Open makihikoyamazaki opened 2 years ago
Hi @makihikoyamazaki you can find the syntax documentation in our public docs for engine
https://engine.anchore.io/docs/general/concepts/policy/bundles/
This should help get you started.
{
"blacklisted_images": [],
"description": "",
"id": "5b997dab-07ae-41cc-8d69-a8afc21e9002",
"mappings": [
{
"id": "b5a4fc96-8f00-4654-a7a9-b0ad914afabf",
"image": {
"type": "tag",
"value": "*"
},
"name": "default",
"policy_ids": [
"dd78522f-9aa7-4297-ba41-338c67b67d04"
],
"registry": "*",
"repository": "*",
"whitelist_ids": [
"89bf4605-7fe8-4e5e-a198-8c3034f47166"
]
}
],
"name": "test for pg",
"policies": [
{
"comment": "",
"id": "dd78522f-9aa7-4297-ba41-338c67b67d04",
"name": "DefaultPolicy",
"rules": [
{
"action": "STOP",
"gate": "malware",
"id": "ecf79682-c15e-4019-8509-b42920e5eccf",
"params": [],
"trigger": "scans"
}
],
"version": "1_0"
}
],
"version": "1_0",
"whitelisted_images": [],
"whitelists": [
{
"comment": "",
"id": "89bf4605-7fe8-4e5e-a198-8c3034f47166",
"items": [],
"name": "DefaultAllowlist",
"version": "1_0"
}
]
}
Is this a request for help?: Yes
Version of Anchore Engine and Anchore CLI if applicable: anchore-cli, version 0.9.3
Name: anchore-engine Version: 1.0.0 Summary: Anchore Engine Home-page: http://www.anchore.com Author: Anchore Inc. Author-email: dev@anchore.com License: Apache License 2.0 Location: /usr/local/lib/python3.8/site-packages Requires: connexion, pathlib, prometheus-flask-exporter, python-swiftclient, yosai, urllib3, passlib, psutil, Flask, Click, ijson, jsonschema, six, treelib, zope.interface, zope.component, cpe, pg8000, boto3, prometheus-client, watchdog, retrying, PyYAML, Werkzeug, cryptography, SQLAlchemy, marshmallow, readerwriterlock, Authlib, prettytable, semantic-version, Twisted, requests, pytz, swagger-spec-validator, python-dateutil, python-keystoneclient Required-by:
What happened: Error: Bundle failed validation HTTP Code: 400
[root@ip-172-31-45-151 ~]# anchore-cli --debug --u admin --p foobar policy add testbundle.json DEBUG:anchorecli.clients.apiexternal:As Account = None DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:8228 DEBUG:urllib3.connectionpool:http://localhost:8228 "GET /v1 HTTP/1.1" 200 5 DEBUG:anchorecli.clients.apiexternal:As Account = None DEBUG:anchorecli.clients.apiexternal:POST url=http://localhost:8228/v1/policies?detail=True DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): localhost:8228 DEBUG:urllib3.connectionpool:http://localhost:8228 "POST /v1/policies?detail=True HTTP/1.1" 400 278 DEBUG:anchorecli.cli.utils:fetched httpcode from response: 400 Error: Bundle failed validation HTTP Code: 400 Detail: {'error_codes': [], 'validation_details': [{'details': "'NoneType' object is not iterable", 'problem_type': 'PolicyError', 'severity': 'error'}]}
What did you expect to happen: I can add policy with gate of malware and then scan docker image.
What docker images are you using: REPOSITORY TAG
postgres 9
anchore/anchore-engine v1.0.0
How to reproduce the issue:
Anything else we need to know: I created the environment wit Amazon linux 2 instance.
I attached testbundle.json thane I modifed below section. { "action": "STOP", "gate": "malware", "id": "testest", "trigger": "scans" }
I can not find how to write the policy and examples. So, I guess testbundle.json is not correct policy json. testbundle.txt