Closed walthhy closed 4 years ago
same issue with blackduck-docker-inspector-8.2.0.jar
Can you provide the Detect command you are running?
java -jar /tmp/synopsys-detect-5.5.1.jar --blackduck.url="https://hub.my.net" \
--blackduck.proxy.port=8000 \
--blackduck.proxy.host="Proxy.my.com" \
--blackduck.api.token="\$HUB_TOKEN" \
--logging.level.com.blackducksoftware.integration=INFO \
--detect.project.name="${imageName}" \
--detect.project.version.name="${imageTag}" \
--detect.tools=DOCKER \
--detect.code.location.name="${imageName}" \
--detect.cleanup=false \
--detect.output.path=${WORKSPACE}/blackduck \
--detect.detector.search.depth=1 \
--detect.sbt.report.depth=5 \
--detect.detector.search.continue=true \
--detect.docker.image="${image}" \
--detect.docker.passthrough.proxy.port=8000 \
--detect.docker.passthrough.proxy.host="Proxy.my.com" \
--detect.docker.passthrough.service.timeout=1200000 \
--detect.docker.passthrough.imageinspector.service.start=true \
--detect.docker.passthrough.cleanup.working.dir=false \
--detect.docker.passthrough.cleanup.inspector.image=true \
--detect.docker.passthrough.logging.level.com.blackducksoftware=INFO \
--detect.docker.passthrough.working.dir.path=${WORKSPACE} \
--detect.docker.passthrough.shared.dir.path.local=${WORKSPACE} \
--detect.docker.passthrough.imageinspector.service.distro.default=centos \
--detect.blackduck.signature.scanner.memory=12000 \
--detect.blackduck.signature.scanner.exclusion.patterns=/*blackduck*/ \
--detect.blackduck.signature.scanner.exclusion.patterns=/*ect*/ \
--detect.blackduck.signature.scanner.exclusion.patterns=/*jvm-exports*/ \
--detect.blackduck.signature.scanner.exclusion.patterns=/*j*_exports*/ \
--detect.blackduck.signature.scanner.parallel.processors=8
and now I'm adding --detect.docker.inspector.version=8.1.6
to force it to use old version which works well.
Ah, I see what's happening. Detect 5.5.1 and earlier have a bug that prevent them from working with Docker Inspector 8.2.0 and newer. The fix is in Detect 5.6.0. Sorry, we try hard to avoid breaking changes like this, but that one slipped through.
If you're curious, the bug is that it passes this to Docker Inspector: --spring.config.location file:/some/file The fix is to pass: --spring.config.location=file:/some/file which Detect 5.6.0 and later do.
we're using synopsys-detect 5.5.1 to scan our docker images. it worked well. but it starts fail recently. Comparing logs, we found synopsys-detect will download blackduck-docker-inspector automatically. with blackduck-docker-inspector-8.1.6.jar, everything works well. with blackduck-docker-inspector-8.2.1.jar, job failed with following errors.