Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error without docker and with docker today #1151

Open
johnfelipe opened this issue Jul 17, 2023 · 1 comment
Open

error without docker and with docker today #1151

johnfelipe opened this issue Jul 17, 2023 · 1 comment

Comments

@johnfelipe
Copy link

root@template:~/horusec# horusec version
Version:          v2.8.0
Git commit:       df32c1ce03d2de748cecb76cff383f2851e198c3
Built:            Wed Jun 08 13:57:08 2022
Distribution:     normal
root@template:~/horusec# cd
root@template:~# cd DXC.Angular15.Template.Front/
root@template:~/DXC.Angular15.Template.Front# horusec start -p .
WARN[0000] {HORUSEC_CLI} Config file not found
ERRO[0000] {HORUSEC_CLI} Your docker version is below of:   error=19.3
Error: docker not found. Please check and try again
Usage:
  horusec start [flags]

Examples:
horusec start

Flags:
  -t, --analysis-timeout int                 The timeout threshold for the Horusec CLI wait for the analysis to complete. The minimum time is 10 (default 600)
  -a, --authorization string                 Authorization token to use on Horusec server. Read more: https://docs.horusec.io/docs/tutorials/how-to-create-an-authorization-token (default "00000000-0000-0000-0000-000000000000")
  -C, --certificate-path string              Path to certificate of authority. Example -C="example/ca.crt"
  -P, --container-bind-project-path string   Project path in host to be used on Docker when running Horusec inside a container
  -c, --custom-rules-path string             Path with custom rules that should be used by Horusec engine
  -D, --disable-docker                       Run Horusec without docker. If enabled it will only run the following tools: horusec-csharp, horusec-kotlin, horusec-java, horusec-kubernetes, horusec-leaks, horusec-javascript, horusec-dart, horusec-nginx
  -G, --enable-commit-author                 Enable to search commit author of vulnerabilities
	  --enable-git-history                   Run Gitleaks and search for vulnerabilities in all git history of the project https://github.com/zricethezav/gitleaks
  -w, --enable-owasp-dependency-check        Run Owasp Dependency Check tool https://github.com/jeremylong/DependencyCheck
  -j, --enable-shellcheck                    Run ShellCheck tool https://github.com/koalaman/shellcheck
  -F, --false-positive strings               Ignore a vulnerability by hash and set it to be false positive. Example -F="hash1, hash2"
	  --headers stringToString               Custom headers to send on request to Horusec API. Example --headers='{"X-Auth-Service": "value"}' (default [])
  -h, --help                                 help for start
  -u, --horusec-url string                   The Horusec server address to send analysis results (default "http://0.0.0.0:8000")
  -i, --ignore strings                       Paths to ignore in the analysis. Example: -i="/path/to/ignore, **/*_test.go, **/assets/**" (default [*tmp*,**/.vscode/**])
  -s, --ignore-severity strings              The level of vulnerabilities to ignore in the output ("LOW"|"MEDIUM"|"HIGH"). Example: -s="LOW, HIGH" (default [INFO])
  -I, --information-severity                 Enable information severity vulnerabilities. Information vulnerabilities can contain a lot of false positives
  -S, --insecure-skip-verify                 Disable the certification validation. PLEASE, try not to use it
  -O, --json-output-file string              Output file to write analysis result. This flag should be used with --output-format
  -o, --output-format string                 Output format of analysis ("text"|"json"|"sarif"|"sonarqube"). For json, sarif, and sonarqube --json-output-file is required
  -p, --project-path string                  Path to run an analysis. If this value is not passed, Horusec will ask if you want to run the analysis in the current directory (default "/root/DXC.Angular15.Template.Front")
  -n, --repository-name string               Send repository name to Horusec server, by default sends the actual directory name (default "DXC.Angular15.Template.Front")
  -r, --request-timeout int                  The timeout threshold for the request to the Horusec server. The minimum time is 10 (default 300)
  -e, --return-error                         Return exit code 1 if found vulnerabilities. Default value is false (exit code 0)
  -R, --risk-accept strings                  Ignore a vulnerability by hash and set it to be risk accept. Example -R="hash1, hash2"
	  --show-vulnerabilities-types strings   Show vulnerabilities by types ("Vulnerability"|"Risk Accepted"|"False Positive"|"Corrected"). Example --show-vulnerabilities-types="Vulnerability, Risk Accepted" (default [Vulnerability])

