Version 0.66.0 not authorized with AWS

[jscancella]

Description

0.65.0 works fine, but when using 0.66.0 I get this error

Desired Behavior

It to continue to work and not give authorization errors

Actual Behavior

Reproduction Steps

1.upload image to AWS ECR
2.have trivy try and scan image in ECR
  `trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/contrib/gitlab.tpl" --output "$CI_PROJECT_DIR/gl-container-scanning-report.json" "$FULL_IMAGE_NAME"`
3.get auth error

Target

Container Image

Scanner

None

Output Format

None

Mode

None

Debug Output

I don't have that ability

Operating System

amazon linux

Version

Version: 0.66.0

Checklist

• Run trivy clean --all
• Read the troubleshooting

[simar7]

This might be related #9430

cc @DmitriyLewen @knqyf263

[knqyf263]

#9322 may be relevant. Since this PR was merged while I was away, I didn't have a chance to review it.
@DmitriyLewen Do you have any ideas?

[DmitriyLewen]

hm... i can't reproduce this error:

➜  ~ docker run -it --rm --entrypoint sh aquasec/trivy:0.66.0
/ # export AWS_ACCESS_KEY_ID=<redacted>
/ # export AWS_SECRET_ACCESS_KEY=<redacted>
/ # export AWS_SESSION_TOKEN=<redacted>

/ # trivy -q --cache-backend memory image <redacted>.amazonaws.com/trivy-test:latest

Report Summary

┌─────────────────────────────────────────────────────────────────────────────────┬────────┬─────────────────┬─────────┐
│                                     Target                                      │  Type  │ Vulnerabilities │ Secrets │
├─────────────────────────────────────────────────────────────────────────────────┼────────┼─────────────────┼─────────┤
│ <redacted>.amazonaws.com/trivy-test:latest (alpine                              │ alpine │        0        │    -    │
│ 3.22.1)                                                                         │        │                 │         │
└─────────────────────────────────────────────────────────────────────────────────┴────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

[DmitriyLewen]

@jscancella Can you scan image with --debug flag and send Credential error err=* error?

[jscancella]

I will give that a try and report back later. However I don't manually export any keys like in your example. Because the job is run in my AWS environment it has always just worked.

[jscancella]

Here is the debug output of the credential errors:

2025-09-04T11:33:32Z	DEBUG	Credential error	err="failed to get authorization token: operation error ECR: GetAuthorizationToken, get identity: get credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, canceled, context deadline exceeded"
2025-09-04T11:33:32Z	FATAL	Fatal error
  - run error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.Run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:414
  - image scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.run
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:452
  - scan error:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scanArtifact
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:291
  - unable to initialize a scan service:
    github.com/aquasecurity/trivy/pkg/commands/artifact.(*runner).scan
        /home/runner/work/trivy/trivy/pkg/commands/artifact/run.go:679
  - unable to initialize an image scan service:
    github.com/aquasecurity/trivy/pkg/commands/artifact.imageStandaloneScanService
        /home/runner/work/trivy/trivy/pkg/commands/artifact/scanner.go:16
  - unable to find the specified image "<REDACTED>" in ["docker" "containerd" "podman" "remote"]:
    github.com/aquasecurity/trivy/pkg/fanal/image.NewContainerImage
        /home/runner/work/trivy/trivy/pkg/fanal/image/image.go:61

[chriskellyrelay]

We use aws ECR pull through caches in our environment for performance reasons (less bandwidth to internet, less latency, less requests made to public repos) for trivy and the db and java db. In 0.65.0 and earlier, our authenticated environment is able to pull all 3 images.

In 0.66.0, now that #9322 has been merged, this now fails.

To reproduce, Run trivy, using GitLab with a snippet like the following, to an authenticated AWS ECR repo.

Authentication works something like this somewhere in the pipeline:

aws ecr get-login-password --region "${AWS_REGION}" | \
    docker login --username AWS --password-stdin "$ACCOUNT_ID.dkr.ecr.${AWS_REGION}.amazonaws.com"```

Gitlab job configuration:

```yml
code_scan:
  stage: lint
  image:
    name: $ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/docker-hub/aquasec/trivy:latest
    entrypoint: [""]
  script:
    - cd app/"
    - echo "Checking for HIGH/CRITICAL vulnerabilities (will fail job):"
    - trivy fs . --exit-code 1 --severity HIGH,CRITICAL --ignorefile .trivyignore.yaml --db-repository $ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/github/aquasecurity/trivy-db:2 --java-db-repository $ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/github/aquasecurity/trivy-java-db:1

With 0.65.0 this will work! With 0.66.0 this fails with:

2025-09-03T18:13:52Z	INFO	[vulndb] Need to update DB
2025-09-03T18:13:52Z	INFO	[vulndb] Downloading vulnerability DB...
2025-09-03T18:13:52Z	INFO	[vulndb] Downloading artifact...	repo="503226870730.dkr.ecr.us-east-1.amazonaws.com/github/aquasecurity/trivy-db:2"
2025-09-03T18:13:57Z	FATAL	Fatal error	run error: init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from $ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/github/aquasecurity/trivy-db:2: OCI repository error: 1 error occurred:
	* GET https://$ACCOUNT_ID.dkr.ecr.us-east-1.amazonaws.com/v2/github/aquasecurity/trivy-db/manifests/2: unexpected status code 401 Unauthorized: Not Authorized

If we update the script to install docker and the aws-cli (apk add docker aws-cli) on the trivy:0.66.0 image, we authenticate (with the get-login-password snipped above) and are able to pull the images, but it adds 10s of s to every pipeline run and ~500MB of packages to install each time so this is not desirable.

[DmitriyLewen]

@jscancella @chriskellyrelay Thanks for your information and help!
I created #9436
Can you build Trivy from my branch and test in your env?

[chriskellyrelay]

Getting a "not authorized" to pull those, even when authenticated to dockerhub.

[DmitriyLewen]

what about ghcr.io?
ghcr.io/dmitriylewen/trivy:9429-arm64
ghcr.io/dmitriylewen/trivy:9429-amd64

[jscancella]

same for me - I am not setup to build go code and after trying for a bit I am just running into a lot of issues.

[DmitriyLewen]

@jscancella you can use images or binaries from the images above.

[jscancella]

sorry, I hadn't refreshed the page. I used that amd-64 image and it works correctly again

[DmitriyLewen]

created #9437

[chriskellyrelay]

ghcr.io/dmitriylewen/trivy:9429-arm64 works here, and is able to work with our authenticated ECR pull through cache for the db and java-db. Thanks!

[knqyf263]

@chriskellyrelay @jscancella @eldondevat I tried to replicate it hard, but no luck.
#9437

Could you share more details to help us reproduce the issue? Please feel free to mask any sensitive information, such as account numbers or credentials. You don’t have to answer all of the questions below; any additional details you can provide would be greatly appreciated.

• Full command lines: used for both cases (image scanning and DB/Java DB download), including all flags such as --db-repository, --java-db-repository, --insecure, --cache-dir, and --format.
• Is the issue reproducible? Does it fail consistently, or only intermittently?
• Execution environment details: CI/CD platform, CI runner, base image/OS (e.g., Amazon Linux), container runtime, and whether Trivy runs inside a container or directly on the VM.
  • How to set up CI/CD, CI runner, and so on
• AWS credential source: specify if credentials come from environment variables, shared config/profile, EC2 instance profile (IMDS), ECS task role, or EKS IRSA/web identity. Confirm if AWS_EC2_METADATA_DISABLED is set.
• Region and endpoints: the exact ECR registry/region used (e.g., 123456789012.dkr.ecr.us-east-1.amazonaws.com) and whether you use ECR pull-through cache
• Proxy settings: values of HTTP_PROXY, HTTPS_PROXY, and NO_PROXY.
• Quick IMDS reachability checks from the same environment:
  • curl -s -o /dev/null -w "%{http_code}\n" http://169.254.169.254
  • IMDSv2 token flow (if allowed): curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" -s -o /dev/null -w "%{http_code}\n"
• Minimal reproducer:
  • a trimmed command (no templates) that still fails, e.g. trivy -q --debug --cache-backend memory image <your-ecr-repo>/<test-image>:tag.
  • Workflow files for CI/CD (YAML, JSON, etc.)
• Complete --debug logs
• Container networking specifics (if running inside a container): network mode, and whether the container can access IMDS without a proxy; include the docker run ... (or runner) snippet used to invoke Trivy.

