search

docker / scout-cli

Docker Scout CLI
https://docker.com/products/docker-scout
Other
250 stars 60 forks source link

docker scout fails on aarch64 #89

Closed gounthar closed 4 months ago

gounthar commented 5 months ago

Hi,

I tried to apply a few commands from the official documentation, and it failed:

 docker scout cves alpine
    ✓ Pulled
    ✓ Image stored for indexing
    ✓ Indexed 19 packages
panic: interface conversion: interface {} is nil, not float64

goroutine 1 [running]:
github.com/docker/scout-cli-plugin/internal/dso.handleError({0x0, 0x0}, {0x25a6100?, 0x4000ffa0a8?})
        /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/dso/dso.go:750 +0x364
github.com/docker/scout-cli-plugin/internal/dso.(*DSO).CVEs(0x400027a860, {0x25b8500, 0x4000351dd0}, 0x20?)
        /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/dso/dso.go:75 +0x1b4
github.com/docker/scout-cli-plugin/cves.(*Lister).FromSBOM(0x4000a20710, {0x25b8500, 0x4000351dd0}, _, {{0x3759440, 0x0, 0x0}, {0x3759440, 0x0, 0x0}, ...})
        /home/runner/work/scout-cli-plugin/scout-cli-plugin/cves/cves.go:70 +0x44
github.com/docker/scout-cli-plugin/internal/commands/cves.NewCmd.func2(0x400014f500?, {0x4000a216e0?, 0x1?, 0x1?})
        /home/runner/work/scout-cli-plugin/scout-cli-plugin/internal/commands/cves/cves.go:232 +0x80c
github.com/spf13/cobra.(*Command).execute(0x400014f500, {0x4000350d10, 0x1, 0x1})
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:983 +0x82c
github.com/spf13/cobra.(*Command).ExecuteC(0x4000ad0000)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1115 +0x344
github.com/spf13/cobra.(*Command).Execute(...)
        /home/runner/go/pkg/mod/github.com/spf13/cobra@v1.8.0/command.go:1039
github.com/docker/cli/cli-plugins/plugin.RunPlugin(0x25c8d00?, 0x400014e900, {{0x1b7ec70, 0x5}, {0x1ba8287, 0xb}, {0x4000983ee4, 0x6}, {0x1bb51ae, 0xc}, ...})
        /home/runner/go/pkg/mod/github.com/docker/cli@v24.0.5+incompatible/cli-plugins/plugin/plugin.go:51 +0x13c
main.runPlugin(0x1c388ae?)
        /home/runner/work/scout-cli-plugin/scout-cli-plugin/cmd/docker-scout/main.go:29 +0x10c
main.main()
        /home/runner/work/scout-cli-plugin/scout-cli-plugin/cmd/docker-scout/main.go:53 +0x130
docker scout version

      ⢀⢀⢀             ⣀⣀⡤⣔⢖⣖⢽⢝
   ⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀    ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
  ⡜⡜⡜⡜⡜⡜⠜⠈⠈        ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
 ⢘⢜⢜⢜⢜⠜               ⠈⠪⡳⡵⣹⡪⠇
 ⠨⡪⡪⡪⠂    ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀    ⠘⢝⢮⡚       _____                 _
  ⠱⡱⠁    ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦    ⠘⡵⠁      / ____| Docker        | |
   ⠁    ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣    ⠁      | (___   ___ ___  _   _| |_
        ⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳            \___ \ / __/ _ \| | | | __|
   ⢀    ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏    ⡀       ____) | (_| (_) | |_| | |_
  ⢀⢾⠄    ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝    ⢠⢣⢂     |_____/ \___\___/ \__,_|\__|
  ⡼⣕⢗⡄    ⠈⠓⠝⢮⡳⣝⠮⠳⠙     ⢠⢢⢣⢣
 ⢰⡫⡮⡳⣝⢦⡀              ⢀⢔⢕⢕⢕⢕⠅
 ⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀        ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁    ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉             ⠈⠈⠈⠈

version: v1.3.0 (go1.21.3 - linux/arm64)
git commit: 1934037f9d1cd0875cd2e5817cb19545d446cbf5
cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
cdupuis commented 5 months ago

Thanks @gounthar. This was fixed post release and the fix will be included in the next release version which will be available in the next day or two.

gounthar commented 5 months ago

That's great to hear, thanks ! 🎉

cdupuis commented 4 months ago

This should be fixed in the lates version.

