search

blackducksoftware / blackduck-docker-inspector

Apache License 2.0
20 stars 12 forks source link

scan docker images failed with blackduck-docker-inspector-8.2.1.jar #12

Closed walthhy closed 4 years ago

walthhy commented 5 years ago

we're using synopsys-detect 5.5.1 to scan our docker images. it worked well. but it starts fail recently. Comparing logs, we found synopsys-detect will download blackduck-docker-inspector automatically. with blackduck-docker-inspector-8.1.6.jar, everything works well. with blackduck-docker-inspector-8.2.1.jar, job failed with following errors.

09:49:09  2019-09-19 01:49:09 INFO  [main] --- Will include the docker tool.
09:49:09  2019-09-19 01:49:09 INFO  [main] --- Initializing DOCKER - Docker
09:49:09  2019-09-19 01:49:09 INFO  [main] --- Applicable passed.
09:49:09  2019-09-19 01:49:09 INFO  [main] --- Docker tool will attempt to download or find docker inspector.
09:49:09  2019-09-19 01:49:09 INFO  [main] --- Determining the location of the Docker inspector.
09:49:09  2019-09-19 01:49:09 INFO  [main] --- Will find version from artifactory.
09:49:11  2019-09-19 01:49:11 INFO  [main] --- Finding or downloading the docker inspector.

09:50:07  2019-09-19 01:50:02 INFO  [main] --- Found online docker inspector: /home/jenkins/workspace/CTO/CSF/Common/CSF-BLACKDUCK-SCAN/blackduck/tools/docker/blackduck-docker-inspector-8.2.1.jar
09:50:07  2019-09-19 01:50:02 INFO  [main] --- Extractable passed.
09:50:07  2019-09-19 01:50:02 INFO  [main] --- Running executable >/usr/bin/java -jar /home/jenkins/workspace/CTO/CSF/Common/CSF-BLACKDUCK-SCAN/blackduck/tools/docker/blackduck-docker-inspector-8.2.1.jar --spring.config.location file:/home/jenkins/workspace/CTO/CSF/Common/CSF-BLACKDUCK-SCAN/blackduck/runs/2019-09-19-01-49-02-366/extractions/DOCKER-0/application.properties --docker.image=myregistry/tools/cctf_tools:1.0.0-6600
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] --- 
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] ---   .   ____          _            __ _ _
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] ---  /\\ / ___'_ __ _ _(_)_ __  __ _ \ \ \ \
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] --- ( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] ---  \\/  ___)| |_)| | | | | || (_| |  ) ) ) )
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] ---   '  |____| .__|_| |_|_| |_\__, | / / / /
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] ---  =========|_|==============|___/=/_/_/_/
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] ---  :: Spring Boot ::        (v2.1.6.RELEASE)
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] --- 
09:50:07  2019-09-19 01:50:03 INFO  [main-Executable_Stream_Thread] --- 2019-09-19 01:50:03.911  INFO 187 --- [           main] c.s.i.b.dockerinspector.ProcessId        : Process name: 187_csf-blackduck-scan-20190919014800-27mw6-pq208
09:50:07  2019-09-19 01:50:04 INFO  [main-Executable_Stream_Thread] --- 2019-09-19 01:50:04.072  INFO 187 --- [           main] c.s.i.b.dockerinspector.DockerInspector  : Black Duck Docker Inspector 8.2.1
09:50:07  2019-09-19 01:50:05 INFO  [main-Executable_Stream_Thread] --- 2019-09-19 01:50:05.008  INFO 187 --- [           main] c.s.i.b.dockerinspector.DockerInspector  : Inspecting image:tag myregistry/tools/cctf_tools:1.0.0-6600
09:50:07  2019-09-19 01:50:05 INFO  [main-Executable_Stream_Thread] --- 2019-09-19 01:50:05.009 ERROR 187 --- [           main] c.s.i.b.dockerinspector.DockerInspector  : Error inspecting image: The Black Duck url must be specified. Either an API token or a username/password must be specified.
09:50:07  2019-09-19 01:50:05 INFO  [main-Executable_Stream_Thread] --- 2019-09-19 01:50:05.017  INFO 187 --- [           main] c.s.i.b.dockerinspector.DockerInspector  : Returning -1
walthhy commented 5 years ago

same issue with blackduck-docker-inspector-8.2.0.jar

stevebillings commented 5 years ago

Can you provide the Detect command you are running?

walthhy commented 5 years ago 
java -jar /tmp/synopsys-detect-5.5.1.jar --blackduck.url="https://hub.my.net" \
                 --blackduck.proxy.port=8000 \
                 --blackduck.proxy.host="Proxy.my.com" \
                 --blackduck.api.token="\$HUB_TOKEN" \
                 --logging.level.com.blackducksoftware.integration=INFO \
                 --detect.project.name="${imageName}" \
                 --detect.project.version.name="${imageTag}" \
                 --detect.tools=DOCKER \
                 --detect.code.location.name="${imageName}" \
                 --detect.cleanup=false \
                 --detect.output.path=${WORKSPACE}/blackduck \
                 --detect.detector.search.depth=1 \
                 --detect.sbt.report.depth=5 \
                 --detect.detector.search.continue=true \
                 --detect.docker.image="${image}" \
                 --detect.docker.passthrough.proxy.port=8000 \
                 --detect.docker.passthrough.proxy.host="Proxy.my.com" \
                 --detect.docker.passthrough.service.timeout=1200000 \
                 --detect.docker.passthrough.imageinspector.service.start=true \
                 --detect.docker.passthrough.cleanup.working.dir=false \
                 --detect.docker.passthrough.cleanup.inspector.image=true \
                 --detect.docker.passthrough.logging.level.com.blackducksoftware=INFO \
                 --detect.docker.passthrough.working.dir.path=${WORKSPACE} \
                 --detect.docker.passthrough.shared.dir.path.local=${WORKSPACE} \
                 --detect.docker.passthrough.imageinspector.service.distro.default=centos \
                 --detect.blackduck.signature.scanner.memory=12000 \
                 --detect.blackduck.signature.scanner.exclusion.patterns=/*blackduck*/ \
                 --detect.blackduck.signature.scanner.exclusion.patterns=/*ect*/ \
                 --detect.blackduck.signature.scanner.exclusion.patterns=/*jvm-exports*/ \
                 --detect.blackduck.signature.scanner.exclusion.patterns=/*j*_exports*/ \
                 --detect.blackduck.signature.scanner.parallel.processors=8
walthhy commented 5 years ago

and now I'm adding --detect.docker.inspector.version=8.1.6 to force it to use old version which works well.

stevebillings commented 5 years ago

Ah, I see what's happening. Detect 5.5.1 and earlier have a bug that prevent them from working with Docker Inspector 8.2.0 and newer. The fix is in Detect 5.6.0. Sorry, we try hard to avoid breaking changes like this, but that one slipped through.

If you're curious, the bug is that it passes this to Docker Inspector: --spring.config.location file:/some/file The fix is to pass: --spring.config.location=file:/some/file which Detect 5.6.0 and later do.