error getting credentials - err: exec: "docker-credential-desktop": executable file not found in $PATH, out: ``

[soft4rchitecture]

Description

context

• I use Azure DevOps pipelines to run trivy task.
• The agent running the pipeline is installed as a service on my computer.
• I use a macbook pro m1, with mac OS 13.6 (22G120)
• running which docker-credential-desktop returns /usr/local/bin/docker-credential-desktop
• I ran a script task in the same pipeline, and it yielded the following:
  PATH=/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMwareFusion.app etc...

Desired Behavior

it works

Actual Behavior

2023-10-22T17:12:04.3203300Z ##[section]Starting: Security Scan of OCI image
2023-10-22T17:12:04.3214280Z ==============================================================================
2023-10-22T17:12:04.3214530Z Task : Trivy: Take control of your application security
2023-10-22T17:12:04.3214790Z Description : Trivy is the world’s most popular open source vulnerability and misconfiguration scanner. It is reliable, fast, extremely easy to use, and it works wherever you need it.
2023-10-22T17:12:04.3220840Z Version : 1.4.1
2023-10-22T17:12:04.3222690Z Author : Aqua Security
2023-10-22T17:12:04.3223320Z Help : Learn more about this task
2023-10-22T17:12:04.3223720Z ==============================================================================
2023-10-22T17:12:05.3499900Z Preparing output location...
2023-10-22T17:12:05.3781410Z Run requested using docker...
2023-10-22T17:12:05.4058740Z Configuring options for image scan...
2023-10-22T17:12:05.4151420Z Running Trivy...
2023-10-22T17:12:05.4171540Z [command]/usr/local/bin/docker run --rm -v /Users/a078138/.docker:/root/.docker -v /tmp:/tmp -v .../myagent/_work/3/s:/src --workdir /src aquasec/trivy:latest --debug image --exit-code 1 --format json --output /tmp/trivy-results-0.8834748365812568.json --security-checks vuln,config,secret --severity CRITICAL,HIGH,MEDIUM --ignore-unfixed chatapp-frontend:30
2023-10-22T17:12:06.8534850Z 2023-10-22T17:12:06.626Z �[33mWARN�[0m '--security-checks' is deprecated. Use '--scanners' instead.
2023-10-22T17:12:06.8539520Z 2023-10-22T17:12:06.630Z �[35mDEBUG�[0m Severities: ["CRITICAL" "HIGH" "MEDIUM"]
2023-10-22T17:12:06.8543150Z 2023-10-22T17:12:06.631Z �[35mDEBUG�[0m Ignore statuses {"statuses": ["unknown","not_affected","affected","under_investigation","will_not_fix","fix_deferred","end_of_life"]}
2023-10-22T17:12:06.8548780Z 2023-10-22T17:12:06.634Z �[35mDEBUG�[0m cache dir: /root/.cache/trivy
2023-10-22T17:12:06.8556050Z 2023-10-22T17:12:06.634Z �[35mDEBUG�[0m There is no valid metadata file: unable to open a file: open /root/.cache/trivy/db/metadata.json: no such file or directory
2023-10-22T17:12:06.8562710Z 2023-10-22T17:12:06.634Z �[34mINFO�[0m Need to update DB
2023-10-22T17:12:06.8567060Z 2023-10-22T17:12:06.634Z �[34mINFO�[0m DB Repository: ghcr.io/aquasecurity/trivy-db
2023-10-22T17:12:06.8571420Z 2023-10-22T17:12:06.634Z �[34mINFO�[0m Downloading DB...
2023-10-22T17:12:06.8575070Z 2023-10-22T17:12:06.634Z �[35mDEBUG�[0m no metadata file
2023-10-22T17:12:06.8581180Z 2023-10-22T17:12:06.636Z �[31mFATAL�[0m init error:
2023-10-22T17:12:06.8584370Z github.com/aquasecurity/trivy/pkg/commands/artifact.Run
2023-10-22T17:12:06.8586890Z /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:416
2023-10-22T17:12:06.8589200Z - DB error:
2023-10-22T17:12:06.8590910Z github.com/aquasecurity/trivy/pkg/commands/artifact.NewRunner
2023-10-22T17:12:06.8593520Z /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:130
2023-10-22T17:12:06.8603110Z - failed to download vulnerability DB:
2023-10-22T17:12:06.8606790Z github.com/aquasecurity/trivy/pkg/commands/operation.DownloadDB
2023-10-22T17:12:06.8649340Z ##[error]Failed: Trivy detected problems.
2023-10-22T17:12:06.8696610Z /home/runner/work/trivy/trivy/pkg/commands/operation/operation.go:128
2023-10-22T17:12:06.8713600Z - database download error:
2023-10-22T17:12:06.8714110Z github.com/aquasecurity/trivy/pkg/db.(*Client).Download
2023-10-22T17:12:06.8716460Z /home/runner/work/trivy/trivy/pkg/db/db.go:158
2023-10-22T17:12:06.8716880Z - OCI repository error:
2023-10-22T17:12:06.8717210Z github.com/aquasecurity/trivy/pkg/oci.(*Artifact).populate
2023-10-22T17:12:06.8717630Z /home/runner/work/trivy/trivy/pkg/oci/artifact.go:93
2023-10-22T17:12:06.8717990Z - 1 error occurred:
2023-10-22T17:12:06.8718570Z * error getting credentials - err: exec: "docker-credential-desktop": executable file not found in $PATH, out: ``
2023-10-22T17:12:06.8719370Z
2023-10-22T17:12:06.8719420Z
2023-10-22T17:12:06.8719560Z Publishing JSON results...
2023-10-22T17:12:06.8749100Z ##[error]Unable to process command '##vso[task.addattachment type=JSON_RESULT;name=trivy0.41051229734050265.json;]/tmp/trivy-results-0.8834748365812568.json' successfully. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)
2023-10-22T17:12:06.8758170Z ##[error]Value cannot be null. (Parameter 'Cannot upload task attachment file, attachment file location is not specified or attachment file does not exist on disk.')
2023-10-22T17:12:06.8774470Z Done!
2023-10-22T17:12:06.8825500Z ##[section]Finishing: Security Scan of OCI image

