Open juntaozeng opened 11 months ago
Hello @juntaozeng
Thank for reporting the issue, we removed the flag to make thing uniform across all our plugins( https://github.com/deepfence/YaraHunter, https://github.com/deepfence/package-scanner and https://github.com/deepfence/SecretScanner)
The docs are updated to reflect the supported flags in the PR https://github.com/deepfence/SecretScanner/pull/107
How can I generate a plain json file as output? I run deepfence via docker-compose:
docker-compose.yml
version: "3.6"
services:
deepfence:
image: deepfenceio/deepfence_secret_scanner:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./deepfence/:/home/deepfence/output
entrypoint: /bin/sh -c "/home/deepfence/usr/SecretScanner -config-path /home/deepfence/usr -image-name=${IMAGE} -output=json > output.json"
command: ""
And even though I don't redirect stderr to the file, I get:
output.json
Initializing....
Scanning image user/repo for secrets...
Scanning image /tmp/Deepfence/SecretScanning/userrepo/save-output.tar for secrets...
summary:
total=0 high=0 medium=0 low=0
{
"Timestamp": "2023-10-11T23:31:17.192741222Z",
"Image Name": "user/repo",
"Image ID": "f28ffd78641197871fea8fd679f2bf8a1cdafa4dc3f1ce3e700ad964aac2879a",
"Container ID": "",
"Secrets": null
}
which can't be parsed as json. Adding the flag -debug-level FATAL
also didn't help...
What is the intended usage here?
hi @timobrembeck, the recommended usage is to execute docker run
as shown below this outputs json to stdout which can be redirected to a file
this gets json output to stdout
docker run -i --rm --name=deepfence-secretscanner \
-v /var/run/docker.sock:/var/run/docker.sock \
deepfenceio/deepfence_secret_scanner:2.0.0 \
-image-name node:8.11 --output json
this redirects json from stdout to file node.json
docker run -i --rm --name=deepfence-secretscanner \
-v /var/run/docker.sock:/var/run/docker.sock \
deepfenceio/deepfence_secret_scanner:2.0.0 \
-image-name node:8.11 --output json > node.json
docker-compose usage is not recommended
Encountered an error while running the
deepfenceio/deepfence_secret_scanner:2.0.0
docker image.Noticed that 2 related json output options were remove from an earlier PR https://github.com/deepfence/SecretScanner/pull/97/files
json-filename
andoutput-path
However, those options are still being used / referenced in some docs. They probably should be updated so as not to cause confusions.
E.g. https://github.com/deepfence/SecretScanner/blob/97a7eb4ad58be365ed6d3d28b406422edb11042a/docs/docs/secretscanner/quickstart.md?plain=1#L39
Side note, slightly curious about the reason behind the sudden change removing json output support, I didn't find much explanation / change info from the PR itself.