Missing vulnerability report in EKS Cluster #2639
Description
What steps did you take and what happened:
The vulnerabilityreports jobs remains in Complete state and no reports are available.
kubectl get vulnerabilityreports.aquasecurity.github.io -A
No resources found
There are multiple errors in the logs of the Trivy-operator deployment :
{"level":"error","ts":"2025-07-03T10:20:16Z","msg":"Reconciler error","controller":"job","controllerGroup":"batch","controllerKind":"Job","Job":{"name":"scan-vulnerabilityreport-887f98987","namespace":"trivy"},"namespace":"trivy","name":"scan-vulnerabilityreport-887f98987","reconcileID":"4e2e2f73-f8e0-40df-a07f-9e994350c540","error":"json: cannot unmarshal number into Go value of type types.Report","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:353\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:300\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.1\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:202"}
What did you expect to happen:
- The jobs should get deleted at a time to let new vulnerabilityreports be done.
- Vulnerability reports should be available.
Anything else you would like to add:
There is a part of my values file (I also have tolerations, but they are specific to my environment so I do not add them here) :
trivy:
timeout: "10m"
ignoreUnfixed: true
slow: false
operator:
scanJobTimeout: "10m"
metricsVulnIdEnabled: true
trivyOperator:
scanJobCompressLogs: false
And there is the resources in the trivy operator namespace :
kubectl get all -n trivy
NAME READY STATUS RESTARTS AGE
pod/scan-vulnerabilityreport-5c749c8f99-lcs6l 0/1 Completed 0 11m
pod/scan-vulnerabilityreport-74b9cf67dd-w4245 0/1 Completed 0 11m
pod/scan-vulnerabilityreport-75d467dffd-6fckl 0/2 Completed 0 11m
pod/scan-vulnerabilityreport-784b68f8dc-4nfcs 0/3 Completed 0 11m
pod/scan-vulnerabilityreport-7cc9774cd8-pcfzt 0/2 Completed 0 11m
pod/scan-vulnerabilityreport-8f68599f7-4zz6h 0/3 Completed 0 11m
pod/scan-vulnerabilityreport-94dfb575-4w4sv 0/3 Completed 0 11m
pod/scan-vulnerabilityreport-978494f65-zldqh 0/3 Completed 0 11m
pod/scan-vulnerabilityreport-f68f58fb-4kbj7 0/1 Completed 0 11m
pod/scan-vulnerabilityreport-f69bf8f6f-gtf6k 0/1 Completed 0 11m
pod/trivy-trivy-operator-66d549b77c-d7qvt 1/1 Running 0 10m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/trivy-trivy-operator ClusterIP None <none> 80/TCP 24m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/trivy-trivy-operator 1/1 1 1 24m
NAME DESIRED CURRENT READY AGE
replicaset.apps/trivy-trivy-operator-66d549b77c 1 1 1 10m
replicaset.apps/trivy-trivy-operator-865487584 0 0 0 24m
NAME STATUS COMPLETIONS DURATION AGE
job.batch/scan-vulnerabilityreport-5c749c8f99 Complete 1/1 4m50s 11m
job.batch/scan-vulnerabilityreport-74b9cf67dd Complete 1/1 27s 11m
job.batch/scan-vulnerabilityreport-75d467dffd Complete 1/1 45s 11m
job.batch/scan-vulnerabilityreport-784b68f8dc Complete 1/1 2m31s 11m
job.batch/scan-vulnerabilityreport-7cc9774cd8 Complete 1/1 24s 11m
job.batch/scan-vulnerabilityreport-8f68599f7 Complete 1/1 2m51s 11m
job.batch/scan-vulnerabilityreport-94dfb575 Complete 1/1 2m38s 11m
job.batch/scan-vulnerabilityreport-978494f65 Complete 1/1 30s 11m
job.batch/scan-vulnerabilityreport-f68f58fb Complete 1/1 2m49s 11m
job.batch/scan-vulnerabilityreport-f69bf8f6f Complete 1/1 33s 11m
Environment:
- Trivy-Operator version (use
trivy-operator version): 0.29.1 - Kubernetes version (use
kubectl version): v1.33.1