AVD-DS-0016 (duplicate CMD instructions) regression in Trivy 0.62.0

[candrews]

Description

In Trivy 0.56, AVD-DS-0016 was only applied to the final layer (see #7368) because otherwise the finding is incorrectly reported when later layers override CMD instructions provided by earlier layer (initially reported at #7320).

In Trivy 0.62.0, the fix has been regressed and the original issue, following the originally reproduction steps, is once again present.

Desired Behavior

Trivy seems to be looking for ` instructions in all of the layers of the docker image. Instead, it should only be looking at the final image.

Actual Behavior

Trivy misconfiguration scan incorrectly reports duplicate CMD instructions for some docker images.

Reproduction Steps

1. `docker run -it aquasec/trivy:0.62.1 image --scanners misconfig --image-config-scanners misconfig registry.access.redhat.com/ubi8/python-312:1-16.1721725207`

Actual: "HIGH: There are 3 duplicate CMD instructions" is reported

Expected: No such finding should be reported

Target

Container Image

Scanner

Misconfiguration

Output Format

None

Mode

Standalone

Debug Output

$ docker run -it aquasec/trivy:0.62.0 image --debug --scanners misconfig --image-config-scanners misconfig registry.access.redhat.com/ubi8/python-312:1-16.1721725207
2025-05-20T13:25:31Z	DEBUG	No plugins loaded
2025-05-20T13:25:31Z	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2025-05-20T13:25:31Z	DEBUG	Cache dir	dir="/root/.cache/trivy"
2025-05-20T13:25:31Z	DEBUG	Cache dir	dir="/root/.cache/trivy"
2025-05-20T13:25:31Z	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2025-05-20T13:25:31Z	DEBUG	Ignore statuses	statuses=[]
2025-05-20T13:25:31Z	INFO	[image] Container image config scanners	scanners=[misconfig]
2025-05-20T13:25:31Z	INFO	[misconfig] Misconfiguration scanning is enabled
2025-05-20T13:25:31Z	DEBUG	[misconfig] Failed to open the check metadata	err="open /root/.cache/trivy/policy/metadata.json: no such file or directory"
2025-05-20T13:25:31Z	INFO	[misconfig] Need to update the checks bundle
2025-05-20T13:25:31Z	INFO	[misconfig] Downloading the checks bundle...
2025-05-20T13:25:31Z	DEBUG	[misconfig] Loading check bundle	repository="mirror.gcr.io/aquasec/trivy-checks:1"
162.80 KiB / 162.80 KiB [---------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% ? p/s 100ms
2025-05-20T13:25:32Z	DEBUG	[misconfig] Digest of the built-in checks	digest="sha256:e13d31ec41e7a61a0eeb42afccd73a8e2802244c5c772764a5e2ffb30cab727c"
2025-05-20T13:25:32Z	DEBUG	[misconfig] Checks successfully loaded from disk
2025-05-20T13:25:32Z	DEBUG	[rego] Overriding filesystem for checks
2025-05-20T13:25:32Z	DEBUG	[rego] Embedded libraries are loaded	count=17
2025-05-20T13:25:32Z	DEBUG	[rego] Embedded checks are loaded	count=517
2025-05-20T13:25:33Z	DEBUG	[rego] Checks from disk are loaded	count=534
2025-05-20T13:25:33Z	DEBUG	[rego] Overriding filesystem for data
2025-05-20T13:25:33Z	DEBUG	Enabling misconfiguration scanners	scanners=[azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2025-05-20T13:25:33Z	DEBUG	Initializing scan cache...	type="fs"
2025-05-20T13:25:34Z	DEBUG	[image] Detected image ID	image_id="sha256:5d3de3428a507c1567a2bb2fe4f5bda919ac8babb04b621538b74d7fd265f3ff"
2025-05-20T13:25:34Z	DEBUG	[image] Detected diff ID	diff_ids=[sha256:41fdab9a4e32b1a427aef2d9537ed8c34cae55ba76471c1a3b1e2a31819dacd6 sha256:09057cb70b4cc786df3b5a67120db8120d9ae445772ef020c90ad01af2b44032 sha256:4e29796b4201fba751b920fb5db529ac2be5dc80ea177b53d7c6e89a3cdc0e03 sha256:a8119cf37e14df02ad14d42e557dd886b3345c3859f2a568018e9f090411c5da]
2025-05-20T13:25:34Z	DEBUG	[image] Detected base layers	diff_ids=[]
2025-05-20T13:25:34Z	DEBUG	[image] Missing image ID in cache	image_id="sha256:5d3de3428a507c1567a2bb2fe4f5bda919ac8babb04b621538b74d7fd265f3ff"
2025-05-20T13:25:34Z	DEBUG	[image] Missing diff ID in cache	diff_id="sha256:09057cb70b4cc786df3b5a67120db8120d9ae445772ef020c90ad01af2b44032"
2025-05-20T13:25:34Z	DEBUG	[image] Missing diff ID in cache	diff_id="sha256:41fdab9a4e32b1a427aef2d9537ed8c34cae55ba76471c1a3b1e2a31819dacd6"
2025-05-20T13:25:34Z	DEBUG	[image] Missing diff ID in cache	diff_id="sha256:4e29796b4201fba751b920fb5db529ac2be5dc80ea177b53d7c6e89a3cdc0e03"
2025-05-20T13:25:34Z	DEBUG	[image] Missing diff ID in cache	diff_id="sha256:a8119cf37e14df02ad14d42e557dd886b3345c3859f2a568018e9f090411c5da"
	2025-05-20T13:25:49Z	INFO	[python] Licenses acquired from one or more METADATA files may be subject to additional terms. Use `--debug` flag to see all affected packages.
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="chardet" version="3.0.4"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="decorator" version="4.2.1"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="idna" version="2.5"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="iniparse" version="0.4"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pyinotify" version="0.9.6"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="python-dateutil" version="2.6.1"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="requests" version="2.20.0"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="setuptools" version="39.2.0"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="six" version="1.11.0"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="urllib3" version="1.24.2"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="dbus-python" version="1.2.4"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="ethtool" version="0.14"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="gpg" version="1.13.1"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="libcomps" version="0.1.18"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="PyGObject" version="3.28.3"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="subscription-manager" version="1.28.42"
2025-05-20T13:25:49Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="systemd-python" version="234"
2025-05-20T13:25:53Z	DEBUG	[misconfig] Scanning files for misconfigurations...	scanner="Helm"
2025-05-20T13:25:53Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pip" version="23.2.1"
2025-05-20T13:25:53Z	DEBUG	[python] License acquired from METADATA classifiers may be subject to additional terms	name="pip" version="23.2.1"
2025-05-20T13:25:59Z	DEBUG	[misconfig] Scanning files for misconfigurations...	scanner="Helm"
2025-05-20T13:26:00Z	DEBUG	[misconfig] Scanning files for misconfigurations...	scanner="Dockerfile"
2025-05-20T13:26:00Z	DEBUG	[dockerfile scanner] Scanning files...	count=1
2025-05-20T13:26:00Z	DEBUG	[rego] Scanning inputs	count=1
2025-05-20T13:26:00Z	DEBUG	No secrets found in container image config
2025-05-20T13:26:00Z	INFO	Detected config files	num=1
2025-05-20T13:26:00Z	DEBUG	Scanned config file	file_path="registry.access.redhat.com/ubi8/python-312:1-16.1721725207"
2025-05-20T13:26:00Z	DEBUG	Specified ignore file does not exist	file=".trivyignore"
2025-05-20T13:26:00Z	DEBUG	[vex] VEX filtering is disabled

