Closed qqilihq closed 4 years ago
I'm having the exact same issue, leading to an output of
WARNING: scanning not supported for some part of this image
{
"scan_started": {
"seconds": 1593502015,
"nanos": 286134981
},
"scan_duration": 4,
"digest": "476aabd3d867d44c9d12499f71d85055d58518867219db0d9786267947b0f7f4",
"os": "alpine",
"version": "3.11.6",
"image_assurance_results": {
"checks_performed": [
{
"policy_id": 1,
"policy_name": "Default",
"control": "max_severity",
"maximum_severity_allowed": "high"
}
]
},
"vulnerability_summary": {
"total": 0,
"high": 0,
"medium": 0,
"low": 0,
"negligible": 0,
"sensitive": 0,
"malware": 0
},
"scan_options": {},
"partial_results": true,
"initiating_user": "token",
"data_date": 1543020471,
"changed_result": false,
"function_metadata": {}
}
I'm not sure now if the image really does not contain any vulnerable package or if the scan did not even executed...
@jerbia isn't the warning related to some packages, which are required by the microscanner binary. We've resolved a similar issue for Harbor adapter by installing the following packages https://github.com/aquasecurity/harbor-scanner-aqua/blob/master/Dockerfile#L7
@jerbia isn't the warning related to some packages, which are required by the microscanner binary. We've resolved a similar issue for Harbor adapter by installing the following packages https://github.com/aquasecurity/harbor-scanner-aqua/blob/master/Dockerfile#L7
Installing these packages did not solve the issue for me.
Also, running microscanner with the --no-verify
flag shows the same result.
@rflume @qqilihq There was a problem with the identification of Alpine 3.11.6 OS packages, therefore you got the message "scanning not supported for some part of this image". Can you try again?
Yes, works for me now!
2020-07-02 16:44:46.582 INFO Contacting CyberCenter... {"registry": "", "image": ""}
2020-07-02 16:44:46.743 INFO CyberCenter connection established {"registry": "", "image": "", "api_version": "4"}
2020-07-02 16:44:47.046 INFO Processing results... {"registry": "", "image": ""}
2020-07-02 16:44:47.198 INFO Applying image assurance policies... {"registry": "", "image": ""}
{
"scan_started": {
"seconds": 1593708283,
"nanos": 940419939
},
"scan_duration": 4,
"digest": "0c40866349ad3cfdb3ee0265dd39a379e53d0b805e924cd7b04a05598b06efe3",
"os": "alpine",
"version": "3.11.6",
"resources": [
{
"resource": {
"format": "npm",
"path": "/usr/local/lib/node_modules/npm/node_modules/yargs-parser",
"name": "yargs-parser",
"version": "9.0.2",
"cpe": "pkg:/npm:*:yargs-parser:9.0.2",
"license": "ISC",
"hash": "sha1:9ccf6a43460fe4ed40a9bb68f48d43b8a68cc077",
"name_hash": "91e1aa67eb03d0d6c6547f3f171b1996"
},
"scanned": true,
"vulnerabilities": [
{
"name": "CVE-2020-7608",
"description": "yargs-parser could be tricked into adding or modifying properties of Object.prototype using a \"__proto__\" payload.",
"nvd_score": 4.6,
"nvd_score_version": "CVSS v2",
"nvd_vectors": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"nvd_severity": "medium",
"nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7608",
"vendor_score": 4.6,
"vendor_score_version": "CVSS v2",
"vendor_vectors": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"vendor_severity": "medium",
"vendor_url": "https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2",
"publish_date": "2020-03-16",
"modification_date": "2020-06-05",
"fix_version": "18.1.1;13.1.2;15.0.1",
"solution": "Upgrade package yargs-parser to version 18.1.1;13.1.2;15.0.1 or above.",
"nvd_score_v3": 5.3,
"nvd_vectors_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"nvd_severity_v3": "medium",
"vendor_score_v3": 5.3,
"vendor_vectors_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"vendor_severity_v3": "medium"
}
]
}
],
"image_assurance_results": {
"checks_performed": [
{
"policy_id": 1,
"policy_name": "Default",
"control": "max_severity",
"maximum_severity_allowed": "high",
"maximum_severity_found": "medium",
"maximum_fixable_severity_found": "medium"
}
]
},
"vulnerability_summary": {
"total": 1,
"high": 0,
"medium": 1,
"low": 0,
"negligible": 0,
"sensitive": 0,
"malware": 0,
"score_average": 4.6,
"max_score": 4.6,
"max_fixable_score": 4.6,
"max_fixable_severity": "medium"
},
"scan_options": {},
"initiating_user": "token",
"data_date": 1593648551,
"changed_result": false,
"function_metadata": {}
}
Thanks for the support!
@jerbia Works great. Thank you so much!
I see this log output when running the scanner on our image (based on
node:12.18.0-alpine
):I cannot find any documentation what this means? What “part of this image” was not scanned? Can I get some background details about this somewhere?