Trivy doesn't work on chiseled images

[jkvbe]

Description

When I run trivy on a minimal distroless container image produced with ubuntu's tool chisel (https://ubuntu.com/containers/chiseled). I get the following warning:

2025-09-24T10:33:59+02:00       WARN    [report] Supported files for scanner(s) not found.      scanners=[vuln]
2025-09-24T10:33:59+02:00       INFO    [report] No issues detected with scanner(s).    scanners=[secret]

Report Summary

┌────────┬──────┬─────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Secrets │
├────────┼──────┼─────────────────┼─────────┤
│   -    │  -   │        -        │    -    │
└────────┴──────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

So even if vulnerabilities were present in the dependencies, we wouldn't see them.

Also the sbom cannot be created.

Desired Behavior

I think Trivy should read the manifest file that is written by chisel: https://documentation.ubuntu.com/chisel/en/latest/reference/manifest/

Anyway other tools like docker scout or syft have no issues with the image.

Actual Behavior

Trivy outputs a warning and doesn't scan for vulnerabilities. The sbom doesn't contain the dependencies.

Microsoft offers pre-built dotnet chiseled images. They applied a temporary solution to make it work, see discussion on dotnet/dotnet-docker#5973.

We can implement that work-around as well, but if trivy would support the chisel manifest natively, we can avoid that extra complexity.

Reproduction Steps

1.: Create following Dockerfile:

FROM ubuntu:24.04 AS chisel

RUN apt-get update && apt-get install -y wget && apt-get install -y ca-certificates
RUN wget -O /tmp/chisel.tar.gz \
    https://github.com/canonical/chisel/releases/download/v1.1.0/chisel_v1.1.0_linux_amd64.tar.gz && \
    tar -xzf /tmp/chisel.tar.gz -C /usr/bin/ chisel

# Create the target directory for chiseling
RUN mkdir -p /chiseled-rootfs

2. Run the following command:
$  docker build . -t chisel:latest

3. trivy image chisel:latest

Target

Container Image

Scanner

Vulnerability

Output Format

None

Mode

Standalone

Debug Output

trivy --debug image chisel:latest
2025-09-24T10:57:27+02:00       DEBUG   Default config file "file_path=trivy.yaml" not found, using built in values
2025-09-24T10:57:27+02:00       DEBUG   Cache dir       dir="/home/user/.cache/trivy"
2025-09-24T10:57:27+02:00       DEBUG   Cache dir       dir="/home/user/.cache/trivy"
2025-09-24T10:57:27+02:00       DEBUG   Parsed severities       severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2025-09-24T10:57:27+02:00       DEBUG   Ignore statuses statuses=[]
2025-09-24T10:57:27+02:00       DEBUG   DB update was skipped because the local DB is the latest
2025-09-24T10:57:27+02:00       DEBUG   DB info schema=2 updated_at=2025-09-24T06:25:26.717251712Z next_update=2025-09-25T06:25:26.717251552Z downloaded_at=2025-09-24T07:49:06.240737747Z
2025-09-24T10:57:27+02:00       DEBUG   [pkg] Package types     types=[os library]
2025-09-24T10:57:27+02:00       DEBUG   [pkg] Package relationships     relationships=[unknown root workspace direct indirect]
2025-09-24T10:57:27+02:00       INFO    [vuln] Vulnerability scanning is enabled
2025-09-24T10:57:27+02:00       INFO    [secret] Secret scanning is enabled
2025-09-24T10:57:27+02:00       INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2025-09-24T10:57:27+02:00       DEBUG   [notification] Running version check
2025-09-24T10:57:27+02:00       INFO    [secret] Please see https://trivy.dev/v0.66/docs/scanner/secret#recommendation for faster secret detection
2025-09-24T10:57:27+02:00       DEBUG   Initializing scan cache...      type="fs"
2025-09-24T10:57:27+02:00       DEBUG   Created process-specific temp directory path="/tmp/trivy-20560"
2025-09-24T10:57:27+02:00       DEBUG   [image] Image found     image="chisel:latest" source="docker"
2025-09-24T10:57:27+02:00       DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2025-09-24T10:57:27+02:00       DEBUG   [secret] No secret config detected      config_path="trivy-secret.yaml"
2025-09-24T10:57:27+02:00       DEBUG   [image] Detected image ID       image_id="sha256:a91aec32ebc76dd62b1bc5a3fa23600457993194f94aa7eed655c8dcf925985d"
2025-09-24T10:57:27+02:00       DEBUG   [image] Detected diff ID        diff_ids=[sha256:85f46088cbec7466f4f295c9ab90abf332e6b7d8d94d6f9dd7232532d723cda6]
2025-09-24T10:57:27+02:00       DEBUG   [image] Detected base layers    diff_ids=[]
2025-09-24T10:57:27+02:00       DEBUG   OS is not detected.
2025-09-24T10:57:27+02:00       DEBUG   Detected OS: unknown
2025-09-24T10:57:27+02:00       INFO    Number of language-specific files       num=0
2025-09-24T10:57:27+02:00       DEBUG   Found an ignore file    file_path=".trivyignore"
2025-09-24T10:57:27+02:00       DEBUG   [vex] VEX filtering is disabled
2025-09-24T10:57:27+02:00       WARN    [report] Supported files for scanner(s) not found.      scanners=[vuln]
2025-09-24T10:57:27+02:00       INFO    [report] No issues detected with scanner(s).    scanners=[secret]

Report Summary

┌────────┬──────┬─────────────────┬─────────┐
│ Target │ Type │ Vulnerabilities │ Secrets │
├────────┼──────┼─────────────────┼─────────┤
│   -    │  -   │        -        │    -    │
└────────┴──────┴─────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

2025-09-24T10:57:27+02:00       DEBUG   Cleaning up temp directory      path="/tmp/trivy-20560"

Operating System

Ubuntu

Version

trivy --version
Version: 0.66.0
Vulnerability DB:
  Version: 2
  UpdatedAt: 2025-09-24 06:25:26.717251712 +0000 UTC
  NextUpdate: 2025-09-25 06:25:26.717251552 +0000 UTC
  DownloadedAt: 2025-09-24 07:49:06.240737747 +0000 UTC
Check Bundle:
  Digest: sha256:a471e90b7c7335e914ec9075b74cf8f65e4c91e6cecfa7e39c587382808d2684
  DownloadedAt: 2025-07-02 08:48:33.950337912 +0000 UTC

Checklist

• Run trivy clean --all
• Read the troubleshooting

[itaysk]

thanks for taking the time to start a discussion and suggesting an implementation. first, this can't be called a bug, it's a feature request. second, there's an existing discussion and POC here: #8644 so I'll be closing this one in favor of the existing discussion.

[jkvbe]

Can you please point me to the existing discussion? The reference you gave is this issue. Thanks.

[knqyf263]

This one: #8644