search

archerysec / archerysec-cli

A commandline tool that wraps the Archerysec REST API for controlling Archery and executing quick, targeted scans.
Other
11 stars 2 forks source link

Error while publishing nodejsscan and trivy reports #13

Closed sourabhgupta385 closed 7 months ago

sourabhgupta385 commented 3 years ago

Reports are generated in Jenkins using:

sh "njsscan src --json -o 'nodejs-scanner-report.json'"
sh script: 'TRIVY_NEW_JSON_SCHEMA=true trivy --cache-dir /tmp/trivy image --format json -o trivy-report.json --input hello_world_${BUILD_NUMBER}.tar'

Reports are published using:

sh "archerysec-cli -s ${properties.ARCHERYSEC_HOST_URL} -u ${ARCHERYSEC_USERNAME} -p ${ARCHERYSEC_PASSWORD} --upload --file_type=JSON --file=trivy-report.json --TARGET=DVNA_TRIVY --scanner=trivy --project_id=655016af-2e40-47da-b4e2-da91db041fda"

Output

TypeError at /api/uploadscan/ 
sh "archerysec-cli -s ${properties.ARCHERYSEC_HOST_URL} -u ${ARCHERYSEC_USERNAME} -p ${ARCHERYSEC_PASSWORD} --upload --file_type=JSON --file=nodejs-scanner-report.json --TARGET=DVNA_NODEJSSCAN --scanner=nodejsscan --project_id=655016af-2e40-47da-b4e2-da91db041fda"

Output

KeyError at /api/uploadscan/

On the console, everything is showing as none for trivy and nodejsscan as below:

image

Did anyone tried publishing trivy and nodejsscan reports using CLI?

sourabhgupta385 commented 3 years ago

I got trivy working by changing the command to:

sh script: 'trivy --cache-dir /tmp/trivy image --format json -o trivy-report.json --input hello_world_${BUILD_NUMBER}.tar'

Basically, trivy has changed schema of json output in new version which is not compatible here yet. Previous version is working absolutely fine.

image

ihangnalli-cci commented 1 year ago

@sourabhgupta385 did u resolved the nodejsscan issue? Even I'm getting the same issue

sourabhgupta385 commented 1 year ago

Hi @ihangnalli-cci ,

I did not investigated much on nodejsscan error. I then chose to prefer HTML report publishing in Jenkins for NodeJs scan.

ihangnalli-cci commented 1 year ago

Ok. Thanks for the reply @sourabhgupta385

ihangnalli-cci commented 1 year ago

@sourabhgupta385 I found what was the issues with this. It was not getting uploaded because the file formatting of the report generated of nodejsscan json file is different from the previous version.

@anandtiwarics Can you look into this. I have attached a sample file for your reference. sample.zip

anandtiwarics commented 7 months ago

we are currently supported file list https://github.com/archerysec/report-sample/tree/main/Trivy