trivy kubernetes error out with no compliance commands found for non-official kubernetes versions

[haitch]

Description

AKS offers LongTermSupport option for customers to keep running older version of kubernetes, while keep receive CVE patches.

in this program, AKS have the kubernetes versioned as v1.27.100-akslts, which caused trivy cluster scan stop working.

Desired Behavior

expect it to work.

Actual Behavior

trivy kubernetes --report all -f json > lts.trivy.report.json
2024-12-03T16:21:06-08:00 FATAL Fatal error get k8s artifacts with node info error: no compliance commands found

Reproduction Steps

1. create a cluster with 1.27.100-akslts (https://github.com/aks-lts/kubernetes/releases/tag/v1.27.100-akslts , AKS does offer this as paid tier, in couple regions eastus,eastasia,uksouth,centralindia,australiaeast)

2. scan it with trivy.

Target

None

Scanner

None

Output Format

None

Mode

None

Debug Output

2024-12-03T15:39:19-08:00	DEBUG	No plugins loaded
2024-12-03T15:39:19-08:00	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2024-12-03T15:39:19-08:00	DEBUG	Cache dir	dir="/home/haitch/.cache/trivy"
2024-12-03T15:39:19-08:00	DEBUG	Cache dir	dir="/home/haitch/.cache/trivy"
2024-12-03T15:39:19-08:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2024-12-03T15:39:19-08:00	DEBUG	Ignore statuses	statuses=[]
2024-12-03T15:39:28-08:00	FATAL	Fatal error
  - get k8s artifacts with node info error:
    github.com/aquasecurity/trivy/pkg/k8s/commands.clusterRun
        /home/runner/work/trivy/trivy/pkg/k8s/commands/cluster.go:42
  - no compliance commands found

Operating System

Linux

Version

trivy --version
Version: 0.57.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-12-02 18:15:58.102739697 +0000 UTC
  NextUpdate: 2024-12-03 18:15:58.102739306 +0000 UTC
  DownloadedAt: 2024-12-03 00:34:57.424873815 +0000 UTC
Check Bundle:
  Digest: sha256:27b408ac9a1d8d6a984bd98a2062792afa58d4534b8fa2dc46398cc6cd6a738a
  DownloadedAt: 2024-12-03 23:35:17.50683119 +0000 UTC

Checklist

• Run trivy clean --all
• Read the troubleshooting

[haitch]

we'd like to spend time to investigate and propose a fix, it would be great if trivy team can provide a guidance/direction.

[simar7]

hi @haitch that'll be great - let us know how we can help. cc @afdesk

[afdesk]

@haitch thanks for your interest in Trivy! It's really nice

at first, could you test the latest version - v0.58.0?
may be #7863 can help you

if no, you can see a related PR https://github.com/aquasecurity/trivy-kubernetes/pull/409/files
It can point how Trivy gets a cluster specific command.

in any case, feel free to ask any questions!
we are happy any contributors )

[haitch]

yep, v0.58.0 works.

thanks a lot!