Reproduction Steps

- create a yaml pipeline
- use the following task, configured as is:

    - task: Docker@2
      displayName: Build OCI image
      inputs:
        command: build
        repository: $(imageRepository)
        dockerfile: 'Dockerfile'
        tags: $(tag)

    - task: trivy@1
      displayName: Security Scan of OCI image
      inputs:
        version: 'latest'
        debug: true
        image: '$(imageRepository):$(tag)'
        severities: 'CRITICAL,HIGH,MEDIUM'
        ignoreUnfixed: true

• trigger the pipeline

### Target

Container Image

### Scanner

None

### Output Format

None

### Mode

None

### Debug Output

```bash
2023-10-22T17:12:06.8534850Z 2023-10-22T17:12:06.626Z	�[33mWARN�[0m	'--security-checks' is deprecated. Use '--scanners' instead.
2023-10-22T17:12:06.8539520Z 2023-10-22T17:12:06.630Z	�[35mDEBUG�[0m	Severities: ["CRITICAL" "HIGH" "MEDIUM"]
2023-10-22T17:12:06.8543150Z 2023-10-22T17:12:06.631Z	�[35mDEBUG�[0m	Ignore statuses	{"statuses": ["unknown","not_affected","affected","under_investigation","will_not_fix","fix_deferred","end_of_life"]}
2023-10-22T17:12:06.8548780Z 2023-10-22T17:12:06.634Z	�[35mDEBUG�[0m	cache dir:  /root/.cache/trivy
2023-10-22T17:12:06.8556050Z 2023-10-22T17:12:06.634Z	�[35mDEBUG�[0m	There is no valid metadata file: unable to open a file: open /root/.cache/trivy/db/metadata.json: no such file or directory
2023-10-22T17:12:06.8562710Z 2023-10-22T17:12:06.634Z	�[34mINFO�[0m	Need to update DB
2023-10-22T17:12:06.8567060Z 2023-10-22T17:12:06.634Z	�[34mINFO�[0m	DB Repository: ghcr.io/aquasecurity/trivy-db
2023-10-22T17:12:06.8571420Z 2023-10-22T17:12:06.634Z	�[34mINFO�[0m	Downloading DB...
2023-10-22T17:12:06.8575070Z 2023-10-22T17:12:06.634Z	�[35mDEBUG�[0m	no metadata file
2023-10-22T17:12:06.8581180Z 2023-10-22T17:12:06.636Z	�[31mFATAL�[0m	init error:
2023-10-22T17:12:06.8584370Z     github.com/aquasecurity/trivy/pkg/commands/artifact.Run
2023-10-22T17:12:06.8586890Z         /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:416
2023-10-22T17:12:06.8589200Z   - DB error:
2023-10-22T17:12:06.8590910Z     github.com/aquasecurity/trivy/pkg/commands/artifact.NewRunner
2023-10-22T17:12:06.8593520Z         /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:130
2023-10-22T17:12:06.8603110Z   - failed to download vulnerability DB:
2023-10-22T17:12:06.8606790Z     github.com/aquasecurity/trivy/pkg/commands/operation.DownloadDB
2023-10-22T17:12:06.8649340Z ##[error]Failed: Trivy detected problems.
2023-10-22T17:12:06.8696610Z         /home/runner/work/trivy/trivy/pkg/commands/operation/operation.go:128
2023-10-22T17:12:06.8713600Z   - database download error:
2023-10-22T17:12:06.8714110Z     github.com/aquasecurity/trivy/pkg/db.(*Client).Download
2023-10-22T17:12:06.8716460Z         /home/runner/work/trivy/trivy/pkg/db/db.go:158
2023-10-22T17:12:06.8716880Z   - OCI repository error:
2023-10-22T17:12:06.8717210Z     github.com/aquasecurity/trivy/pkg/oci.(*Artifact).populate
2023-10-22T17:12:06.8717630Z         /home/runner/work/trivy/trivy/pkg/oci/artifact.go:93
2023-10-22T17:12:06.8717990Z   - 1 error occurred:
2023-10-22T17:12:06.8718570Z 	* error getting credentials - err: exec: "docker-credential-desktop": executable file not found in $PATH, out: ``
2023-10-22T17:12:06.8719370Z 
2023-10-22T17:12:06.8719420Z 
2023-10-22T17:12:06.8719560Z Publishing JSON results...
2023-10-22T17:12:06.8749100Z ##[error]Unable to process command '##vso[task.addattachment type=JSON_RESULT;name=trivy0.41051229734050265.json;]/tmp/trivy-results-0.8834748365812568.json' successfully. Please reference documentation (http://go.microsoft.com/fwlink/?LinkId=817296)
2023-10-22T17:12:06.8758170Z ##[error]Value cannot be null. (Parameter 'Cannot upload task attachment file, attachment file location is not specified or attachment file does not exist on disk.')
2023-10-22T17:12:06.8774470Z Done!
2023-10-22T17:12:06.8825500Z ##[section]Finishing: Security Scan of OCI image

Operating System

mac OS 13.6 (22G120)

Version

1.4.1

Checklist

• Run trivy image --reset
• Read the troubleshooting

[knqyf263]

You can ask here.
https://github.com/aquasecurity/trivy-azure-pipelines-task