gounthar commented 4 months ago

The error may be on my side now. 🤔 

docker scout cves alpine
    ✓ Image stored for indexing
    ✓ Indexed 19 packages
ERROR   Status: could not list CVEs for the image: API operation failed: Message: 403 Forbidden; body: "\n<html><head>\n<meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<title>403 Forbidden</title>\n</head>\n<body text=#000000 bgcolor=#ffffff>\n<h1>Error: Forbidden</h1>\n<h2>Your client does not have permission to get URL <code>/v1/graphql</code> from this server.</h2>\n<h2></h2>\n</body></html>\n", Locations: [], Extensions: map[code:request_error], Code: 1
docker scout version

      ⢀⢀⢀             ⣀⣀⡤⣔⢖⣖⢽⢝
   ⡠⡢⡣⡣⡣⡣⡣⡣⡢⡀    ⢀⣠⢴⡲⣫⡺⣜⢞⢮⡳⡵⡹⡅
  ⡜⡜⡜⡜⡜⡜⠜⠈⠈        ⠁⠙⠮⣺⡪⡯⣺⡪⡯⣺
 ⢘⢜⢜⢜⢜⠜               ⠈⠪⡳⡵⣹⡪⠇
 ⠨⡪⡪⡪⠂    ⢀⡤⣖⢽⡹⣝⡝⣖⢤⡀    ⠘⢝⢮⡚       _____                 _
  ⠱⡱⠁    ⡴⡫⣞⢮⡳⣝⢮⡺⣪⡳⣝⢦    ⠘⡵⠁      / ____| Docker        | |
   ⠁    ⣸⢝⣕⢗⡵⣝⢮⡳⣝⢮⡺⣪⡳⣣    ⠁      | (___   ___ ___  _   _| |_
        ⣗⣝⢮⡳⣝⢮⡳⣝⢮⡳⣝⢮⢮⡳            \___ \ / __/ _ \| | | | __|
   ⢀    ⢱⡳⡵⣹⡪⡳⣝⢮⡳⣝⢮⡳⡣⡏    ⡀       ____) | (_| (_) | |_| | |_
  ⢀⢾⠄    ⠫⣞⢮⡺⣝⢮⡳⣝⢮⡳⣝⠝    ⢠⢣⢂     |_____/ \___\___/ \__,_|\__|
  ⡼⣕⢗⡄    ⠈⠓⠝⢮⡳⣝⠮⠳⠙     ⢠⢢⢣⢣
 ⢰⡫⡮⡳⣝⢦⡀              ⢀⢔⢕⢕⢕⢕⠅
 ⡯⣎⢯⡺⣪⡳⣝⢖⣄⣀        ⡀⡠⡢⡣⡣⡣⡣⡣⡃
⢸⢝⢮⡳⣝⢮⡺⣪⡳⠕⠗⠉⠁    ⠘⠜⡜⡜⡜⡜⡜⡜⠜⠈
⡯⡳⠳⠝⠊⠓⠉             ⠈⠈⠈⠈

version: v1.4.1 (go1.21.6 - linux/arm64)
git commit: 8f8fca49ab253bee1898098cdba37d9362a1ad1d
cdupuis commented 4 months ago

🫣this is not an error message I recognise. Makes me wonder if there's a proxy or something in your network config?

gounthar commented 4 months ago

I don't think so, as it is an Ampere machine in the Oracle Cloud Free Tier program. Let me try that on another machine in another network. 🤔 In the meantime, I tried another command (just in case alpine would be the problem) and got more or less the same result:

docker scout cves --format only-packages --only-vuln-packages $IMG
    ...Storing image for indexing
    ✓ Image stored for indexing
    ...Indexing
    ✓ Indexed 397 packages
    ✓ No vulnerable package detected
  Name  Version  Type  Vulnerabilities  
───────────────────────────────────────────
$ docker scout recommendations $IMG
    ✓ SBOM of image already cached, 397 packages indexed
ERROR   Status: could not get base image: API operation failed: Message: 403 Forbidden; body: "\n<html><head>\n<meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<title>403 Forbidden</title>\n</head>\n<body text=#000000 bgcolor=#ffffff>\n<h1>Error: Forbidden</h1>\n<h2>Your client does not have permission to get URL <code>/v1/graphql</code> from this server.</h2>\n<h2></h2>\n</body></html>\n", Locations: [], Extensions: map[code:request_error], Code: 1