[jscancella]

Command Lines Used

• trivy --version

• trivy clean --scan-cache

• trivy image --download-db-only --no-progress --cache-dir .trivycache/

• trivy image --exit-code 0 --cache-dir .trivycache/ --db-repository <REDACTED>/aquasecurity/trivy-db --no-progress --format template --template "'contrib/gitlab.tpl'" --output "$CI_PROJECT_DIR/gl-container-scanning-report.json" "<REDACTED>.amazonaws.com/tm-esc-api:SNAPSHOT-95573876"

Reproducibility

• Consistency: Very consistent - everything using version 0.66.0 is failing

Execution Environment

• CI/CD Platform: GitLab
• Runner Setup: EC2 instance
• Operating System: Amazon Linux with STIG baseline settings
• Execution Context: Trivy runs inside a container spawned from the GitLab runner

AWS Configuration

• Credential Source: No explicit credential specification required previously
• ECR Pull-Through Cache: Unknown (How to determine if ECR pull-through cache is being used?)

Network Configuration

• Proxy Settings: No proxy set
• Image Source: All images pulled through Nexus setup to reduce external traffic

IMDS Reachability Checks

• Basic IMDS Check:

  curl -s -o /dev/null -w "%{http_code}\n" http://169.254.169.254

  • Unable to run from Trivy docker container (curl not installed)
  • Returns 200 when run from the EC2 instance

• IMDSv2 Token Flow:

  curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" -s -o /dev/null -w "%{http_code}\n"

  • Returns 200 from the EC2 instance

Reproduction Steps

• Minimal Reproducer: Unable to provide
• CI/CD Workflow Files: Unable to provide
• Debug Logs: See attached file (referenced but not included)
• Container Networking Specifics: See debug file (referenced but not included)

[jscancella]

debug-output.txt

[jscancella]

@knqyf263 anything else you need/want? Or is there a work around I can do in the meantime while this is worked on?

[jscancella]

@knqyf263

Minimal steps to reproduce:

• log into EC2 instance
• run sudo docker run --rm -it --entrypoint sh <REDACTED>/aquasec/trivy:0.66.0
• run trivy image --exit-code 1 --cache-dir .trivycache/ --db-repository <REDACTED>/aquasecurity/trivy-db --severity HIGH,CRITICAL --no-progress "<REDACTED>.dkr.ecr.<REDACTED>.amazonaws.com/<REDACTED>:SNAPSHOT-99088d0d"
• Get error:

[jscancella]

Correct, this is just me manually running the docker container on a EC2 instance. This all works perfectly in version 0.65.0 and the version that @DmitriyLewen made, so I don't think it is IAM role issues. The screenshot shows it is complaining about being unauthorized I tried setting TRIVY_USERNAME and TRIVY_PASSWORD and then the scan works:

export TRIVY_USERNAME="AWS"
export TRIVY_PASSWORD=$(aws ecr get-login-password --region "us-east-1")

Debug output:

/ # trivy image --exit-code 1 --cache-dir .trivycache/ --db-repository <REDACTED>/aquasecurity/trivy-db --java-db-repository <REDACTED>/aquasecu
rity/trivy-java-db --severity HIGH,CRITICAL --no-progress "<REDACTED>.dkr.ecr.<REDACTED>.amazonaws.com/<REDACTED>:SNAPSHOT-401c5b20"
2025-09-29T11:39:17Z    DEBUG   No plugins loaded
2025-09-29T11:39:17Z    DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2025-09-29T11:39:17Z    DEBUG   Cache dir       dir=".trivycache/"
2025-09-29T11:39:17Z    DEBUG   Cache dir       dir=".trivycache/"
2025-09-29T11:39:17Z    INFO    Adding schema version to the DB repository for backward compatibility   repository="<REDACTED>/aquasecurity/trivy-db:2"
2025-09-29T11:39:17Z    INFO    Adding schema version to the DB repository for backward compatibility   repository="<REDACTED>/aquasecurity/trivy-java-db:1"
2025-09-29T11:39:17Z    DEBUG   Parsed severities       severities=[HIGH CRITICAL]
2025-09-29T11:39:17Z    DEBUG   Ignore statuses statuses=[]
2025-09-29T11:39:17Z    DEBUG   DB update was skipped because the local DB is the latest
2025-09-29T11:39:17Z    DEBUG   DB info schema=2 updated_at=2025-09-28T12:30:23.131696389Z next_update=2025-09-29T12:30:23.131696139Z downloaded_at=2025-09-29T11:37:25.4092
97578Z
2025-09-29T11:39:17Z    DEBUG   [pkg] Package types     types=[os library]
2025-09-29T11:39:17Z    DEBUG   [pkg] Package relationships     relationships=[unknown root workspace direct indirect]
2025-09-29T11:39:17Z    INFO    [vuln] Vulnerability scanning is enabled
2025-09-29T11:39:17Z    INFO    [secret] Secret scanning is enabled
2025-09-29T11:39:17Z    INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-09-29T11:39:17Z    INFO    [secret] Please see https://trivy.dev/v0.66/docs/scanner/secret#recommendation for faster secret detection