Global Flags:
	  --config-file-path string   Path of the configuration file (default "/root/DXC.Angular15.Template.Front/horusec-config.json")
  -l, --log-file-path string      Path of log file (default "/tmp/horusec-2023-07-17-17-57-15.log")
	  --log-level string          Set log level ("panic"|"fatal"|"error"|"warn"|"info"|"debug"|"trace") (default "info")

and with docker

root@template:~/DXC.Angular15.Template.Front# docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)
Unable to find image 'horuszup/horusec-cli:latest' locally
latest: Pulling from horuszup/horusec-cli
59bf1c3509f3: Pull complete
1ea03e1895df: Pull complete
1ff98835b055: Pull complete
a3f2dd7b7d65: Pull complete
d182b62d4a35: Pull complete
d7a57db2abd7: Pull complete
73490af52bd3: Pull complete
69ef757ff51c: Pull complete
02b1b3930d32: Pull complete
920fb3b25d7f: Pull complete
Digest: sha256:829fce13916bfd1d61103be1e927d98f1ffbdfc4e78192b1fc1c1f8a4054e347
Status: Downloaded newer image for horuszup/horusec-cli:latest
time="2023-07-17T18:24:05Z" level=warning msg="{HORUSEC_CLI} Config file not found"
time="2023-07-17T18:24:05Z" level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3
Error: docker not found. Please check and try again
Usage:
  horusec start [flags]

Examples:
horusec start

Flags:
  -t, --analysis-timeout int                 The timeout threshold for the Horusec CLI wait for the analysis to complete. The minimum time is 10 (default 600)
  -a, --authorization string                 Authorization token to use on Horusec server. Read more: https://docs.horusec.io/docs/tutorials/how-to-create-an-authorization-token (default "00000000-0000-0000-0000-000000000000")
  -C, --certificate-path string              Path to certificate of authority. Example -C="example/ca.crt"
  -P, --container-bind-project-path string   Project path in host to be used on Docker when running Horusec inside a container
  -c, --custom-rules-path string             Path with custom rules that should be used by Horusec engine
  -D, --disable-docker                       Run Horusec without docker. If enabled it will only run the following tools: horusec-csharp, horusec-kotlin, horusec-java, horusec-kubernetes, horusec-leaks, horusec-javascript, horusec-dart, horusec-nginx
  -G, --enable-commit-author                 Enable to search commit author of vulnerabilities
	  --enable-git-history                   Run Gitleaks and search for vulnerabilities in all git history of the project https://github.com/zricethezav/gitleaks
  -w, --enable-owasp-dependency-check        Run Owasp Dependency Check tool https://github.com/jeremylong/DependencyCheck
  -j, --enable-shellcheck                    Run ShellCheck tool https://github.com/koalaman/shellcheck
  -F, --false-positive strings               Ignore a vulnerability by hash and set it to be false positive. Example -F="hash1, hash2"
	  --headers stringToString               Custom headers to send on request to Horusec API. Example --headers='{"X-Auth-Service": "value"}' (default [])
  -h, --help                                 help for start
  -u, --horusec-url string                   The Horusec server address to send analysis results (default "http://0.0.0.0:8000")
  -i, --ignore strings                       Paths to ignore in the analysis. Example: -i="/path/to/ignore, **/*_test.go, **/assets/**" (default [*tmp*,**/.vscode/**])
  -s, --ignore-severity strings              The level of vulnerabilities to ignore in the output ("LOW"|"MEDIUM"|"HIGH"). Example: -s="LOW, HIGH" (default [INFO])
  -I, --information-severity                 Enable information severity vulnerabilities. Information vulnerabilities can contain a lot of false positives
  -S, --insecure-skip-verify                 Disable the certification validation. PLEASE, try not to use it
  -O, --json-output-file string              Output file to write analysis result. This flag should be used with --output-format
  -o, --output-format string                 Output format of analysis ("text"|"json"|"sarif"|"sonarqube"). For json, sarif, and sonarqube --json-output-file is required
  -p, --project-path string                  Path to run an analysis. If this value is not passed, Horusec will ask if you want to run the analysis in the current directory (default "/")
  -n, --repository-name string               Send repository name to Horusec server, by default sends the actual directory name (default "/")
  -r, --request-timeout int                  The timeout threshold for the request to the Horusec server. The minimum time is 10 (default 300)
  -e, --return-error                         Return exit code 1 if found vulnerabilities. Default value is false (exit code 0)
  -R, --risk-accept strings                  Ignore a vulnerability by hash and set it to be risk accept. Example -R="hash1, hash2"
	  --show-vulnerabilities-types strings   Show vulnerabilities by types ("Vulnerability"|"Risk Accepted"|"False Positive"|"Corrected"). Example --show-vulnerabilities-types="Vulnerability, Risk Accepted" (default [Vulnerability])

Global Flags:
	  --config-file-path string   Path of the configuration file (default "/horusec-config.json")
  -l, --log-file-path string      Path of log file (default "/tmp/horusec-2023-07-17-18-24-05.log")
	  --log-level string          Set log level ("panic"|"fatal"|"error"|"warn"|"info"|"debug"|"trace") (default "info")

how solve this im using ubuntu 22

docker compose version

Docker Compose version v2.19.1

docker --version

Docker version 24.0.4, build 3713ee1

@matheussilvaprimo
Copy link

Did you get passed by this error? We are facing the same issue with v2.7.1 and v2.8.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants