Open mpaine-act opened 2 years ago
Thank you for the issue. Ah I see you're using the "scan" keyword. Sorry for the inconvenience, we made a backwards incompatible change a few versions ago. Below is the output of the cdefense command. We weren't aware that customers are using the "scan" keyword. Please change it to "sca" or "oss".
The "scan" keyword is being used to revamp the cdefense 2.0 to run both SCA and SAST in parallel, but it is still experimental as SAST uses docker and SCA does not. Can you please change your script from: cdefense scan => cdefense oss and let me know what you experience.
NAME: Cloud Defense CLI Scanner - CLI for scanning and detecting vulnerabilities in any language. Scan results sent to https://console.clouddefenseai.com
USAGE: cdefense [global options] command [command options] [arguments...]
VERSION: 1.29.3
COMMANDS: oss, sca, s SCA scan of a given project code, sast, t SAST scan of a given project scan, security SCA & SAST scan of a given project website, dast, d DAST scan of a given URL endpoint container, c Container scan of a given docker image api, a, apiscan API scan of a given API URL endpoint iast, i IAST scan of a given project kubernetes, k Static code analysis of Kubernetes object definitions serverless, l Serverless scan for provided function terraform, t Static code analysis of Terraform update, u Update cdefense login, auth Authenticate the cdefense binary so you don't need to pass in API Keys. credentials, cred, credential Display the credentials help, h Shows a list of commands or help for one command
GLOBAL OPTIONS: --help, -h show help (default: false) --version, -v print the version (default: false)
@mpaine-act Also can you confirm that you're on release version 1.29.3? We also have a new feature on that where you can run:
cdefense sast --api-key ..... --lang=dotnet --no-docker (--no-docker is only available for dotnet sast right now, it's significantly faster but still experimental).
Thank you. I downloaded the 1.29.1 version and got the parameter from the COMMAND section of the executable.
I changed to oss and that fixed it for me. Thank you.
Latest windows version of cdefense.exe throws error.
P:\github\CloudDefenseAI\cdefense : time="2022-01-24T15:52:20-08:00" level=info msg="Scan logs can be found at: C:\temp\2\cdefense_a19965bc-b827-45a8-8783-ad3f77b5ad80.log" At line:1 char:1
Can not pull image. Latest local image will be used panic: runtime error: invalid memory address or nil pointer dereference [signal 0xc0000005 code=0x0 addr=0x10 pc=0x8bbf71] goroutine 1 [running]: io.copyBuffer(0x651c344, 0x18cb2d98, 0x0, 0x0, 0x18cc0000, 0x8000, 0x8000, 0x8586ce, 0x68cd79c, 0x0, ...) /usr/local/Cellar/go@1.16/1.16.9/libexec/src/io/io.go:423 +0xc1 io.Copy(...) /usr/local/Cellar/go@1.16/1.16.9/libexec/src/io/io.go:382 os.genericReadFrom(0x18006178, 0x0, 0x0, 0xe79600, 0xefd3c0, 0x68a6901, 0x39d65ac8) /usr/local/Cellar/go@1.16/1.16.9/libexec/src/os/file.go:160 +0x8d os.(File).ReadFrom(0x18006178, 0x0, 0x0, 0x39d65ac8, 0x18006178, 0x1805a201, 0x18116300) /usr/local/Cellar/go@1.16/1.16.9/libexec/src/os/file.go:154 +0x59 io.copyBuffer(0x651b944, 0x18006178, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, 0x0, ...) /usr/local/Cellar/go@1.16/1.16.9/libexec/src/io/io.go:409 +0x2c2 io.Copy(...) /usr/local/Cellar/go@1.16/1.16.9/libexec/src/io/io.go:382 main.(SASTScan).RunDocker(0x18c95540, 0x1817ff60, 0x4, 0x0, 0x0) /Users/abhi/work/cdefense/src/sast.go:124 +0x489 main.initalizeCommands.func3(0x1817ff60, 0x180847e0, 0xf) /Users/abhi/work/cdefense/src/main.go:222 +0x2be github.com/urfave/cli.(Command).Run(0x1805abd0, 0x1817fb60, 0x0, 0x0) /Users/abhi/go/src/github.com/urfave/cli/command.go:163 +0x3c4 github.com/urfave/cli.(App).RunContext(0x18102000, 0x65208ec, 0x18010108, 0x18024160, 0x4, 0x4, 0x0, 0x0) /Users/abhi/go/src/github.com/urfave/cli/app.go:313 +0x651 github.com/urfave/cli.(*App).Run(...) /Users/abhi/go/src/github.com/urfave/cli/app.go:224 main.main() /Users/abhi/work/cdefense/src/main.go:935 +0x80