There was an issue running inspector-sbomgen is ../linux/arm64/inspector-sbomgen the correct path?

spu-xb01 commented 5 months ago

Jenkins and plugins versions report

Making downloaded SBOMGen executable...
Running command...
[/home/ec2-user/inspector-sbomgen/linux/arm64/inspector-sbomgen, container, --image, alpine:latest]
Plugin execution ran into an error and is being aborted!
Exception:com.amazon.inspector.jenkins.amazoninspectorbuildstep.exception.SbomgenNotFoundException: There was an issue running inspector-sbomgen, is /home/ec2-user/inspector-sbomgen/linux/arm64/inspector-sbomgen the correct path?
com.amazon.inspector.jenkins.amazoninspectorbuildstep.exception.SbomgenNotFoundException: There was an issue running inspector-sbomgen, is /home/ec2-user/inspector-sbomgen/linux/arm64/inspector-sbomgen the correct path?
    at com.amazon.inspector.jenkins.amazoninspectorbuildstep.sbomgen.SbomgenRunner.runSbomgen(SbomgenRunner.java:83)
    at com.amazon.inspector.jenkins.amazoninspectorbuildstep.sbomgen.SbomgenRunner.run(SbomgenRunner.java:49)
    at com.amazon.inspector.jenkins.amazoninspectorbuildstep.AmazonInspectorBuilder.perform(AmazonInspectorBuilder.java:180)
    at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:101)
    at org.jenkinsci.plugins.workflow.steps.CoreStep$Execution.run(CoreStep.java:71)
    at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.base/java.lang.Thread.run(Unknown Source)

/home/ec2-user/inspector-sbomgen/linux/arm64/inspector-sbomgen

This is the correct path and the files are there ./inspector-sbomgen container -i alpine:latest If I don't run through a plugin everything works as expected

these solutions don't help https://docs.aws.amazon.com/inspector/latest/user/cicd-jenkins.html

What Operating System are you using (both controller, and any agents involved in the problem)?

NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/" SUPPORT_END="2025-06-30" Amazon Linux release 2 (Karoo)

Reproduction steps

pipeline {
    agent  {
        label 'ARM64'
    }

    stages {
        stage ('amazon-inspector-image-scanner') {
            steps {
                script {
                    step ([
                        $class: 'com.amazon.inspector.jenkins.amazoninspectorbuildstep.AmazonInspectorBuilder',
                        sbomgenPath: '/home/ec2-user/inspector-sbomgen/linux/arm64/inspector-sbomgen',
                        archivePath: 'alpine:latest',
                        awsRegion: 'us-east-1',
                        iamRole: 'arn:aws:iam::role',
                        isThresholdEnabled: 'false',
                        countCritical: 0, 
                        countHigh: 0, 
                        countLow: 10, 
                        countMedium: 5,
                    ])
                }
            }
        }
    }
}

Expected Results

INFO[0000] Amazon Inspector SBOM Generator v1.1.0 - linux arm64 - Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved 
INFO[0000] [./inspector-sbomgen container -i alpine:latest] 
INFO[0000] writing log file to: /home/ec2-user/.inspector-sbomgen/logs/inspector-sbomgen-log_2024-05-06_13-38-22.txt 
INFO[2024-05-06 13:38:22]coreV1.go:34: initializing target artifact                 
INFO[2024-05-06 13:38:22]stagingdir.go:60: created temporary staging directory: /home/ec2-user/.inspector-sbomgen/artifact-cache1611348113 
INFO[2024-05-06 13:38:22]imageInit.go:28: checking if image is a tarball               
INFO[2024-05-06 13:38:22]imageInit.go:37: checking if image exists in the local Docker daemon 
INFO[2024-05-06 13:38:22]imageInit.go:40: image appears to be locally cached           
INFO[2024-05-06 13:38:22]coreV1.go:44: executing pre-processors                     
INFO[2024-05-06 13:38:22]artifactContainer.go:134: initializing analyzers                       
INFO[2024-05-06 13:38:22]artifactContainer.go:139: inventorying the image; this may take some time depending on your image size... 
|   [0s] 
INFO[2024-05-06 13:38:22]systeminfo.go:41: initializing artifact system info            
INFO[2024-05-06 13:38:22]coreV1.go:53: analyzing artifact                           
|   [0s] 
INFO[2024-05-06 13:38:23]coreV1.go:62: executing post-processors                    
INFO[2024-05-06 13:38:23]coreV1.go:71: encoding findings                            
INFO[2024-05-06 13:38:23]containers.go:227: encoded 12 components                        
INFO[2024-05-06 13:38:23]artifactContainer.go:229: cleaning up any file system artifacts        
INFO[2024-05-06 13:38:23]stagingdir.go:106: deleting staging directory; please wait      
INFO[2024-05-06 13:38:23]stagingdir.go:113: deleted 7 megabytes from staging directory: /home/ec2-user/.inspector-sbomgen/artifact-cache1611348113

Actual Results

Plugin execution ran into an error and is being aborted! Exception:com.amazon.inspector.jenkins.amazoninspectorbuildstep.exception.SbomgenNotFoundException: There was an issue running inspector-sbomgen, is /home/ec2-user/inspector-sbomgen/linux/arm64/inspector-sbomgen the correct path? com.amazon.inspector.jenkins.amazoninspectorbuildstep.exception.SbomgenNotFoundException: There was an issue running inspector-sbomgen, is /home/ec2-user/inspector-sbomgen/linux/arm64/inspector-sbomgen the correct path?

Anything else?

No response

Are you interested in contributing a fix?

No response

waltwilo commented 5 months ago

Hi, thanks for reaching out.

Its likely that Jenkins doesn't have permissions to interact with inspector-sbomgen. If you're intent on using a standalone binary, ensure that the jenkins user has permissions to start inspector-sbomgen. Alternatively, you can use the automatic downloader to allow the plugin to download and use the required binary at runtime. You can use this option by adding sbomgenSource: 'linuxAmd64' to your build step. If you have an arm-based system, use "linuxArm64" instead.

ophintor commented 2 months ago

Well, I have the same problem and Jenkins definitely can run the binary directly and generate a json file if I run it with a shell in my pipeline. However, using the same path within the plugin gives me the same error as above.

ophintor commented 2 months ago

The issue was that the plugin runs on an agent but it's looking for the binary in the master, as explained here: https://github.com/jenkinsci/amazon-inspector-image-scanner-plugin/issues/60#issuecomment-2275629406

jenkinsci / amazon-inspector-image-scanner-plugin