popey
commented
1 month ago Hi @wits-zach - thanks for the issue. You're right, it's not completely clear to a new user what steps are required to bootstrap things.
You're right, you may need docker, podman, or a locally installed copy of vunnel. I went for the latter and did the following on my laptop, which already has uv installed.
$ mkdir -p ./temp/data
$ cd ./temp
$ uv venv
Using CPython 3.10.15
Creating virtual environment at: .venv
Activate with: source .venv/bin/activate
$ source .venv/bin/activate
(temp) $ uv pip install vunnel
Resolved 39 packages in 1.71s
Built untokenize==0.1.1
Built ijson==2.6.1
Built sqlalchemy==1.4.54
Prepared 30 packages in 3.64s
Installed 39 packages in 83ms
+ certifi==2024.8.30
+ charset-normalizer==3.3.2
+ click==8.1.7
+ click-default-group==1.2.4
+ colorlog==6.8.2
+ cvss==3.2
+ defusedxml==0.7.1
+ docformatter==1.5.0
+ exceptiongroup==1.2.2
+ idna==3.10
+ ijson==2.6.1
+ importlib-metadata==7.2.1
+ iniconfig==2.0.0
+ iso8601==2.1.0
+ jinja2==3.1.4
+ lxml==5.3.0
+ markupsafe==2.1.5
+ mashumaro==3.13.1
+ mergedeep==1.3.4
+ orjson==3.10.7
+ packaging==24.1
+ pluggy==1.5.0
+ pytest==8.3.3
+ pytest-snapshot==0.9.0
+ python-dateutil==2.9.0.post0
+ pyyaml==6.0.2
+ requests==2.32.3
+ six==1.16.0
+ sqlalchemy==1.4.54
+ tomli==2.0.1
+ toposort==1.10
+ typing-extensions==4.12.2
+ untokenize==0.1.1
+ urllib3==2.2.3
+ vunnel==0.27.0
+ xsdata==22.12
+ xxhash==3.5.0
+ zipp==3.20.2
+ zstandard==0.23.0
(temp) $ curl -sSfL https://raw.githubusercontent.com/anchore/grype-db/main/install.sh | sh -s -- -b .
[info] fetching release script for tag='v0.24.0'
[info] using release tag='v0.24.0' version='0.24.0' os='darwin' arch='arm64'
[info] installed ./grype-db
(temp) $ cat >.grype-db.yaml <<'EOT'
provider:
vunnel:
executor: local
EOT
(temp) $ ./grype-db -g
[0000] INFO grype-db version: 0.24.0
[0002] INFO aggregating vulnerability data providers=[nvd alpine amazon chainguard debian github mariner oracle rhel sles ubuntu wolfi]
[0002] INFO running vulnerability provider provider=chainguard
[0002] INFO running vulnerability provider provider=nvd
[0002] INFO running vulnerability provider provider=amazon
[0002] INFO running vulnerability provider provider=alpine
[0002] INFO chainguard: running chainguard provider
[0002] INFO nvd: running nvd provider
[0002] INFO chainguard: downloading chainguard secdb https://packages.cgr.dev/chainguard/security.json
[0002] INFO nvd: downloading all CVEs
[0002] INFO amazon: running amazon provider
[0002] INFO alpine: running alpine provider
[0002] INFO amazon: downloading amazon security advisory from https://alas.aws.amazon.com/AL2/alas.rss
[0002] INFO alpine: downloading alpine secdb metadata from: https://secdb.alpinelinux.org
[0002] INFO alpine: Downloading secdb edge mainetc.
Just thought I'd provide that to get you going, in case you don't want to install docker or podman. You don't need uv, but could use plain old pip install but this keeps it all nicely isolated.
Hope that helps, and we'll get the documentation updated accordingly.
Thanks again for the issue.
willmurphyscode
Please provide a set of steps on how to reproduce the issue
curl -sSfL https://raw.githubusercontent.com/anchore/grype-db/main/install.sh | sh -s -- -b /usr/local/bin
└─# grype-db -g [0000] INFO grype-db version: 0.24.0 [0000] ERROR 1 error occurred:
error: 1 error occurred:
What happened:
grype-db -g fails to generate a list of providers, throws an error asking for docker in $PATH
What you expected to happen:
grype-db to create a list of providers
Anything else we need to know?:
Please update instructions for other necessary pre-reqs (does this require docker in some form?)
Environment:
Output of
grype-db version: grype-db version Application: grype-db Version: 0.24.0 BuildDate: 2024-09-26T11:38:18Z GitCommit: d8d1497bd5300438ab92b42d94cb064848b2a5f8 GitDescription: v0.24.0 Platform: linux/amd64 GoVersion: go1.23.1 Compiler: gcOS (e.g:
cat /etc/os-releaseor similar):No LSB modules are available. Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2023.4 Codename: kali-rolling