`install-inline-scanner` does not successfully install the lacework scanner for versions later than 0.24.0

lacework / circleci-orb-lacework

Lacework Orb for CircleCI

Apache License 2.0

2 stars 3 forks source link

`install-inline-scanner` does not successfully install the lacework scanner for versions later than 0.24.0 #50

Open TheMetalCode opened 2 months ago

TheMetalCode commented 2 months ago

Orb Version 1.6.0

Describe the bug

As of https://github.com/lacework/lacework-vulnerability-scanner/releases/tag/0.25.0 the naming convention for the binaries appears to have changed (compare to https://github.com/lacework/lacework-vulnerability-scanner/releases/tag/v0.24.0).

As a result, the install-inline-scanner orb command is no longer able to install the binaries from the latest release tag:

publish_docker_canary__16453__-_doximity_pipefitter

To Reproduce

Expected behavior

Additional context

tsooryakie commented 1 month ago

Hey everyone, we ran into the same issue and have a workaround to pin the version to v0.24.0.

Instead of using the orb's command directly (i.e. calling lacework/install-inline-scanner in your workflow), we used the published source command directly and pinned it to v0.24.0

We edited this with curl ${url} | sudo bash -s -- -v v0.24.0, which now works fine.

TheMetalCode commented 1 month ago

@tsooryakie Thank you for adding that! I ended up doing the same but forgot to mention it here. 🙇

TheMetalCode commented 1 month ago

For https://github.com/lacework/lacework-vulnerability-scanner/releases/tag/v0.27.0 we no longer have the 404 issue but we do see a different error:

publish_docker_canary__18521__-_doximity_pipefitter