search

docker / scout-cli

Docker Scout CLI
https://docker.com/products/docker-scout
Other
250 stars 60 forks source link

docker-scout cves fs: markdown format when causes runtime error #113

Closed christophbrejla closed 3 weeks ago

christophbrejla commented 2 months ago

Hello,

when trying to scan with "docker-scout cves fs://. --format markdown" a runtime error happens. Please see the example below. Other formats like "sarif" or "sbom" are working. Would be great if this can be fixed!

Thanks

root@plg03-christoph:/tmp/myscan# docker-scout cves fs://. --format markdown ✓ File system read ✓ Indexed 1004 packages ✗ Detected 75 vulnerable packages with a total of 224 vulnerabilities panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0xb8 pc=0x1d3cdd1]

goroutine 1 [running]: github.com/docker/scout-cli-plugin/internal/format/sbom/markdownvulns.(MarkdownVulns).gen(0xc009905aa0, 0xc00e44c3c0) /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/format/sbom/markdownvulns/markdownvulns.go:134 +0x2b1 github.com/docker/scout-cli-plugin/internal/format/sbom/markdownvulns.(MarkdownVulns).Print(0x7fffe73db7d7?, {0x8?, 0xc009905a70?}, {0x2dd9000, 0xc00012c020}, 0x0?, 0x415cde0?) /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/format/sbom/markdownvulns/markdownvulns.go:107 +0x25 github.com/docker/scout-cli-plugin/internal/commands/cves.NewCmd.func2(0xc000b14308?, {0xc000b3dc20?, 0x1?, 0x229646f?}) /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/commands/cves/cves.go:277 +0xed5 github.com/spf13/cobra.(Command).execute(0xc000b14308, {0xc000110070, 0x3, 0x3}) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:983 +0xaca github.com/spf13/cobra.(Command).ExecuteC(0xc000651508) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115 +0x3ff github.com/spf13/cobra.(*Command).Execute(...) /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039 main.runStandalone(0xc00020e900) /home/runner/work/scout-cli-plugin/scout-cli-plugin/cmd/docker-scout/main.go:24 +0x57 main.main() /home/runner/work/scout-cli-plugin/scout-cli-plugin/cmd/docker-scout/main.go:51 +0x125

eunomie commented 2 months ago

Thank you @christophbrejla for raising the issue. This has been fixed and will be part of the next release.

cdupuis commented 3 weeks ago

Fix has been released.