No private registry credentials for containers being analyzed by jobs where at least one image has a ClusterSbomReport

[festeveira]

What steps did you take and what happened:

Running trivy-operator in a kubernetes cluster with sbom cache enabled. After some scans some ClusterSbomReports are present. Consequently, when trivy-operator scans a pod with more that one container where one image that does not have a corresponding ClusterSbomReport and is from a private registry, and at least one image has a corresponding ClusterSbomReport, the generated pod spec does not include private registry credentials, causing the scan to fail for that image.

What did you expect to happen:
Private registry credentials being correctly generated for the container running the private registry image.

Anything else you would like to add:
After reading the code for a bit I believe the problem is related to this line of code.

Environment:

• Trivy-Operator version (use trivy-operator version): 0.28.0
• Kubernetes version (use kubectl version): v1.32.7
• OS (macOS 10.15, Windows 10, Ubuntu 19.10 etc): Debian 12

[festeveira]

Hello! Any news on this issue?

[KristopherBorja]

I can confirm I am having the same exact issue.

Version 0.32.0 with Trivy binary 0.69.3