install to gitlab-ci

[john047]

What happened: can't to install to gitlab-ci

How to reproduce it (as minimally and precisely as possible): I used next stage fot my task:

horusec:
  stage: check-code
  image: horuszup/horusec-cli:v2.8
  services:
    - docker:19.03.12
  script:
    - docker run -v ${CI_PROJECT_DIR}:/src horuszup/horusec-cli:v2.8 horusec start -p /src -P ${CI_PROJECT_DIR} --output-format json --json-output-file horusec-report.json
  artifacts:
    paths:
      - horusec-report.json
    expire_in: 1 weeks

Anything else we need to know?: I can't use dind service because runner configured without privileged mode and it cannot be reconfigured.

Environment:

• Horusec version (use horusec version):

Version: v2.8.0 Git commit: df32c1ce03d2de748cecb76cff383f2851e198c3 Built: Wed Jun 08 13:57:08 2022 Distribution: normal

• Others:

logs from gitlab-ci:

time="2022-06-10T11:17:25Z" level=warning msg="{HORUSEC_CLI} Config file not found"
time="2022-06-10T11:17:25Z" level=error msg="{HORUSEC_CLI} Error when check if docker requirement it's ok!" error="error during connect: Get \"http://...": dial tcp: lookup docker on IPAddress: no such host"
time="2022-06-10T11:17:25Z" level=info msg="{HORUSEC_CLI} If your docker is not installed check in docs of how to install in:\n\t\thttps://docs.docker.com/get-docker\n\t"
Error: error during connect: Get "http://...": dial tcp: lookup docker on IPAddress: no such host

Please tell me how to configure the application to work without a dind service?

[john047]

horusec:
  stage: check-code
  image: docker:19.03.12
  script:
    - docker run -v /var/run/docker.sock:/var/run/docker.sock -v ${CI_PROJECT_DIR}:/src/horusec horuszup/horusec-cli:v2.8 horusec start -p /src/horusec -P ${CI_PROJECT_DIR} --output-format=json --json-output-file=./horusec-report.json
  artifacts:
    paths:
      - ./horusec-report.json
    expire_in: 1 weeks

In the above job I get the following logs:

time="2022-06-10T22:23:01Z" level=warning msg="{HORUSEC_CLI} Config file not found"
time="2022-06-10T22:23:01Z" level=warning msg="Horusec will return a timeout after 600 seconds. This time can be customized in the cli settings."
time="2022-06-10T22:23:01Z" level=warning msg="{HORUSEC_CLI} PLEASE DON'T REMOVE \".horusec\" FOLDER BEFORE THE ANALYSIS FINISH! Don’t worry, we’ll remove it after the analysis ends automatically! Project sent to folder in location: [/src/horusec/.horusec/dc9dc862-4c50-4f50-98ca-8f6673d70a41]"
time="2022-06-10T22:23:08Z" level=info msg="{HORUSEC_CLI} Writing output JSON to file in the path: /horusec-report.json"
time="2022-06-10T22:23:08Z" level=warning msg="{HORUSEC_CLI} No authorization token was found, your code it is not going to be sent to horusec. Please enter a token with the -a flag to configure and save your analysis"
time="2022-06-10T22:23:08Z" level=warning msg="YOUR ANALYSIS HAD FINISHED WITHOUT ANY VULNERABILITY!"
time="2022-06-10T22:23:08Z" level=warning msg="{HORUSEC_CLI} Horusec not show info vulnerabilities in this analysis, to see info vulnerabilities add option \"--information-severity=true\". For more details use (horusec start --help) command."
Uploading artifacts for successful job
Uploading artifacts...
WARNING: ./horusec-report.json: no matching files
ERROR: No files to upload
Cleaning up project directory and file based variables
Job succeeded

Please explain how to save artifacts.

[john047]

Should a report file "horusec-report.json" be generated with such a message - level=warning msg="YOUR ANALYSIS HAD FINISHED WITHOUT ANY VULNERABILITY or not? Help, please!

[wiliansilvazup]

hello @johnTux tnks for your contribution

First, it is really necessary to use a privileged environment so that horusec can use docker and its features well. So the second point is that as we have no vulnerability, no report is generated at the end and you can see the message YOUR ANALYSIS HAD FINISHED WITHOUT ANY VULNERABILITY!

[john047]

@wiliansilvazup, thanks for your reply