Problem:

Legacy Scanner runs the malware scan successfully. Switching to Triviy, some images are scanned properly, but some are not. 


Environment:

Product: Self Hosted

Platform: Microsoft Azure AKS

Version: 2022.4.81



The Triviy errors shows like this.

error in image inspect: analyze error: failed to store layer: sha256:1f28e4d554f78df31c4b71b856d31a892bf3230cbed81381be02c5927e32b515 in cache: failed http request: [Put "https://cc-malware-server-prod.s3.amazonaws.com/mCPp1-orbHfwAvagexJV0aFR-k5R8TDeyLT2BAscphA%3D/sha256%3A1f28e4d554f78df31c4b71b856d31a892bf3230cbed81381be02c5927e32b515?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAYJ65BCN3ABVQYQE7%2F20220607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220607T162642Z&X-Amz-Expires=900&X-Amz-Security-


Failed Scanning with Trivy - RegulerScanners: failed downloading trivy response failed http request: [Get "https://cc-trivy-scan-results-prod.s3.amazonaws.com/6d435070312d6f72624866774176616765784a56306146522d6b355238544465794c5432424173637068413d5f98b4945472dec261e554c8f5e8b386628f3eb6f6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAYJ65BCN3BDTFMCH3%2F20220714%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220714T151529Z&X-Amz-Expires=600&X-Amz-Security-


Solution:

Whitelist the following FQDNs

https://cc-malware-server-prod.s3.amazonaws.com


https://cc-trivy-scan-results-prod.s3.amazonaws.com