftrivy%3Apull&service=registry.docker.io%22): EOF.

That is generated today.

Reproduction Steps

1. docker pull aquasec/trivy

Target

Filesystem

Scanner

Vulnerability

Output Format

JSON

Mode

Standalone

Debug Output

Won't run.

Operating System

Linux

Version

Latest

Checklist

• Run trivy image --reset
• Read the troubleshooting

[DmitriyLewen]

Hello @andyr8939
Thanks for your report!

This is weird...
We haven't updated the Trivy docker image lately:

Have you tried downloading previous releases or using ghcr?

The error message also contains authorization information: token?account=githubactions.
You may have problems with your credentials.

Regards, Dmitriy

[andyr8939]

Thanks but we tried it from several places and had multiple teams reporting it.

Even a regular anonymous docker pull for latest gives the error.

If we like to that none tagged latest yes thats 13 days, but there seemed to be a canary tag updated yesterday and ties in from when we saw it, so I wonder if the latest tag is trying to pull that?

[DmitriyLewen]

Thanks but we tried it from several places and had multiple teams reporting it.

This is weird. I deleted Trivy images from my local computer and successfully pulled latest Trivy image.

If we like to that none tagged latest yes thats 13 days, but there seemed to be a canary tag updated yesterday and ties in from when we saw it, so I wonder if the latest tag is trying to pull that?

Canary build uses only canary tag.
But if canary build changed latest tag - docker should update last pushed field.

Can you try to pull Trivy from ghcr? (docker pull ghcr.io/aquasecurity/trivy).
If Canary build broke latest tag - ghcr should also be broken.

[andyr8939]

Ah, its working again now. Tried it again from all the places it was failing and where we had to pin the version to make it work, and it now pulls latest fine.

Also asked another team who were having the same issue (different country as well) and they confirmed they can now pull fine.

Odd it affected multiple people and location, guessing just a transient issue on DockerHub.

[DmitriyLewen]

Fine!
It looks like this was indeed bug in DockerHub.