search

Mixeway / MixewayScanner

Mixeway Scanner is Spring Boot application which aggregate integration with number of OpenSource Vulnerability scanners - both SAST and DAST types
https://mixeway.io
MIT License
21 stars 2 forks source link

Mixeway Scanner output returning [] #8

Open shameem2001 opened 2 months ago

shameem2001 commented 2 months ago 
docker run -e MODE=STANDALONE -e MIXEWAY_URL=https://10.7.130.31 -e MIXEWAY_KEY=93856cb5-9166-46b7-8b64-f2a45b64951c -e MIXEWAY_PROJECT_ID=8 -e MIXEWAY_PROJECT_NAME=Shameem -e COMMIT_ID=88da099350900bd893a7ce5d9f4862282a8cd5c6 -e BRANCH=master -v ${PWD}:/opt/sources mixeway/scanner:latest
Starting Dependency-Track
Waiting for NVD to load
Starting Mixeway Scanner APP
Selected mode: STANDALONE

  .   ____          _            __ _ _
 /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
 \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
  '  |____| .__|_| |_|_| |_\__, | / / / /
 =========|_|==============|___/=/_/_/_/
 :: Spring Boot ::        (v2.3.3.RELEASE)

2024-09-09 09:48:52.201  INFO 59 --- [           main] io.mixeway.scanner.ScannerApplication    : Starting ScannerApplication v0.0.1-SNAPSHOT on 633be5bdea52 with PID 59 (/app/app.jar started by root in /app)
2024-09-09 09:48:52.204  INFO 59 --- [           main] io.mixeway.scanner.ScannerApplication    : No active profile set, falling back to default profiles: default
2024-09-09 09:48:52.815  INFO 59 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2024-09-09 09:48:52.899  INFO 59 --- [           main] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 73ms. Found 3 JPA repository interfaces.
2024-09-09 09:48:53.360  INFO 59 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Starting...
2024-09-09 09:48:53.542  INFO 59 --- [           main] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Start completed.
2024-09-09 09:48:53.977  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : SELECT COUNT(*) FROM PUBLIC.DATABASECHANGELOGLOCK
2024-09-09 09:48:53.987  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : CREATE TABLE PUBLIC.DATABASECHANGELOGLOCK (ID INT NOT NULL, LOCKED BOOLEAN NOT NULL, LOCKGRANTED TIMESTAMP, LOCKEDBY VARCHAR(255), CONSTRAINT PK_DATABASECHANGELOGLOCK PRIMARY KEY (ID))
2024-09-09 09:48:53.991  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : SELECT COUNT(*) FROM PUBLIC.DATABASECHANGELOGLOCK
2024-09-09 09:48:53.993  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : DELETE FROM PUBLIC.DATABASECHANGELOGLOCK
2024-09-09 09:48:53.994  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : INSERT INTO PUBLIC.DATABASECHANGELOGLOCK (ID, LOCKED) VALUES (1, FALSE)
2024-09-09 09:48:53.996  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : SELECT LOCKED FROM PUBLIC.DATABASECHANGELOGLOCK WHERE ID=1
2024-09-09 09:48:54.002  INFO 59 --- [           main] l.lockservice.StandardLockService        : Successfully acquired change log lock
2024-09-09 09:48:54.028  INFO 59 --- [           main] l.c.StandardChangeLogHistoryService      : Creating database history table with name: PUBLIC.DATABASECHANGELOG
2024-09-09 09:48:54.030  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : CREATE TABLE PUBLIC.DATABASECHANGELOG (ID VARCHAR(255) NOT NULL, AUTHOR VARCHAR(255) NOT NULL, FILENAME VARCHAR(255) NOT NULL, DATEEXECUTED TIMESTAMP NOT NULL, ORDEREXECUTED INT NOT NULL, EXECTYPE VARCHAR(10) NOT NULL, MD5SUM VARCHAR(35), DESCRIPTION VARCHAR(255), COMMENTS VARCHAR(255), TAG VARCHAR(255), LIQUIBASE VARCHAR(20), CONTEXTS VARCHAR(255), LABELS VARCHAR(255), DEPLOYMENT_ID VARCHAR(10))
2024-09-09 09:48:54.031  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : SELECT COUNT(*) FROM PUBLIC.DATABASECHANGELOG
2024-09-09 09:48:54.031  INFO 59 --- [           main] l.c.StandardChangeLogHistoryService      : Reading from PUBLIC.DATABASECHANGELOG
2024-09-09 09:48:54.032  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : SELECT * FROM PUBLIC.DATABASECHANGELOG ORDER BY DATEEXECUTED ASC, ORDEREXECUTED ASC
2024-09-09 09:48:54.033  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : SELECT COUNT(*) FROM PUBLIC.DATABASECHANGELOGLOCK
