Error from scanning the package

[Yao-Wen-Chang]

Hi OSSF team,

I recently tried the following example:

sudo scripts/run_analysis.sh -ecosystem pypi -package Django

However, I encountered the following error:

-----------------------------------------
Package Details
Ecosystem:                pypi
Package:                  Django
Version:                  
Location:                 remote
-----------------------------------------
Analysing package

Unable to find image 'gcr.io/ossf-malware-analysis/analysis:latest' locally
docker: Error response from daemon: Get "https://gcr.io/v2/": proxyconnect tcp: dial tcp: lookup www-example-proxy: no such host.
See 'docker run --help'.

-----------------------------------------
Analysis failed

docker process exited with code 125

Ecosystem:                pypi
Package:                  Django
Version:                  
Location:                 remote

Could you please advise on how to resolve this error?

Thank you.

[calebbrown]

Hi, sometimes gcr.io can return errors.

I just ran ./scripts/run_analysis.sh -ecosystem pypi -package Django in a GitHub Codespace and it worked successfully.

Can you try again and see if the same error occurs?

[Yao-Wen-Chang]

Thank you for your response! It works on GitHub Codespace. I am wondering if this analyzer will provide an option to run not only within GitHub Codespace in the future? Are there any barriers to achieving this?

[Yao-Wen-Chang]

Hi @calebbrown, I solved the error when executing your analyzer. I got the result, but I have a question about how you found the suspicious packages with those results. Could you share with me the policy for further summarizing those results and detecting the suspicious behavior of those packages? Thanks in advance.