search

microsoft / CSEDevOps

Azure DevOps extensions from CSE DevOps team
MIT License
26 stars 11 forks source link

Azure CI Pipeline with 'agentScan' type is failing #49

Open mariocastillo86 opened 4 months ago

mariocastillo86 commented 4 months ago

Hi,

I've been looking for some good example of how this pipeline would look like but couldn't find it. My current one is failing with:

Starting: owaspzap

Task : OWASP Zap Scanner Description : Utilize the OWASP/ZAP scanner within Azure DevOps Version : 1.0.1 Author : Doyle Turner, Anthony Turner Help :

/usr/bin/bash /home/vsts/work/_tasks/owaspzap_866820e2-7f62-466f-94ec-afeeab860f89/1.0.1/localtarget.sh 172.17.0.1 /usr/bin/chmod 777 /home/vsts/work/1/s/owaspzap /usr/bin/id -u root 0 /opt/hostedtoolcache/docker-stable/17.9.0-ce/x64/docker run -u 0 -v /home/vsts/work/1/s/owaspzap:/zap/wrk/:rw owasp/zap2docker-stable zap-baseline.py -t http://172.17.0.1:80 -J report.json -r report.html Unable to find image 'owasp/zap2docker-stable:latest' locally /opt/hostedtoolcache/docker-stable/17.9.0-ce/x64/docker: Error response from daemon: pull access denied for owasp/zap2docker-stable, repository does not exist or may require 'docker login': denied: requested access to the resource is denied. See '/opt/hostedtoolcache/docker-stable/17.9.0-ce/x64/docker run --help'.

[error]ENOENT: no such file or directory, open '/home/vsts/work/1/s/owaspzap/report.json'

Finishing: owaspzap

I'm not sure where to add that docker login. This is my 'yml' file:

trigger:
- develop

pool:
  vmImage: ubuntu-latest

steps:
- task: DockerInstaller@0
  inputs:
    dockerVersion: '17.09.0-ce'
- task: DockerCompose@0
  inputs:
    containerregistrytype: 'Azure Container Registry'
    azureSubscription: 'MyAzureSubscription'
    azureContainerRegistry: 'MyContainerRegistry'
    dockerComposeFile: '**/docker-compose.yml'
    action: 'Run a Docker Compose command'
    dockerComposeCommand: 'rm'
    detached: true
- task: owaspzap@1
  inputs:
    aggressivemode: false
    scantype: agentScan
    threshold: 50
    port: 80
- bash: |
   sudo npm install -g handlebars-cmd

   cat <<EOF > owaspzap/nunit-template.hbs
   {{#each site}}

   <test-run
       id="2"
       name="Owasp test"
       start-time="{{../[@generated]}}"  >
       <test-suite
           id="{{@index}}"
           type="Assembly"
           name="{{[@name]}}"
           result="Failed"
           failed="{{alerts.length}}">
           <attachments>
               <attachment>
                   <filePath>owaspzap/report.html</filePath>
               </attachment>
           </attachments>
       {{#each alerts}}<test-case
           id="{{@index}}"
           name="{{alert}}"
           result="Failed"
           fullname="{{alert}}"
           time="1">
               <failure>
                   <message>
                       <![CDATA[{{{desc}}}]]>
                   </message>
                   <stack-trace>
                       <![CDATA[
   Solution:
   {{{solution}}}

   Reference:
   {{{reference}}}

   instances:{{#each instances}}
   * {{uri}}
       - {{method}}
       {{#if evidence}}- {{{evidence}}}{{/if}}
                       {{/each}}]]>
                   </stack-trace>
               </failure>
       </test-case>
       {{/each}}
       </test-suite>
   </test-run>
   {{/each}}
   EOF
  displayName: 'owasp nunit template'
  condition: always()
twartonick commented 4 months ago

Hi, The link takes you to why and my workaround :) https://github.com/microsoft/CSEDevOps/issues/47