tar ball scanning broken #120
Description
Thanks for providing trivy and the action. I'm trying to supply input to scan an image directly after building it. The action fails like this:
Running trivy with options: --format json --exit-code 1 --ignore-unfixed --vuln-type os,library --severity CRITICAL --no-progress --input /tmp/image.tar
Global options:
[20](https://github.com/org/repo/runs/6794428833?check_suite_focus=true#step:8:21)22-06-08T13:33:04.686Z INFO Need to update DB
2022-06-08T13:33:04.686Z INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2022-06-08T13:33:04.686Z INFO Downloading DB...
20[22](https://github.com/org/repo/runs/6794428833?check_suite_focus=true#step:8:23)-06-08T13:33:06.801Z FATAL image scan error: scan error: unable to initialize a scanner: unable to initialize the archive scanner: 2 errors occurred:
* unable to open /tmp/image.tar as a Docker image: unable to open the file: open /tmp/image.tar: no such file or directory
* unable to open /tmp/image.tar as an OCI Image: stat /tmp/image.tar/index.json: no such file or directory
Looking at #23 it seemed to work on day.
Trivy is actually trying to scan inside it's own container.
I can replicate the error locally. I have to mount the dir of the tarball to make it work
docker run -it -v /tmp:/tmp 740fe346690b "-a image" "-l /tmp/image.tar"