anchore / anchore-cli

Simple command-line client to the Anchore Engine service
Apache License 2.0
114 stars 55 forks source link

Error: cannot use input image string (no discovered imageDiges #39

Closed ectorr closed 4 years ago

ectorr commented 5 years ago

Hi all,

I have an issue with a vulnerability check. I will describe the steps that i followed:

  1. Firstable, i get up the docker compose with your config.yaml. The only difference that i used is the network. I created another network in another subnet:

docker network create anchore --subnet 192.168.2.0/24 docker-compose up -d

  1. I export all vars to user anchore-cli:

    ANCHORE_CLI_URL=http://localhost:8228/v1 ANCHORE_CLI_USER=admin ANCHORE_CLI_PASS=password

  2. I add my AWS ECR registry in anchore:

    anchore-cli registry add 123123123.dkr.ecr.eu-west-1.amazonaws.com MY_AWS_ACCES_KEY_ID MY_SECRET_KEY

4.Checking that registry is added correctly:

Registry Name Type User
123123123.dkr.ecr.eu-west-1.amazonaws.com N/A awsecr MY_ACCES_KEY_ID

  1. Adding image to scan:

    anchore-cli image add 975671738503.dkr.ecr.eu-west-1.amazonaws.com/myimage/prod:2.2

  2. Checking that is added correctly:

anchore-cli image list Full Tag Image Digest > Analysis Status
123123123.dkr.ecr.eu-west-1.amazonaws.com/myimage/prod:2.2 sha256:06e738952e177a08381f2bef03544819e3a25ec6084b393e2f8d944cf633ef0c analyzed

So far so good. In next step i execture the scan:

anchore-cli image vuln 123123.dkr.ecr.eu-west-1.amazonaws.com/myimage/prod:2.2

And im getting: Error: cannot use input image string (no discovered imageDigest)

anchore-cli, version 0.5.0 Docker version 18.06.1-ce, build e68fc7a215d7133c34aa18e3b72b4a21fd0c6136

ectorr commented 5 years ago

Additional --debug info whe i execute vuln command:

INFO:anchorecli.clients.apiexternal:As Account = None DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:8228 DEBUG:urllib3.connectionpool:http://localhost:8228 "GET /v1 HTTP/1.1" 200 5 DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:8228 DEBUG:urllib3.connectionpool:http://localhost:8228 "GET /swagger.json HTTP/1.1" 200 84648 INFO:anchorecli.clients.apiexternal:As Account = None DEBUG:anchorecli.clients.apiexternal:GET url=http://localhost:8228/v1/images DEBUG:anchorecli.clients.apiexternal:GET params={'history': 'false', 'fulltag': '123123123.dkr.ecr.eu-west-1.amazonaws.com/myimage/prod:2.3.1'} DEBUG:anchorecli.clients.apiexternal:Use get body because detected api version (0, 1, 9) < (0, 1, 6)? False DEBUG:anchorecli.clients.apiexternal:GET insecure=False DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:8228 DEBUG:urllib3.connectionpool:http://localhost:8228 "GET /v1/images?history=false&fulltag=975671738503.dkr.ecr.eu-west-1.amazonaws.com%2Fsmartsteps-api-kong%2Fprod%3A2.3.1 HTTP/1.1" 404 81 Error: cannot use input image string (no discovered imageDigest)

I should underline that it was working 1 week ago and i dont made any several changes...

nurmi commented 5 years ago

Hi @ectorr ,

There are a few steps that we can suggest to get some more information about why the service is not finding the input image:

1) double-check/ensure that you are using the exact fulltag identifier as input for the different CLI operations 2) try a few other ops, adding the --json flag to anchore-cli as well

anchore-cli --debug --json image get host/repo:tag
anchore-cli --debug --json image get sha256:<digest reported by image list or image get associated with tag>
anchore-cli --debug --json image vuln host/repo:tag all
anchore-cli --debug --json image vuln sha256:<digest reported by image list or image get associated with tag>

After that, the next steps will be to look at the anchore service logs (for the anchore 'apiext' service, and also 'catalog' service) during the any failing CLI commands, looking for log output with WARN or ERROR level messages.

Finally, enabling the DEBUG log level in anchore engine , restarting the system, and trying the above.

With the above process, we should be able to see more on what might be failing which would give us some insight into what is causing the 404.

Best -Dan

zhill commented 4 years ago

Closing as stale. Please re-open if the issue still exists or to provide new information to help debug. Thanks!