fatihtokus
commented
2 months ago Hi @DenMX ,
Thanks for using this plugin. Can you execute this command trivy plugin list and share the output please?
Regards, Fatih
Closed DenMX closed 2 months ago
fatihtokus
commented
2 months ago Hi @DenMX ,
Thanks for using this plugin. Can you execute this command trivy plugin list and share the output please?
Regards, Fatih
Fatima-Zahraebhbn
commented
2 months ago Hi Fatih,
I'm using docker Alpine and I'm facing the same situation. In alpine, I get the trivy file using the command curl -s -L -o - https://github.com/aquasecurity/trivy/releases/download/v0.50.4/trivy_0.50.4_Linux-64bit.tar.gz | tar -xz and the plugin installation was done using ./trivy plugin install github.com/fatihtokus/scan2html
The plugin was installed correctly as I can see it using the command ./trivy plugin list
Installed Plugins: Name: scan2html Version: 0.2.6
But the moment i execute ./trivy scan2html --scanner i get the error scan2html doesn't exist, but I see it -rwxr-xr-x 1 root root 4643 Apr 18 18:52 /root/.trivy/plugins/scan2html/scan2html
When I precise the absolute path to the scan2html in trivy command, I get the error
Plugin Commands scan2html scan targets into a smart html file Flags: --cache-dir string cache directory (default "/root/.cache/trivy") -c, --config string config path (default "trivy.yaml") -d, --debug debug mode -f, --format string version format (json) --generate-default-config write the default config to trivy-default.yaml -h, --help help for trivy --insecure allow insecure server connections -q, --quiet suppress progress bar and log output --timeout duration timeout (default 5m0s) -v, --version show version Use "trivy [command] --help" for more information about a command. 2024-04-25T07:56:09.275Z FATAL unknown flag: --scanners
is it maybe a compatibility issue in alpine ? As we are using gitlab pipeline, the Alpine docker image is used all the time
Thank you in advance !
Fatima
fatihtokus
commented
2 months ago Hi @Fatima-Zahraebhbn ,
Thanks for the detailed explanation. Because now two users are having this issue, we will be looking at this as a priority. We will keep you updated.
Regards
fatihtokus
commented
2 months ago Hi @Fatima-Zahraebhbn , @DenMX ,
I have created a gitlab pipeline to test the plugin. And saw that scan2html was trying to execute 'trivy' command instead of './trivy' which has been fixed with the latest release of v0.2.8. Also I noticed that the command that you use is missing flags. Can you use it like below, you need to pass a flag(misconfig,secret,license,vuln) after '---scanners'?
gitLab test pipeline details: https://gitlab.com/fatih.tokus/scan2html-test/-/blob/main/.gitlab-ci.yml https://gitlab.com/fatih.tokus/scan2html-test/-/jobs/6733545559
Regards, Fatih
Fatima-Zahraebhbn
commented
2 months ago Hi Fatih,
Thank you for the quick feedback and the fix that you provided.
I can see in your gitlab job that you used ruby:3.1 to execute your test ,i did the same and the scan went smooth. Unfortunately I still had the same issue in Alpine, I believe it could be an issue related to missing prerequisites (eg: ruby package, ..) ?
I could confirm that the plugin is working fine in opensuse/leap
Thank you ! Fatima
fatihtokus
commented
2 months ago Hi @Fatima-Zahraebhbn , @DenMX ,
At last we have found the root cause of your issue. And good news is that it is nothing to do with scan2html but missing bash and git on alpine linux. Have a look at the following pipeline configuration and let me know if the issue still exists. Can I ask a favour, could you give us a star which will really motivate us? And if you need any new feature that can be good in this plugin, please do not hesitate..
stages:
build-job:
image: alpine:3.14
stage: build
script:
When i call "trivy scan2html -h" i got an error that says no such file or directory, but file exist. Mb i'm doing something wrong