2024-09-09 09:48:54.043  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : create table dependencytrack
(
    id serial primary key,
    enabled boolean,
    apikey text
)
2024-09-09 09:48:54.046  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : create table scannertype(
    id serial primary key,
    name text
)
2024-09-09 09:48:54.047  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : insert into scannertype (name) values ('DependencyTrack'), ('Spotbug')
2024-09-09 09:48:54.050  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : create table scan (
    id serial primary key,
    scannertype_id int references scannertype(id),
    inserted date,
    running boolean
)
2024-09-09 09:48:54.054  INFO 59 --- [           main] liquibase.changelog.ChangeSet            : Custom SQL executed
2024-09-09 09:48:54.054  INFO 59 --- [           main] liquibase.changelog.ChangeSet            : ChangeSet classpath:db/changelog/changelog.sql::prerelease::gsiewruk ran successfully in 17ms
2024-09-09 09:48:54.054  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : SELECT MAX(ORDEREXECUTED) FROM PUBLIC.DATABASECHANGELOG
2024-09-09 09:48:54.449  INFO 59 --- [           main] liquibase.executor.jvm.JdbcExecutor      : INSERT INTO PUBLIC.DATABASECHANGELOG (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('prerelease', 'gsiewruk', 'classpath:db/changelog/changelog.sql', NOW(), 1, '8:4f8efec46440a4b16d6d725c28d5b06c', 'sql', '', 'EXECUTED', NULL, NULL, '3.8.0', '5875334033')
2024-09-09 09:48:54.453  INFO 59 --- [           main] l.lockservice.StandardLockService        : Successfully released change log lock
2024-09-09 09:48:54.730  INFO 59 --- [           main] o.hibernate.jpa.internal.util.LogHelper  : HHH000204: Processing PersistenceUnitInfo [name: default]
2024-09-09 09:48:55.112  INFO 59 --- [           main] org.hibernate.Version                    : HHH000412: Hibernate ORM core version 5.4.20.Final
2024-09-09 09:48:55.301  INFO 59 --- [           main] o.hibernate.annotations.common.Version   : HCANN000001: Hibernate Commons Annotations {5.1.0.Final}
2024-09-09 09:48:55.652  INFO 59 --- [           main] org.hibernate.dialect.Dialect            : HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
2024-09-09 09:48:56.358  INFO 59 --- [           main] o.h.e.t.j.p.i.JtaPlatformInitiator       : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2024-09-09 09:48:56.373  INFO 59 --- [           main] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2024-09-09 09:48:56.921  INFO 59 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2101b44a, org.springframework.security.web.context.SecurityContextPersistenceFilter@302a07d, org.springframework.security.web.header.HeaderWriterFilter@2d36e77e, org.springframework.security.web.authentication.logout.LogoutFilter@4218500f, io.mixeway.scanner.config.TokenAuthenticationFilter@2cc3ad05, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@8c11eee, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5cbe877d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@710b18a6, org.springframework.security.web.session.SessionManagementFilter@366c4480, org.springframework.security.web.access.ExceptionTranslationFilter@40dff0b7, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@333dd51e]
2024-09-09 09:48:57.102  INFO 59 --- [           main] o.s.s.c.ThreadPoolTaskScheduler          : Initializing ExecutorService 'taskScheduler'
2024-09-09 09:48:57.123  INFO 59 --- [           main] io.mixeway.scanner.ScannerApplication    : Started ScannerApplication in 5.435 seconds (JVM running for 5.88)
2024-09-09 09:48:57.125  INFO 59 --- [           main] i.m.s.standalone.StandAloneService       : Running Standalone Mixeway Scanner App
2024-09-09 09:48:57.126  INFO 59 --- [           main] i.m.s.standalone.StandAloneService       : Directory is properly mounted proceeding...
2024-09-09 09:49:00.487  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Default admin password changed
2024-09-09 09:49:02.901  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Permission for API enabled
2024-09-09 09:49:02.942  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Successfully saved apiKey
