search

eclipse / steady

Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
Apache License 2.0
517 stars 124 forks source link

Docker-compose install scripts is not working #552

Closed sveryovka closed 1 year ago

sveryovka commented 2 years ago

Describe the bug setup-steady.sh script is not working: ~/steady$ ./setup-steady.sh Installation skipped (the directory /home/serhiy/steady/steady-3.2.3/ already contains necessary files) Press <a> to start all of Steady's Docker Compose services (or any other key to skip execution): a Executing Steady with ./steady-3.2.3/start-steady.sh -s all unexpected character "." in variable name near "vulas.backend.cveCache.refetchAllMs=7200000\n\n# Determines the waiting time between the fetch of single bugs, which is computed as value + (value * Math.random)\n# Default: 60000 (60 sec)\nvulas.backend.cveCache.refetchSingleMs=10000\n\n########## Special workspaces\n\n# Tokens of spaces that cannot be deleted using the REST endpoint\n# Default:\nvulas.backend.space.doNotDelete=\n\n# Tokens of spaces that cannot be cleaned using the REST endpoint\n# Default:\nvulas.backend.space.doNotClean=\n\n# Tokens of spaces that cannot be modified using the REST endpoint\n# Default:\nvulas.backend.space.doNotModify=\n\n\n\n########## Jira configuration (required by coverage service and browser extensions)\n\n# URL of the Jira where issues are searched and created\n# Default: -\nvulas.shared.jira.serviceUrl=\n\n# Required for the Jira search API\n# @SAP: id for \"OSS Vulnerability Assessment\" or \"vulas\"\nvulas.shared.jira.projectId=\n\n# Required for the Jira search API\n# @SAP: id for \"vuln-analysis\"\nvulas.shared.jira.componentId=\n\n# Link to open a Jira ticket, the issue id will be appended\nvulas.shared.jira.browseIssueUrl=\n\n# Link to create new Jira tickets, the issue title will be appended\n# Note: The link also contains projectId and componentId\nvulas.shared.jira.createIssueUrl=\n\n\n\n########## Email-related information\n\n# Email subject used when sending a list of all apps as CSV.\n# See: ApplicationController.getApplicationsAsCsv(...)\n# Default: -\nvulas.backend.allApps.mailSubject=\n\n# Sender address used whenever emails are sent\n# Default: -\nvulas.backend.smtp.sender=\n\n# SMTP host\n# Default: -\nvulas.backend.smtp.host=\n\n# SMTP port (smtps=587)\n# Default: -\nvulas.backend.smtp.port=\n\n# SMTP user\n# Default: -\nvulas.backend.smtp.user=\n\n# SMTP password\n# Default: -\nvulas.backend.smtp.pwd=\n\n\n\n########## Frontend customizing\n\n# Comma-separated list of regex to validate distribution lists email addresses\n# Default:\nvulas.backend.frontend.apps.dl.regex=\n\n# Example DL matching the regex\n# Default:\nvulas.backend.frontend.apps.dl.example=\n\n# Label for application software identifier (from external system)\n# Default:\nvulas.backend.frontend.apps.sw.id.label=Software ID\n\n# URL to test for user-submitted sowftware identifiers' validity\n# Default: /swidproxy\nvulas.backend.frontend.apps.sw.id.url=\n\n# Determines whether the software Id should be enforced: if true either sw.id or DL value must be provided.\n# Default:\nvulas.backend.frontend.apps.sw.id.mandatory=false\n\n# Link to wiki about application software identifier\n# Default:\nvulas.backend.frontend.apps.sw.id.link=\n\n# Name of the property used to store the application sofware identifier in the db\n# Default:\nvulas.backend.frontend.apps.sw.id.db.key=\n\n# Regex to validate application software identifier\n# Default:\nvulas.backend.frontend.apps.sw.id.regex=\n\n# Base url to link help pages in the Vulas wiki\n# Default:\nvulas.backend.frontend.apps.wiki.url=https://eclipse.github.io/steady/\n\n#workaround to make the autothread work until we figure out why the configurations settings inside the shared dependency are not consumed\nvulas.core.noThreads=AUTO\n" Error executing docker-compose

To Reproduce Steps to reproduce the behavior: Follow https://github.com/eclipse/steady/blob/master/docs/public/content/user/tutorials/index.md:

  1. download script
  2. run it

Expected behavior Script should work or documentation should be updated to indicate what needs to be configured

Steady version

serenaponta commented 2 years ago

Hello @sveryovka ,

can you share in which environment are you running the script (exp. OS)?

Thank you!

serenaponta commented 2 years ago

@sveryovka I was able to reproduce the issue and it turns out that docker-compose as of version 2.x is not backward compatible with respect to env variable with '.' and '-' specified via a file (whereas it works if they are listed in the environment section of the docker-compose file). (See https://github.com/docker/compose/issues/8507 and https://github.com/docker/compose/issues/8862 for more details). Due to the number of variable present in the file, for now i would suggest to downgrade docker-compose to version 1.29.

henrikplate commented 2 years ago

Hello @sveryovka, Can you confirm that the install scripts work for you when downgrading docker-compose 1.29?

henrikplate commented 1 year ago

Closed due to lack of feedback from issue author