"Trivy Image Scan Jobs Failing with exec: "trivy": executable file not found in $PATH on ARM64 EKS Nodes" #2716
Description
Here’s how you can structure your GitHub issue for aquasecurity/trivy-operator using the format you mentioned:
What steps did you take and what happened:
I deployed the Trivy Operator on an ARM64 EKS cluster and updated the CronJob/agent image to a custom ARM64 image. When triggering scan jobs, they fail immediately with the following error in the logs:
failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: exec: "trivy": executable file not found in $PATH: unknown
Example log snippet:
{"level":"error","ts":"2025-08-18T08:05:44Z","logger":"reconciler.scan job","msg":"Scan job container","job":"trivy-system/scan-vulnerabilityreport-55966475dd","container":"0f8a7c7a-fe86-4ff1-b797-23a53cc49a7b","status.reason":"StartError","status.message":"failed to create containerd task: failed to create shim task: OCI runtime create failed: unable to start container process: error during container init: exec: "trivy": executable file not found in $PATH: unknown","stacktrace":"..."}
What did you expect to happen:
The scan jobs should start successfully and execute the trivy command using the provided ARM64 custom image.
Anything else you would like to add:
I am using a custom HP-built ARM64 image (trivy_operator_Linux_ARM64) for EKS ARM64 nodes because the official multi-arch Trivy image does not push results to AWS Security Hub.
The operator deployment and CronJob use the correct image, and pods start, but scan jobs fail immediately.
Environment:
Trivy-Operator version: v0.28.0
kubectl get deployment trivy-operator -n trivy-system -o jsonpath='{.spec.template.spec.containers[0].image}'
943535361612.dkr.ecr.us-east-1.amazonaws.com/trivy-operator-agent:arm64
Kubernetes version: 1.32
OS: Amazon Linux 2
Architecture: ARM64 EKS nodes