search

globocom / huskyCI

Performing security tests inside your CI
https://huskyci.opensource.globo.com
BSD 3-Clause "New" or "Revised" License
572 stars 137 forks source link

Install with Proxy problem #499

Closed fabionoth closed 4 years ago

fabionoth commented 4 years ago

We try using huskyCI with proxy packages infrastructure and we replace some instalation codes. Basicly about FROM in dockerfiles. Follow changes:

[root@server huskyCI]# git status
# On branch master
# Changes not staged for commit:
#   (use "git add <file>..." to update what will be committed)
#   (use "git checkout -- <file>..." to discard changes in working directory)
#
#       modified:   client/cmd/main.go
#       modified:   deployments/docker-compose.yml
#       modified:   deployments/dockerfiles/api.Dockerfile
#       modified:   deployments/dockerfiles/db.Dockerfile
#       modified:   deployments/dockerfiles/enry/Dockerfile
#       modified:   deployments/dockerfiles/postgres.Dockerfile
#       modified:   deployments/dockerfiles/tfsec/Dockerfile
#       modified:   deployments/scripts/build-containers.sh
#       modified:   deployments/scripts/generate-local-token.sh
#       modified:   deployments/scripts/push-containers.sh
#
no changes added to commit (use "git add" and/or "git commit -a")

After that we try: 

[root@server huskyCI]# make run-client-linux

Follow error: 

go: github.com/onsi/ginkgo@v1.12.1: Get https://proxy.golang.org/github.com/onsi/ginkgo/@v/v1.12.1.mod: proxyconnect tcp: EOF
make: *** [build-client-linux] Error 1

Thanks to all

rafaveira3 commented 4 years ago

Hey, @fabionoth! Thanks for reaching out to us. Glad to hear that you are trying to run huskyCI inside your company.

I totally understand that you may need to change part of huskyCI containers to properly run inside your company. However, we are unable here to understand what changes you have made.

By reading your git status output I realized that you haven't changed the config.yaml file, which indicates which container image huskyCI will pull when running the scans. If you are pushing your container to mycompany/enry, for example, you should edit this file as well.

Feel free to send us more details of your changes so that we can help you better! 🙃

fabionoth commented 4 years ago

Hey @rafaveira3 I update file in config.yml file and

Successfully tagged deployments_postgres:latest
Creating huskyCI_Docker_API ... done
Creating huskyCI_MongoDB    ... done
Creating huskyCI_Postgres   ... done
Creating huskyCI_Dashboard  ... done
Creating huskyCI_API        ... done
Generating Local Token      ... done

I got problems with 

root@server # make run-client-linux
[HUSKYCI][*] poc-golang-gosec -> https://github.com/globocom/huskyCI.git
[HUSKYCI][*] huskyCI analysis started! 
[HUSKYCI][ERROR] Monitoring analysis : huskyCI encountered an error trying to execute this analysis: Error response from daemon: Get https://internalproxy-nexus.com:5000/v2/: x509: certificate signed by unknown authority
make: *** [run-client-linux] Error 1

There's some argument/enviroment to ignore ssl internal certificates?

rafaveira3 commented 4 years ago

Hey, @fabionoth! It indeed looks like you are having some issues with these certificates. The section Securing your Docker API (recommended 🐼) in our docs here will guide you to have these settings up by there. If you desire, you can skip these steps when installing the Docker API in your current server.

rafaveira3 commented 4 years ago

Sup, @fabionoth. I am closing this one for now due to long inactivity. Fell free to reopen it if you have any other question :)