Duplicated results in the reports

[sergeykad]

Description

In the generated report (table) the string "namespace: alpha, deployment: myservice (jar)" is listed over a hundred times, always with exactly the same contents. The same happens for other deployments too.

The JSON report size was also huge, although I did not check its contents for duplicates.

Desired Behavior

Each service is listed at most once.

Actual Behavior

The vulnerabilities of a service listed in the report are listed over 100 times.

Reproduction Steps

1. Run report with `--report all -f table`.

Target

Kubernetes

Scanner

Vulnerability

Output Format

Table

Mode

None

Debug Output

2025-04-07T08:28:55Z	DEBUG	No plugins loaded
2025-04-07T08:28:55Z	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2025-04-07T08:28:55Z	DEBUG	Cache dir	dir="/root/.cache/trivy"
2025-04-07T08:28:55Z	DEBUG	Cache dir	dir="/root/.cache/trivy"
2025-04-07T08:28:55Z	INFO	Adding schema version to the DB repository for backward compatibility	repository="public.ecr.aws/aquasecurity/trivy-db:2"
2025-04-07T08:28:55Z	INFO	Adding schema version to the DB repository for backward compatibility	repository="public.ecr.aws/aquasecurity/trivy-java-db:1"
2025-04-07T08:28:55Z	DEBUG	Parsed severities	severities=[CRITICAL HIGH]
2025-04-07T08:28:55Z	DEBUG	Ignore statuses	statuses=[0 1 2 4 5 6 7]
2025-04-07T08:30:07Z	INFO	Node scanning is enabled
2025-04-07T08:30:07Z	INFO	If you want to disable Node scanning via an in-cluster Job, please try '--disable-node-collector' to disable the Node-Collector job.
2025-04-07T08:30:07Z	DEBUG	[vulndb] There is no db file
2025-04-07T08:30:07Z	DEBUG	[vulndb] There is no valid metadata file	err="file open error: open /root/.cache/trivy/db/metadata.json: no such file or directory"
2025-04-07T08:30:07Z	INFO	[vulndb] Need to update DB
2025-04-07T08:30:07Z	DEBUG	[vulndb] No metadata file
2025-04-07T08:30:07Z	INFO	[vulndb] Downloading vulnerability DB...
2025-04-07T08:30:07Z	INFO	[vulndb] Downloading artifact...	repo="public.ecr.aws/aquasecurity/trivy-db:2"
22.02 MiB / 61.95 MiB [--------------------->_______________________________________] 35.55% ? p/s ?46.05 MiB / 61.95 MiB [--------------------------------------------->_______________] 74.34% ? p/s ?61.95 MiB / 61.95 MiB [----------------------------------------------------------->] 100.00% ? p/s ?61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 66.50 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 66.50 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 66.50 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 62.21 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 62.21 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 62.21 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 58.20 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 58.20 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 58.20 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 54.44 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 54.44 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [---------------------------------------------->] 100.00% 54.44 MiB p/s ETA 0s61.95 MiB / 61.95 MiB [-------------------------------------------------] 100.00% 22.04 MiB p/s 3.0s2025-04-07T08:30:11Z	INFO	[vulndb] Artifact successfully downloaded	repo="public.ecr.aws/aquasecurity/trivy-db:2"
2025-04-07T08:30:11Z	DEBUG	Updating database metadata...
2025-04-07T08:30:11Z	DEBUG	DB info	schema=2 updated_at=2025-04-07T06:17:45.548222557Z next_update=2025-04-08T06:17:45.548222367Z downloaded_at=2025-04-07T08:30:11.850551207Z
2025-04-07T08:30:11Z	INFO	Scanning K8s...	K8s="hermes-cluster"
6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s11.52 MiB / 705.31 MiB [>____________________________________________________________] 1.63% ? p/s ?6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s21.62 MiB / 705.31 MiB [->___________________________________________________________] 3.06% ? p/s ?6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s33.43 MiB / 705.31 MiB [-->__________________________________________________________] 4.74% ? p/s ?6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s47.02 MiB / 705.31 MiB [--->___________________________________________] 6.67% 59.51 MiB p/s ETA 11s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s68.30 MiB / 705.31 MiB [---->__________________________________________] 9.68% 59.51 MiB p/s ETA 10s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s82.05 MiB / 705.31 MiB [----->________________________________________] 11.63% 59.51 MiB p/s ETA 10s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s100.71 MiB / 705.31 MiB [------>_______________________________________] 14.28% 61.44 MiB p/s ETA 9s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s120.15 MiB / 705.31 MiB [------->______________________________________] 17.03% 61.44 MiB p/s ETA 9s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s136.52 MiB / 705.31 MiB [-------->_____________________________________] 19.36% 61.44 MiB p/s ETA 9s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s154.26 MiB / 705.31 MiB [---------->___________________________________] 21.87% 63.09 MiB p/s ETA 8s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s171.19 MiB / 705.31 MiB [----------->__________________________________] 24.27% 63.09 MiB p/s ETA 8s6 / 559 [>_____________________________________________________________________________] 1.07% ? p/s190.85 MiB / 705.31 MiB [------------>_________________________________] 27.06% 63.09 MiB p/s ETA 8s6 / 559 [>_____________________________________________________________________________] ------------------------------------------------------------->] 100.00% 18 p/s559 / 559 [------------------------------------------------------------------------>] 100.00% 18 p/s559 / 559 [--------------------------------------------------------------------------] 100.00% 1 p/sDeleting 1

Operating System

Ubuntu

Version

0.61.0

Checklist

• Run trivy clean --all
• Read the troubleshooting

[afdesk]

@sergeykad thanks for the report!
I'm investigating it

[afdesk]

@sergeykad it seems i can reproduce it, and will create a new issue.
as a workaround, you can try to set up a specific scanner. it helped in my case:

$ trivy k8s --report all --include-namespaces default --scanners vuln

[afdesk]

trach #8715

[afdesk]

@sergeykad thanks for your report again

The JSON report size was also huge, although I did not check its contents for duplicates.

I checked a json report and it seems this issue doesn't affect on it.
the report sizes are almost equal:

$ ls -l result-*
-rw-r--r--@ 1 amf  staff  815118 Apr 11 12:26 result-59-1.json
-rw-r--r--@ 1 amf  staff  816006 Apr 11 12:27 result-60.json
-rw-r--r--@ 1 amf  staff  816006 Apr 11 12:26 result-61.json

Would you confirm it too? thanks!

[sergeykad]

I can't check it now, but giving the fact that the reports were about 100 times bigger than the usual, I highly suspect there are duplications unless the JSON schema was drastically changed.