Unable to initialize fs cache

[sebastianvoss]

Description

When running trivy k8s --report=summary --include-namespaces some-ns --scanners=vuln --timeout=15m --cache-dir=~/tmp/trivy-cache results in error.

I already checked the docs and there is no other trivy process running. The cache directory is writable and has enough space.

Desired Behavior

Scan should work without errors

Actual Behavior

2025-09-21T19:07:49+02:00	ERROR	Error during vulnerabilities or misconfiguration scan	err="scan error: unable to initialize a scan service: unable to initialize an image scan service: unable to initialize fs cache: cache may be in use by another process: timeout"

Reproduction Steps

Run `trivy k8s --report=summary`

Target

Kubernetes

Scanner

Vulnerability

Output Format

Table

Mode

Standalone

Debug Output

2025-09-21T19:16:38+02:00	DEBUG	No plugins loaded
2025-09-21T19:16:38+02:00	DEBUG	Default config file "file_path=trivy.yaml" not found, using built in values
2025-09-21T19:16:38+02:00	DEBUG	Cache dir	dir="~/tmp/trivy-cache"
2025-09-21T19:16:38+02:00	DEBUG	Cache dir	dir="~/tmp/trivy-cache"
2025-09-21T19:16:38+02:00	DEBUG	Parsed severities	severities=[UNKNOWN LOW MEDIUM HIGH CRITICAL]
2025-09-21T19:16:38+02:00	DEBUG	Ignore statuses	statuses=[]
2025-09-21T19:16:43+02:00	INFO	Node scanning is enabled
2025-09-21T19:16:43+02:00	INFO	If you want to disable Node scanning via an in-cluster Job, please try '--disable-node-collector' to disable the Node-Collector job.
2025-09-21T19:16:43+02:00	DEBUG	DB update was skipped because the local DB is the latest
2025-09-21T19:16:43+02:00	DEBUG	DB info	schema=2 updated_at=2025-09-21T12:25:41.227237535Z next_update=2025-09-22T12:25:41.227237264Z downloaded_at=2025-09-21T16:56:54.206661Z
2025-09-21T19:16:43+02:00	INFO	Scanning K8s...	K8s="xxx"
2025-09-21T19:16:43+02:00	DEBUG	[notification] Running version check
2025-09-21T19:16:43+02:00	DEBUG	[notification] Version check completed	latest_version="0.66.0"
47 / 47 [--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 1 p/s
2025-09-21T19:17:19+02:00	ERROR	Error during vulnerabilities or misconfiguration scan	err="scan error: unable to initialize a scan service: unable to initialize an image scan service: unable to initialize fs cache: cache may be in use by another process: timeout"
2025-09-21T19:17:19+02:00	ERROR	Error during vulnerabilities or misconfiguration scan	err="scan error: unable to initialize a scan service: unable to initialize an image scan service: unable to initialize fs cache: cache may be in use by another process: timeout"

Operating System

macOS 15.7

Version

0.66.0

Checklist

• Run trivy clean --all
• Read the troubleshooting

[afdesk]

@sebastianvoss thanks for the report!
I'll take a look

[afdesk]

track #9503

there is a workaround for a while:

$ trivy k8s --report=summary --scanners=vuln --cache-backend memory

[yrosemacbs]

Not sure if this is the correct place to drop this but we are running into this same error message with the latest version of the operator (0.30.0) and trivy version 0.69.1.
Here is the error message we get back in the operator logs:

{
  "level": "error",
  "ts": "2026-02-17T12:27:02Z",
  "logger": "reconciler.scan job",
  "msg": "Scan job container",
  "job": "trivy-operator-tst/scan-vulnerabilityreport-65d48894d7",
  "container": "dbup-struct",
  "status.reason": "Error",
  "status.message": "2026-02-17T12:26:49Z\tINFO\tLoaded\tfile_path=\"/etc/trivy/trivy-config.yaml\"\n2026-02-17T12:26:49Z\tINFO\tAdding schema version to the DB repository for backward compatibility\trepository=\"registry.user-np01.k8s.cbsp.nl/docker.io/aquasec/trivy-java-db:1\"\n2026-02-17T12:26:49Z\tWARN\t\"--slow\" is deprecated. Use \"--parallel 1\" instead.\n2026-02-17T12:26:49Z\tINFO\t[image] Container image config scanners\tscanners=[secret]\n2026-02-17T12:26:49Z\tINFO\t[vuln] Vulnerability scanning is enabled\n2026-02-17T12:26:49Z\tINFO\t[secret] Secret scanning is enabled\n2026-02-17T12:26:49Z\tINFO\t[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning\n2026-02-17T12:26:49Z\tINFO\t[secret] Please see https://trivy.dev/docs/v0.69/guide/scanner/secret#recommendation for faster secret detection\n2026-02-17T12:26:54Z\tERROR\tFailed to acquire cache or database lock, see https://trivy.dev/docs/v0.69/guide/references/troubleshooting#database-and-cache-lock-errors for troubleshooting\n2026-02-17T12:26:54Z\tFATAL\tFatal error\trun error: image scan error: scan error: unable to initialize a scan service: unable to initialize cache: unable to initialize fs cache: cache may be in use by another process: timeout\n",
  "stacktrace": "github.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).completedContainers\n\t/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:454\ngithub.com/aquasecurity/trivy-operator/pkg/vulnerabilityreport/controller.(*ScanJobController).SetupWithManager.(*ScanJobController).reconcileJobs.func1\n\t/home/runner/work/trivy-operator/trivy-operator/pkg/vulnerabilityreport/controller/scanjob.go:103\nsigs.k8s.io/controller-runtime/pkg/reconcile.TypedFunc[...].Reconcile\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/reconcile/reconcile.go:134\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:216\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:461\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:421\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func1.1\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.22.1/pkg/internal/controller/controller.go:296"
}

Filtering out status.message:

2026-02-17T12:26:49Z	INFO	Loaded	file_path=\"/etc/trivy/trivy-config.yaml\"
2026-02-17T12:26:49Z	INFO	Adding schema version to the DB repository for backward compatibility	repository=\"registry.user-np01.k8s.cbsp.nl/docker.io/aquasec/trivy-java-db:1\"
2026-02-17T12:26:49Z	WARN	\"--slow\" is deprecated. Use \"--parallel 1\" instead.
2026-02-17T12:26:49Z	INFO	[image] Container image config scanners	scanners=[secret]
2026-02-17T12:26:49Z	INFO	[vuln] Vulnerability scanning is enabled
2026-02-17T12:26:49Z	INFO	[secret] Secret scanning is enabled
2026-02-17T12:26:49Z	INFO	[secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2026-02-17T12:26:49Z	INFO	[secret] Please see https://trivy.dev/docs/v0.69/guide/scanner/secret#recommendation for faster secret detection
2026-02-17T12:26:54Z	ERROR	Failed to acquire cache or database lock, see https://trivy.dev/docs/v0.69/guide/references/troubleshooting#database-and-cache-lock-errors for troubleshooting
2026-02-17T12:26:54Z	FATAL	Fatal error	run error: image scan error: scan error: unable to initialize a scan service: unable to initialize cache: unable to initialize fs cache: cache may be in use by another process: timeout

[afdesk]

@yrosemacbs thanks for the report!
at first, it would be great to create such issues in trivy-operator repo in the future.

did you try to set up cache-backend: memory in the settings?

trivy:
  configFile:
    cache:
      backend: "memory"