failed to get anchor-reports/ directory on github runner after analysis is done

[farooqdevops]

Is this a request for help?: yes

What happened: i am using anchor/scan-action with my github repo. when i run the workflows, it scans the image but then i am unable to get anchor-reports as that fails to be copied on github runner (logs attached). Can some one check why this happens. I have attached github workflow file for reference:

**relevant log output from github runner:

Logs for step: Scan the built image

`+ echo 'Copying scan reports from 2166-inline-anchore-engine to /home/runner/work/test-backend/test-backend/anchore-reports/' Copying scan reports from 2166-inline-anchore-engine to /home/runner/work/test-backend/test-backend/anchore-reports/ + docker cp 2166-inline-anchore-engine:/anchore-engine/anchore-reports/ ./ Error: No such container:path: 2166-inline-anchore-engine:/anchore-engine/anchore-reports/

• docker kill 7eeb995deecd938f8cc5c0d1c7e9c13913f4be3a117812f61f952bff9a06e23f
• docker rm 7eeb995deecd938f8cc5c0d1c7e9c13913f4be3a117812f61f952bff9a06e23f
• printf '\n%s\n' 'Cleaning up docker container: 7eeb995deecd938f8cc5c0d1c7e9c13913f4be3a117812f61f952bff9a06e23f'

Cleaning up docker container: 7eeb995deecd938f8cc5c0d1c7e9c13913f4be3a117812f61f952bff9a06e23f

• (( timeout=timeout+1 ))
• sleep 5
• docker ps -a
• grep 7eeb995dee
• [[ 1 -ge 12 ]]
• unset DOCKER_ID
• [[ 1 -ge 1 ]]
• [[ -d /tmp/anchore ]]
• rm -rf /tmp/anchore
• exit 0 local-anchore-engine ` Logs for step: anchore inline scan JSON results

anchore inline scan JSON results0s ls: cannot access './anchore-reports/*.json': No such file or directory Run for j inls ./anchore-reports/.json`; do echo "---- ${j} ----"; cat ${j}; echo; done ls: cannot access './anchore-reports/.json': No such file or directory`

Github workflow file `steps:

• name: docker Build run: docker build . --file Dockerfile --tag localbuild/api-gateway:latest

• name: Scan the built image uses: anchore/scan-action@v1 with: image-reference: "localbuild/api-gateway:latest" dockerfile-path: "./Dockerfile" fail-build: true acs-report-enable: true acs-report-severity-cutoff: "Medium" debug: true

• name: anchore inline scan JSON results run: for j in ls ./anchore-reports/*.json; do echo "---- ${j} ----"; cat ${j}; echo; done

  • name: anchore action SARIF report run: cat results.sarif

  • name: upload Anchore scan SARIF report uses: github/codeql-action/upload-sarif@v1 with: sarif_file: results.sarif `

[nurmi]

hi @farooqdevops - we need to clean up some of that output, but the specific error you're referencing is not something that should prevent the scan action from working correctly, since for the scan action itself the anchore-reports is created and populated outside the invocation of the inline_scan container itself.

If you're not seeing any anchore-reports after the scan action executes, there is something going wrong but it isn't related to that particular log snippet. some additional output and debugging commands ('ls -al' before and after the scan action, etc) could help narrow down the investigation! On a successful run, you should have an anchore-reports/ directory with JSON files in it, that can be inspected/used for review of the scan action output.

[farooqdevops]

@nurmi Thanks for your response. It failed due to executing command on wrong directory (inside where Dockerfile resides). so executing outside that dir now runs it correctly. However "upload Anchore scan SARIF report" step fails with 403 permission denied as it requires to enable "Code scanning alerts" and for that first i have to sign-up for beta.