Closed krzysztofkorozej closed 1 year ago
I can confirm a similar error on a dedicated Gitlab instance (although scanning the code it appears that self-hosted instances are not supported)
In my case (GitLab SaaS) it even not started, immediately failed after fetch step
Hi @krzychurra, Thanks for trying this new beta feature, Could you please:
chain-bench --version
and making sure it is v0.1.6-v
at the end of your command and past the results here@hunter - currently only Gitlab SAAS supported
Thanks for your feedback
Hi @morwn, Chain-bench version appears to be correct. I think I managed to find what the problem is. Below is how the repositories are arranged in my org:
foo (main group)
developers
security (subgroup)
dummy-repo
So final URL to repository:
https://gitlab.com/foo/security/dummy-repo
When I run scan with -v
2022-10-26 13:15:48 INF 🚩 Fetch Starting
2022-10-26 13:15:49 ERR error in fetching repository data
2022-10-26 13:15:49 DBG error in fetching repository data error="GET https://gitlab.com/api/v4/projects/foo/security: 404 {message: 404 Project Not Found}"
2022-10-26 13:15:49 INF 🛢️ Fetching Repository Settings Finished
I can't manually make a request to this url https://gitlab.com/api/v4/projects/foo/security
, instead I need to call GitHub API with following request:
curl "https://gitlab.com/api/v4/projects/{PROJECT_ID}?private_token=XYZ"
where PROJECT_ID
is ID for https://gitlab.com/foo/security/dummy-repo
This is still happening with the latest version(0.1.6):
I'm using GitLab self-hosted (14.4)
2022-11-02 20:05:24 INF 🚩 Fetch Starting
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0xbd96b9]
goroutine 1 [running]:
github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x7ffc26583f06, 0x14}, {0x7ffc26583eb7?, 0x1?}, {0x0, 0x0})
/home/runner/work/chain-bench/chain-bench/internal/scm-clients/clients/clients.go:35 +0xb9
github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc00028ca00?, {0xe3962a?, 0x9?, 0x9?})
/home/runner/work/chain-bench/chain-bench/internal/commands/scan.go:22 +0xcc
github.com/spf13/cobra.(*Command).execute(0xc00028ca00, {0xc0001a0d80, 0x9, 0x9})
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:872 +0x694
github.com/spf13/cobra.(*Command).ExecuteC(0xc00028c780)
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:990 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/cobra@v1.5.0/command.go:918
github.com/aquasecurity/chain-bench/internal/commands.Execute({0xf93cc8?, 0xc0000021a0?})
/home/runner/work/chain-bench/chain-bench/internal/commands/root.go:21 +0x32
main.main()
/home/runner/work/chain-bench/chain-bench/cmd/chain-bench/main.go:12 +0x27
Description
Hey team! I saw that you added support for GitLab (beta). I tried to run scan against dummy repo hosted on GitLab, but unfortunately it failed. I created a token with the appropriate role and permissions.
What did you expect to happen?
The scan has run successfully
What happened instead?
The scan immediately failed
Out from gitlab ci/cd runner: