search

anchore / ci-tools

Contains scripts for running anchore engine in CI pipelines
Apache License 2.0
34 stars 34 forks source link

Analyze image based on scratch #47

Closed Bablzz closed 3 years ago

Bablzz commented 4 years ago

Hello everyone! I hope you are doing well.

The problem

I've tried to analyze image is based on scratch and this proccess had been failed

Environment

Linux 5.4.0-45-generic #49~18.04.2-Ubuntu
docker-compose version 1.17.1, build unknown
Docker version 19.03.6, build 369ce74a3c

Details

  1. curl https://docs.anchore.com/current/docs/engine/quickstart/docker-compose.yaml > docker-compose.yaml
  2. docker-compose up -d
  3. download inline_scan.sh (version 0.8.0) 4.Create dockerfile
FROM wrouesnel/postgres_exporter:v0.8.0
  1. build images is based on scratch (I've used wrouesnel/postgres_exporter:v0.8.0) 
    docker build -t  test-exporter:v0.8.0 . -f postgres-exporter.dockerfile
  2. Try analyze 
    ./inline_scan.sh analyze -r localhost:8228 -u admin -p foobar -V -g -f postgres-exporter.dockerfile test-exporter:v0.8.0

Actual Behaviour

I've got an error

[MainThread] [anchore_engine.common.helpers/extract_analyzer_content()] [ERROR] could not extract/parse content info - exception: 'package_list'
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/site-packages/anchore_manager/cli/analyzers.py", line 188, in exec
    image_content_data[content_type] = anchore_engine.common.helpers.extract_analyzer_content(image_data, content_type, manifest=input_manifest_data)
  File "/usr/local/lib/python3.6/site-packages/anchore_engine/common/helpers.py", line 331, in extract_analyzer_content
    raise err
  File "/usr/local/lib/python3.6/site-packages/anchore_engine/common/helpers.py", line 292, in extract_analyzer_content
    return extract_os_content(idata)
  File "/usr/local/lib/python3.6/site-packages/anchore_engine/common/helpers.py", line 207, in extract_os_content
    if 'pkgs.allinfo' in image_data['imagedata']['analysis_report']['package_list']:
KeyError: 'package_list'
...
...
...
[MainThread] [anchore_manager.cli.analyzers/exec()] [ERROR] Unable to determine content_type, will fallback to {}
[MainThread] [anchore_engine.common.helpers/extract_analyzer_content()] [ERROR] could not extract/parse content info - exception: 'package_list'
[MainThread] [anchore_manager.util.logging/log_error()] [ERROR] Error: 'package_list'

Expected Behaviour

How do you reproduce the error?

It works fine when I use anchore-cli in official anchore docker image

anchore-cli image add wrouesnel/postgres_exporter:v0.8.0
>Analysis Status: not_analyzed

anchore-cli image wait wrouesnel/postgres_exporter:v0.8.0
>Analysis Status: analyzed

anchore-cli image vuln wrouesnel/postgres_exporter:v0.8.0 all
>  __nothing__
robertp commented 4 years ago

Hello @Bablzz - thank you for reporting this! Are you running into this for any scratch-based image, or just this case?

I was able to duplicate the error you ran into using your instructions. However, as a test, I created an image like this (I used debian:10-slim because it was also used in https://github.com/wrouesnel/postgres_exporter/blob/master/Dockerfile):

$ echo "FROM debian:10-slim" > Dockerfile

$ docker build -t scratch-test:latest .
Sending build context to Docker daemon  26.42MB
Step 1/2 : FROM debian:10-slim
 ---> f49666103347
Step 2/2 : COPY foo /
 ---> Using cache
 ---> fbc26f83425a
Successfully built fbc26f83425a
Successfully tagged scratch-test:latest

$ ./inline_scan analyze -r localhost:8228 -u admin -p foobar -V -g -f ./Dockerfile scratch-test:latest
...
 Analysis complete!
...

Could you please see if this is still an issue for how you would like to use inline_scan? Also I would like to point you to some of Anchore's latest and greatest tools at https://toolbox.anchore.io/ - grype runs much faster than the current inline_scan. Thank you!

Bablzz commented 4 years ago

Hi @robertp ! How is it going?

I tried only this scratch image, didn't test another scratch image.

inline scan works fine with normal image, you are right. But I see trouble with scratch image.

In my case I used to test this image https://github.com/wrouesnel/postgres_exporter/blob/aeec47ead4ad3941cf1b6588b1ac5a44ca9e9c4b/Dockerfile#L4 and got an error

Thanks for sharing the link https://toolbox.anchore.io/ . I'll try it.

robertp commented 4 years ago

Hi @Bablzz Ok, please let us know if you continue to have trouble. Thank you!

Bablzz commented 3 years ago

@robertp how are you doing?

I have tried grype and it works fine with scratch image. Thanks!

robertp commented 3 years ago

@Bablzz Hey that is great! If you have any feedback for us on grype it is very welcome, and we are excited to hear it.