search

triat / terraform-security-scan

Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
MIT License
110 stars 30 forks source link

Docker Hub image has wrong entrypoint.sh #21

Closed andreabenfatto closed 3 years ago

andreabenfatto commented 3 years ago

Hi there,

Perhaps there is something wrong with the Docker image pushed on Docker hub. The /entrypoint.sh file is almost empty and doesn't reflect what declared in this repo.

Here the content of the file:

#!/bin/sh -l

/go/bin/tfsec /github/workspace

This image is the one used by the Github Action, therefore nothing is really working: my current Github Workflow timeout and testing locally using Docker the container hangs forever... here the command I'm using: docker run -it --rm -v (pwd):"/github/workspace" triat/tfsec:latest

triat commented 3 years ago

Hey @andreabenfatto,

This is totally my fault, I used to build this image and use it on github actions but I realized that github is also building the image itself, therefore I dropped the used of it, without removing it. This is my mistake and I'll make sure to remove it to avoid any confusion.

Thanks for your feedback

andreabenfatto commented 3 years ago

Thanks for the quick answer, and by the way thanks for the Github Action, because it's exactly as I would go to build it :)

Honestly, I decided to investigate the Docker hub image because in the first place I've got the same issue using the Github Action (which is pulling the Docker Hub image).

I didn't know either that Github is pushing the images on the hub on your behalf.

andreabenfatto commented 3 years ago

@triat this is what I get now from Github when the workflow tries to pull down the image :(

Pull down action image 'triat/tfsec:latest'
6 /usr/bin/docker pull triat/tfsec:latest
7 Error response from daemon: pull access denied for triat/tfsec, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
8 Warning: Docker pull failed with exit code 1, back off 1.055 seconds before retry.
9 /usr/bin/docker pull triat/tfsec:latest
10 Error response from daemon: pull access denied for triat/tfsec, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
11 Warning: Docker pull failed with exit code 1, back off 3.203 seconds before retry.
8 /usr/bin/docker pull triat/tfsec:latest
9 Error response from daemon: pull access denied for triat/tfsec, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
10 Error: Docker pull failed with exit code 1
stefanwb commented 3 years ago

This fixed it for us:

-        uses: triat/terraform-security-scan@v1
+        uses: triat/terraform-security-scan@v2.0.2
andreabenfatto commented 3 years ago

@stefanwb it fixes the issue here! :pray:

@triat please update the documentation (i.e. the example) to avoid confusion.

stefanwb commented 3 years ago

Related PR here 👉 https://github.com/triat/terraform-security-scan/pull/22

stefanwb commented 3 years ago

@andreabenfatto good to hear!

BTW we chose for a tag rather than master for the expected stability but for the example master should be fine.

triat commented 3 years ago

Mmh interesting, I should maybe remove those old tags for the sake of not having people stuck on this old way of working.

I saw your PR @stefanwb but I'd like to keep a tag in the documentation as explained in the PR. I'll continue the discussion with you there.

Thanks

stefanwb commented 3 years ago

I think this one can be closed now, right?

triat commented 3 years ago

You're right, I'm closing it