search

openclarity / vmclarity

VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
openclarity.io
Apache License 2.0
93 stars 22 forks source link

Fix dependency track scanner #1078

Open paralta opened 5 months ago

paralta commented 5 months ago

Description

Currently, if use the dependency track scanner in VMClarity, the scan will fail because this scanner is not configured. This was discovered while removing the KubeClarity dependency in VMClarity https://github.com/openclarity/vmclarity/pull/1076, thus the dependency track code was not moved and this scanner was removed as an available tool.

Please investigate the configuration available at https://github.com/openclarity/kubeclarity/blob/main/shared/pkg/scanner/dependency_track/example/README.md and, once this issue is solved move the scanner code to VMClarity https://github.com/openclarity/kubeclarity/tree/main/shared/pkg/scanner/dependency_track.

Expected Behavior

Successful scan.

Actual Behavior

Scan fails because the configuration parameters are not set.

Affected Version

Main branch running in Docker provider.

Steps to Reproduce

  1. Enable only the "dependency-track" scanner at https://github.com/openclarity/vmclarity/blob/main/api/models/families.go#L31
  2. Run Vulnerability scan on a Docker container
  3. Check asset scan results

Checklist

github-actions[bot] commented 3 months ago

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 14 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.