search

docker / scout-cli

Docker Scout CLI
https://docker.com/products/docker-scout
Other
252 stars 60 forks source link

Scanning archives with --type fail #51

Closed K2ouMais closed 9 months ago

K2ouMais commented 9 months ago

Hello everyone,

I have pipelines, that put the build images into a *.tar archive, and these archive will be scanned on another step.

Seems that the --type archive is gone and all my pipelines fail with an error.

Anmerkung 2023-09-25 075537

Ist this a wanted behaviour?

This has been running for weeks and failed today the first time.

dvdksn commented 9 months ago

👋🏻 hi @K2ouMais. We recently added support for specifying the artifact type via protocol prefixes for the image name. Could you try to update the command to the following format and see if it works?

cves archive:///tmp/${TAR_FILE} --only-severity critical,high

(note that the --type flag is removed and replaced by archive:// prefix.)

cdupuis commented 9 months ago

@K2ouMais sorry for the breaking change and inconvenience this causing you. As Docker Scout matures from Early Access to GA, we had to make this change now rather than later.

As @dvdksn mentioned, please switch to using the archive prefix.

K2ouMais commented 9 months ago

That isnt mentioned in the documentation: https://docs.docker.com/engine/reference/commandline/scout_cves/

The weird thing ist that the following commands dont work:

docker run -t -v $(pwd)/images:/tmp -e DOCKER_SCOUT_HUB_USER=${DOCKERHUB_USER} -e DOCKER_SCOUT_HUB_PASSWORD=${DOCKERHUB_PASSWORD} docker/scout-cli cves --type archive /tmp/${TAR_FILE} --only-severity critical,high`
docker run -t -v $(pwd)/images:/tmp -e DOCKER_SCOUT_HUB_USER=${DOCKERHUB_USER} -e DOCKER_SCOUT_HUB_PASSWORD=${DOCKERHUB_PASSWORD} docker/scout-cli:latest cves --type archive /tmp/${TAR_FILE} --only-severity critical,high`

But this one seems to work without a problem:

docker run -t -v $(pwd)/images:/tmp -e DOCKER_SCOUT_HUB_USER=${DOCKERHUB_USER} -e DOCKER_SCOUT_HUB_PASSWORD=${DOCKERHUB_PASSWORD} docker/scout-cli:0.24.1 cves --type archive /tmp/${TAR_FILE} --only-severity critical,high`

With other words, seems that the "0.24.1" isnt the latest after all.

I tried with archive:// and it seems to work again... Now I only have to fix all my pipelines :o(

cdupuis commented 9 months ago

It looks like the docker/scout-cli:latest was released a bit early. But you are effectively catching us between two releases (docs not updated etc). The latest version is now 1.0.1.

Now I only have to fix all my pipeline :o(

I'm really sorry for this. Trust me, now that we are going 1.0.0, we'll follow SemVer.

K2ouMais commented 9 months ago

I think this thread can be closed, as there is a solution.

Thank you