Report Summary

┌────────────────────────────────────────────────────────────┬────────────┬───────────────────┐
│                           Target                           │    Type    │ Misconfigurations │
├────────────────────────────────────────────────────────────┼────────────┼───────────────────┤
│ registry.access.redhat.com/ubi8/python-312:1-16.1721725207 │ dockerfile │         4         │
└────────────────────────────────────────────────────────────┴────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


registry.access.redhat.com/ubi8/python-312:1-16.1721725207 (dockerfile)

Tests: 29 (SUCCESSES: 25, FAILURES: 4)
Failures: 4 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 1, CRITICAL: 2)

AVD-DS-0011 (CRITICAL): Slash is expected at the end of COPY command argument '$STI_SCRIPTS_PATH'
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
When a COPY command has more than two arguments, the last one should end with a slash.

See https://avd.aquasec.com/misconfig/ds011
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 registry.access.redhat.com/ubi8/python-312:1-16.1721725207:66
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  66 [ COPY dir:bbef9bf403af8fa6579452e0550bf6bb61326be94d87e66c82243095f8aeb446 in $STI_SCRIPTS_PATH
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────


AVD-DS-0011 (CRITICAL): Slash is expected at the end of COPY command argument '/opt/wheels'
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
When a COPY command has more than two arguments, the last one should end with a slash.

See https://avd.aquasec.com/misconfig/ds011
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 registry.access.redhat.com/ubi8/python-312:1-16.1721725207:68
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  68 [ COPY dir:5e283e09fcde7e88f28a5bf961c010f21e93095558bf27569a97b3a49fb19e30 in /opt/wheels
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────


AVD-DS-0016 (HIGH): There are 3 duplicate CMD instructions
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
There can only be one CMD instruction in a Dockerfile. If you list more than one CMD then only the last CMD will take effect.

See https://avd.aquasec.com/misconfig/ds016
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 registry.access.redhat.com/ubi8/python-312:1-16.1721725207:35
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
  35 [ CMD ["base-usage"]
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────


AVD-DS-0026 (LOW): Add HEALTHCHECK instruction in your Dockerfile
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.

See https://avd.aquasec.com/misconfig/ds026
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Operating System

Linux

Version

0.62.0

Checklist

• Run trivy clean --all
• Read the troubleshooting

[candrews]

I confirmed that this issue is not reproducible with Trivy 0.61.1; Trivy 0.62.0 is the first version with this regression.

Looking at the Trivy 0.62.0 changes at https://github.com/aquasecurity/trivy/blob/main/CHANGELOG.md#0620-2025-04-30, there's nothing obvious to me regarding this issue.

[nikpivkin]

Hi @candrews !

I'll take a look.

[nikpivkin]

Track #8903