search

slimtoolkit / slim

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
Apache License 2.0
18.78k stars 700 forks source link

Can't run image. #694

Open smarttang opened 1 week ago

smarttang commented 1 week ago

Expected Behavior

➜ ~ slim build --target ghcr.io/cyclonedx/cdxgen:latest --tag ghcr.io/cyclonedx/cdxgen:slims --http-probe=true
cmd=build info=param.http.probe message='using default probe' cmd=build state=started cmd=build info=params tags='ghcr.io/cyclonedx/cdxgen:slims' image-build-engine='internal' target.type='image' target.image='ghcr.io/cyclonedx/cdxgen:latest' continue.mode='probe' rt.as.user='true' keep.perms='true' cmd=build state=image.inspection.start cmd=build info=image id='sha256:0341e32d89418b307daebea66eae33cccb53c2a27b9ecf7cbde9594d11556707' size.bytes='8155766825' size.human='8.2 GB' cmd=build info=image.stack index='0' name='ghcr.io/cyclonedx/cdxgen:latest' id='sha256:0341e32d89418b307daebea66eae33cccb53c2a27b9ecf7cbde9594d11556707' cmd=build state=image.inspection.done cmd=build state=container.inspection.start cmd=build info=container name='slimk_40961_20240621142124' id='b54f73d53717f8f6a0bacc1b8e76d320f527da2cc9413ff3c47f71f1cdba5bcb' status='created' cmd=build info=container status='running' name='slimk_40961_20240621142124' id='b54f73d53717f8f6a0bacc1b8e76d320f527da2cc9413ff3c47f71f1cdba5bcb' cmd=build info=container message='obtained IP address' ip='172.17.0.3' cmd=build info=cmd.startmonitor status='sent' cmd=build info=event.startmonitor.done status='received' cmd=build info=container name='slimk_40961_20240621142124' id='b54f73d53717f8f6a0bacc1b8e76d320f527da2cc9413ff3c47f71f1cdba5bcb' target.port.list='' target.port.info='' message='YOU CAN USE THESE PORTS TO INTERACT WITH THE CONTAINER' cmd=build state=http.probe.error error="NO EXPOSED PORTS" message="expose your service port with --expose or disable HTTP probing with --http-probe=false if your containerized application doesnt expose any network services" cmd=build state=exited code=33554435 cmd=build info=container.inspector.cleanup name='slimk_40961_20240621142124' id='b54f73d53717f8f6a0bacc1b8e76d320f527da2cc9413ff3c47f71f1cdba5bcb' cmd=build state=container.target.shutdown.start cmd=build state=container.target.shutdown.done cmd=build info=report file='slim.report.json' cmd=build info=exit code='33554435' version='darwin/arm64|Transformer|1.40.11|latest|latest' location='/opt/homebrew/bin' app='slim' message='GitHub Discussions' info='https://github.com/slimtoolkit/slim/discussions' app='slim' message='Join the CNCF Slack channel to ask questions or to share your feedback' info='https://cloud-native.slack.com/archives/C059QP1RH1S' app='slim' message='Join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS' app='slim' message='Join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'

Actual Behavior

➜ ~ docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen:slims -r /app --server --server-host 0.0.0.0 node:internal/modules/cjs/loader:1186 const err = new Error(message); ^

Error: Cannot find module 'node-gyp/bin/node-gyp.js' Require stack:

Node.js v22.2.0

Steps to Reproduce the Problem

1. 1. 1. --- Specifications ================= - Version: - Platform:
kcq commented 1 week ago

Thanks for sharing the extra context and the container image info @smarttang ! This will make it easier to reproduce. It'll be great to have a minified CDX Gen image.

smarttang commented 1 week ago

You're welcome. I hope this can be handled. We currently have actual scenarios, such as Java images, which are basically up to 20GB. We hope to use tools to reduce the size of container images. For example, the Jar package we currently build based on the Java Spring boot image is very large, and the cost of each build is extremely high. If the tool can provide assistance, it will be of great help to us.

kcq commented 1 week ago

The current failure is due to missing port info, but it's likely there's more to configure (investigating...).

The Java use cases sound interesting... I'm sure we'll be able to come up with something

kcq commented 1 week ago

@smarttang here's a minified version that i tested with github repos and container images: mintoolkit/cdxgen.slim

Here's an example of how I run it (I also mounted the Docker socket, so cdxgen can handle container scanning requests): docker run --init --name cdxgen-slim --rm -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t mintoolkit/cdxgen.slim -r /app --server --server-host 0.0.0.0

Here are the curl calls I used for testing:

Do you mind running more tests with this minified cdxgen image to make sure I'm not missing anything there?

smarttang commented 5 days ago

@smarttang here's a minified version that i tested with github repos and container images: mintoolkit/cdxgen.slim

Here's an example of how I run it (I also mounted the Docker socket, so cdxgen can handle container scanning requests): docker run --init --name cdxgen-slim --rm -v /var/run/docker.sock:/var/run/docker.sock -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t mintoolkit/cdxgen.slim -r /app --server --server-host 0.0.0.0

Here are the curl calls I used for testing:

  • curl http://localhost:9090/health
  • curl "http://localhost:9090/sbom?url=https://github.com/HooliCorp/vulnerable-aws-koa-app.git&multiProject=true&type=js"
  • curl "http://127.0.0.1:9090/sbom?url=https://github.com/kcq/cloud-native-rejekts-2023.git&multiProject=true&type=js"
  • curl "http://localhost:9090/sbom?url=mintoolkit/cncf-securitycon-app&multiProject=true&type=docker"

Do you mind running more tests with this minified cdxgen image to make sure I'm not missing anything there?

ok, I'm try again. thx