2024-09-09 09:49:04.048  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Successfully set OSS integration. DependencyTrack activated
2024-09-09 09:49:04.105  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Successfully created Dependency Track project for standaloneApp with UUID 828b96ac-2843-44e8-9491-ec06ee81a485
2024-09-09 09:49:04.105  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Get UUID 828b96ac-2843-44e8-9491-ec06ee81a485 and type of project NPM
2024-09-09 09:49:20.871  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Installed CycloneDX NPM for /opt/sources
2024-09-09 09:49:20.873  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Generated SBOM for /opt/sources
2024-09-09 09:49:21.189  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] SBOM for 828b96ac-2843-44e8-9491-ec06ee81a485 uploaded successfully
2024-09-09 09:49:21.189  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Scan completed for /opt/sources
2024-09-09 09:49:21.218  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Successfully created Dependency Track project for standaloneApp with UUID 6fa7467b-e232-4492-ba54-6e086669ef42
2024-09-09 09:49:21.218  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Get UUID 6fa7467b-e232-4492-ba54-6e086669ef42 and type of project NPM
2024-09-09 09:49:23.149  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Installed CycloneDX NPM for /opt/sources/backend
2024-09-09 09:49:23.151  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Generated SBOM for /opt/sources/backend
2024-09-09 09:49:23.170  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] SBOM for 6fa7467b-e232-4492-ba54-6e086669ef42 uploaded successfully
2024-09-09 09:49:23.170  INFO 59 --- [           main] i.m.s.i.scanner.DependencyTrack          : [Dependency Track] Scan completed for /opt/sources/backend
[ ]
2024-09-09 09:50:23.366 ERROR 59 --- [           main] io.mixeway.scanner.utils.GitOperations   : [GIT] Unable to load GIT informations reason - No HEAD exists and no explicit starting revision was specified
2024-09-09 09:50:23.374  INFO 59 --- [           main] i.m.scanner.utils.MixewayConnector       : [Mixeway Connector] Mixeway integraiton is enabled. Starting to push the results to https://10.7.130.31
2024-09-09 09:50:23.650  INFO 59 --- [           main] i.m.scanner.utils.MixewayConnector       : [Mixeway Connector] Results pushed and already visible at https://10.7.130.31
2024-09-09 09:50:23.657  INFO 59 --- [extShutdownHook] o.s.s.c.ThreadPoolTaskScheduler          : Shutting down ExecutorService 'taskScheduler'
2024-09-09 09:50:23.665  INFO 59 --- [extShutdownHook] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default'
2024-09-09 09:50:23.671  INFO 59 --- [extShutdownHook] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Shutdown initiated...
2024-09-09 09:50:23.675  INFO 59 --- [extShutdownHook] com.zaxxer.hikari.HikariDataSource       : HikariPool-1 - Shutdown completed.
siewer commented 2 months ago

2024-09-09 09:50:23.366 ERROR 59 --- [ main] io.mixeway.scanner.utils.GitOperations : [GIT] Unable to load GIT informations reason - No HEAD exists and no explicit starting revision was specified

Are You sure that in -v ${PWD}:/opt/sources Your current directory there is a git repository with a source code?

Can You output result of ls -la before running docker command?

shameem-qburst commented 2 months ago

image

I have added bom.xml to root directory and backend directory by curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sudo sh -s -- -b /usr/local/bin syft dir:. -o cyclonedx-xml > bom.xml command. Should I have Sonatype oss setup or mvn setup ready?

siewer commented 2 months ago

so what scanner is looking for is .git repository as it is required to scan git reposutories.

It appear that Your location is not a git repository. As a workaround You can create dummy repo with

git init
git add .
git commit -m "dummy test"

it will do nothing but it will allow scanner to find a HEAD

shameem-qburst commented 2 months ago

I have done this and it didnt work.

Could you explain the correct steps to take while doing the scanning.