2025-09-29T11:39:17Z    DEBUG   Initializing scan cache...      type="fs"
2025-09-29T11:39:17Z    DEBUG   [notification] Running version check
2025-09-29T11:39:17Z    DEBUG   [notification] Version check completed  latest_version="0.66.0"
2025-09-29T11:39:22Z    DEBUG   Credential error        err="failed to get authorization token: operation error ECR: GetAuthorizationToken, get identity: get credentials: f
ailed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, canceled, context deadline exceeded"
2025-09-29T11:39:22Z    DEBUG   [image] Image found     image="<REDACTED>.dkr.ecr.<REDACTED>.amazonaws.com/<REDACTED>:SNAPSHOT-401c5b20" source="remote"
2025-09-29T11:39:22Z    DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2025-09-29T11:39:22Z    DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2025-09-29T11:39:22Z    DEBUG   Created process-specific temp directory path="/tmp/trivy-31"
2025-09-29T11:39:23Z    DEBUG   [image] Detected image ID       image_id="sha256:484f6efc492fb0653f1457649d21756c675d067ef27b9de23455f36874a5efe8"
2025-09-29T11:39:23Z    DEBUG   [image] Detected diff ID        diff_ids=[sha256:fe5c2b9a426e20c4362b39baf1f5f2598fdcdcc4d42cf626fa282ac97e4ef635 sha256:a53a121f5d7bc59ee32
4e4a2d08348893d5090b3552a77d5268ac969bc647687 sha256:858c1a8c5f0e31c703dc366e4643ef703812dcefefa292d73ec9d4ea48d68807 sha256:d8550f7bffa22629c52ad1bed6f566233d5c5e8defb92a2
7fcb518d3231faccb sha256:6d6559262e8dcc7d5c33a66c958cce45b393cc24d9ef351820b1e27581165109 sha256:6184a2d1569a655f1c437ef33b055e1c465612a1e6cea7d753d040f3e10f024b sha256:cdb
9646e5e2efa6d8b263dd0f7be58404ab47649acc83bf631ab040a0cf73a75 sha256:ffc27de8929e73858379c61ccd95c6e25c4e1e10eabbdc3db837d7a614a8d051 sha256:d2c622c8208d72b88e5722af7de14b62e2c6d1e61ff67a147a18cdcf38aa8fc0 sha256:7cde5e191b2c0bd18ccbc3e5c3d2dc10564e85d421372c4b754756a630d17110]
2025-09-29T11:39:23Z    DEBUG   [image] Detected base layers    diff_ids=[sha256:fe5c2b9a426e20c4362b39baf1f5f2598fdcdcc4d42cf626fa282ac97e4ef635]
2025-09-29T11:39:23Z    INFO    Detected OS     family="amazon" version="2 (Karoo)"
2025-09-29T11:39:23Z    INFO    [amazon] Detecting vulnerabilities...   os_version="2" pkg_num=118
2025-09-29T11:39:23Z    INFO    Number of language-specific files       num=1
2025-09-29T11:39:23Z    INFO    [jar] Detecting vulnerabilities...
2025-09-29T11:39:23Z    DEBUG   [jar] Scanning packages for vulnerabilities     file_path=""
2025-09-29T11:39:23Z    DEBUG   Specified ignore file does not exist    file=".trivyignore"
2025-09-29T11:39:23Z    DEBUG   [vex] VEX filtering is disabled

Report Summary

┌───────────────────────────────────────────────────────────────────────────┬────────┬─────────────────┬─────────┐
│                                  Target                                   │  Type  │ Vulnerabilities │ Secrets │
├───────────────────────────────────────────────────────────────────────────┼────────┼─────────────────┼─────────┤
│ <REDACTED>.dkr.ecr.<REDACTED>.amazonaws.com/<REDACTED>:SNAPSHOT-401c5b20  │ amazon │        0        │    -    │
│ (amazon 2 (Karoo))                                                        │        │                 │         │
├───────────────────────────────────────────────────────────────────────────┼────────┼─────────────────┼─────────┤
│ <REDACTED>-main-runnable.jar                                              │  jar   │        0        │    -    │
├───────────────────────────────────────────────────────────────────────────┼────────┼─────────────────┼─────────┤
│ opentelemetry-javaagent.jar                                               │  jar   │        0        │    -    │
└───────────────────────────────────────────────────────────────────────────┴────────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

2025-09-29T11:39:23Z    DEBUG   Cleaning up temp directory      path="/tmp/trivy-31"

[knqyf263]

so I don't think it is IAM role issues

I don’t mean it’s an IAM role issue, but since authentication succeeds without any problem with my IAM role settings, I’d like to know what kind of configuration would reproduce this error.

[jscancella]

Ok, how do I check what the role settings are? Or to put it another way, is there a screenshot I can provide you that will get you the information you need?

[jscancella]

Looks like this is moot - version 0.67.0 works fine

[chriskellyrelay]

Confirmed here. 0.67.0 works for us as well.