Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Running the Horusec tool using Docker (Using version: 27.2.1, ) #1178

Open
Shashi2504 opened this issue Sep 10, 2024 · 2 comments
Open

Running the Horusec tool using Docker (Using version: 27.2.1, ) #1178

Shashi2504 opened this issue Sep 10, 2024 · 2 comments

Comments

@Shashi2504
Copy link

What happened:
--> I did all the pre-installations before running the Horusec tool like installing Docker, then installing horusec, and started running horusec tool using Docker in the application folder.
--> But I was getting the following error "level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3". Even though my current version is above the required version which was mentioned in the error message.
--> This was my current Docker version while using the tool "Docker version 27.2.1, build 9e34c9b"
What you expected to happen: To start the Horusec tool and show the vulnerabilities in the application folder.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?: N/A

Environment:

  • Horusec version (use horusec version): v.2.8.0
  • Operating System: Linux
  • Network plugin / Tool and version (if this is a network-related / tool bug): tool bug
  • Others: N/A
@Shashi2504 Shashi2504 changed the title Running the Horusec tool using Docker (Using above version than required version) Running the Horusec tool using Docker (Using version: 27.2.1, ) Sep 10, 2024
@0xtiago
Copy link

0xtiago commented Sep 15, 2024

Hi, I dont know if it helps you, but currently I am using a beta version in order as a workaround:

image="horuszup/horusec-cli:v2.9.0-beta.3"; \
docker pull $image ;\
docker run --rm \
	-v /var/run/docker.sock:/var/run/docker.sock \
	-v $(pwd):/src/horusec $image horusec start \
	-p /src/horusec -P $(pwd)

@Victor725
Copy link

I encountered the same problem, and I tried to use the beta version. But I still got the same error

time="2024-09-23T09:06:23Z" level=warning msg="{HORUSEC_CLI} Config file not found"
Error: docker not found. Please check and try again
time="2024-09-23T09:06:24Z" level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3
Usage:
  horusec start [flags]

Examples:
horusec start

Flags:
  -t, --analysis-timeout int                 The timeout threshold for the Horusec CLI wait for the analysis to complete. The minimum time is 10 (default 600)
  -a, --authorization string                 Authorization token to use on Horusec server. Read more: https://docs.horusec.io/docs/tutorials/how-to-create-an-authorization-token (default "00000000-0000-0000-0000-000000000000")
  -C, --certificate-path string              Path to certificate of authority. Example -C="example/ca.crt"
  -P, --container-bind-project-path string   Project path in host to be used on Docker when running Horusec inside a container
  -c, --custom-rules-path string             Path with custom rules that should be used by Horusec engine
  -D, --disable-docker                       Run Horusec without docker. If enabled it will only run the following tools: horusec-csharp, horusec-kotlin, horusec-java, horusec-kubernetes, horusec-leaks, horusec-javascript, horusec-dart, horusec-nginx
  -G, --enable-commit-author                 Enable to search commit author of vulnerabilities
      --enable-git-history                   Run Gitleaks and search for vulnerabilities in all git history of the project https://github.com/zricethezav/gitleaks
  -w, --enable-owasp-dependency-check        Run Owasp Dependency Check tool https://github.com/jeremylong/DependencyCheck
  -j, --enable-shellcheck                    Run ShellCheck tool https://github.com/koalaman/shellcheck
  -F, --false-positive strings               Ignore a vulnerability by hash and set it to be false positive. Example -F="hash1, hash2"
      --headers stringToString               Custom headers to send on request to Horusec API. Example --headers='{"X-Auth-Service": "value"}' (default [])
  -h, --help                                 help for start
  -u, --horusec-url string                   The Horusec server address to send analysis results (default "http://0.0.0.0:8000")
  -i, --ignore strings                       Paths to ignore in the analysis. Example: -i="/path/to/ignore, **/*_test.go, **/assets/**" (default [*tmp*,**/.vscode/**])
  -s, --ignore-severity strings              The level of vulnerabilities to ignore in the output ("LOW"|"MEDIUM"|"HIGH"). Example: -s="LOW, HIGH" (default [INFO])
  -I, --information-severity                 Enable information severity vulnerabilities. Information vulnerabilities can contain a lot of false positives
  -S, --insecure-skip-verify                 Disable the certification validation. PLEASE, try not to use it
  -O, --json-output-file string              Output file to write analysis result. This flag should be used with --output-format
  -o, --output-format string                 Output format of analysis ("text"|"json"|"sarif"|"sonarqube"). For json, sarif, and sonarqube --json-output-file is required
  -p, --project-path string                  Path to run an analysis. If this value is not passed, Horusec will ask if you want to run the analysis in the current directory (default "/")
  -n, --repository-name string               Send repository name to Horusec server, by default sends the actual directory name (default "/")
  -r, --request-timeout int                  The timeout threshold for the request to the Horusec server. The minimum time is 10 (default 300)
  -e, --return-error                         Return exit code 1 if found vulnerabilities. Default value is false (exit code 0)
  -R, --risk-accept strings                  Ignore a vulnerability by hash and set it to be risk accept. Example -R="hash1, hash2"
      --show-vulnerabilities-types strings   Show vulnerabilities by types ("Vulnerability"|"Risk Accepted"|"False Positive"|"Corrected"). Example --show-vulnerabilities-types="Vulnerability, Risk Accepted" (default [Vulnerability])

Global Flags:
      --config-file-path string   Path of the configuration file (default "/horusec-config.json")
  -l, --log-file-path string      Path of log file (default "/tmp/horusec-2024-09-23-09-06-23.log")
      --log-level string          Set log level ("panic"|"fatal"|"error"|"warn"|"info"|"debug"|"trace") (default "info")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants