search

aws-actions / vulnerability-scan-github-action-for-amazon-inspector

Scan artifacts with Amazon Inspector from GitHub Actions workflows.
https://docs.aws.amazon.com/inspector/
MIT License
21 stars 5 forks source link

Incompatibility Issue with aarch64 CPU Architecture in aws-actions/vulnerability-scan-github-action-for-amazon-inspector #61

Closed abe-dg closed 2 months ago

abe-dg commented 2 months ago

Description

If the host machine’s CPU architecture is aarch64, an error occurs.

Expected Behavior

Since arm64 and aarch64 essentially refer to the same architecture, we expect that this action should execute without any problem.

Actual Behavior

The following error is output and the action terminates when executed:

Run aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.1

time="2024-06-25 22:49:18" level=info msg="downloading and installing inspector-sbomgen version latest" file="orchestrator.py:16"
time="2024-06-25 22:49:18" level=error msg="expected a CPU architecture of x86_64, arm64, or amd64, but received: aarch64" file="orchestrator.py:90"
time="2024-06-25 22:49:18" level=error msg="unable to download and install inspector-sbomgen" file="orchestrator.py:429"

Steps to Reproduce

This issue occurs when running the action on an Arm-based Linux machine.

For example, this action reproduces when using the Arm-based Linux runner released in beta or the self-hosted runners on AWS CodeBuild.

Larger runner configuration

Image name: Ubuntu 22.04 by Arm Limited
Platform: Linux ARM64 (beta)
Size: 2-cores - 8 GB RAM - 75 GB SSD
Self-hosted runners in AWS Codebuild configuration

Provisioning model: On demand
Environment image: Managed image
Computing: EC2
OS: Amazon Linux
Runtime: Standard
Image: aws/codebuild/amazonlinux2-aarch64-standard:3.0
Image Version: latest
Size: 2 vCPU - 4 GB RAM

Other Information

On GitHub Actions, the CPU architecture for Linux in both example environments mentioned above outputs as follows:

Run uname -m
aarch64
bluesentinelsec commented 2 months ago

Hello, thank you for reaching out. I am confirming receipt of this issue and will begin investigating. I will report back when I have pertinent updates.

bluesentinelsec commented 2 months ago

We have finished investigating this issue. We understand that the Action is terminating due to aarch64 being provided when arm64 is expected. We concur that aarch64 should be supported in this scenario. We are presently working on a fix to resolve this issue. I will report back when the fix is deployed and available for your use. Thank you for your patience as we resolve this issue.

abe-dg commented 2 months ago

Thank you for your prompt investigation and response. I appreciate your understanding of the issue and your commitment to supporting aarch64 in this scenario. I look forward to the deployment of the fix and am grateful for your continued assistance. Please keep me updated on the progress.

bluesentinelsec commented 2 months ago

For situational awareness, a PR is up with the proposed solution. The PR is undergoing review. https://github.com/aws-actions/vulnerability-scan-github-action-for-amazon-inspector/pull/62

bluesentinelsec commented 2 months ago

@abe-dg We have deployed a new release to resolve this issue: see here.

Please feel encouraged to upgrade your workflows to use v1.1.2 like so:

uses: aws-actions/vulnerability-scan-github-action-for-amazon-inspector@v1.1.2

Thank you once again for reporting this issue, as this feedback helps us make the action better for all users.

Please feel free to reach out to us again if you have any follow-on issues or concerns.