Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dockerfile for Grype #249

Closed
Overcolor opened this issue Mar 17, 2021 · 3 comments
Closed

Dockerfile for Grype #249

Overcolor opened this issue Mar 17, 2021 · 3 comments
Labels
bug Something isn't working

Comments

@Overcolor
Copy link

Overcolor commented Mar 17, 2021

What happened:
I tried to run grype in a Dockerimage, but it resulted with this segmentation violation:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x52bee6]

goroutine 86 [running]:
encoding/json.(*Decoder).refill(0xc013b77600, 0xc013b77600, 0x600000027)
	/Users/runner/hostedtoolcache/go/1.14.14/x64/src/encoding/json/stream.go:165 +0xb6
encoding/json.(*Decoder).readValue(0xc013b77600, 0x0, 0x0, 0x11b36a0)
	/Users/runner/hostedtoolcache/go/1.14.14/x64/src/encoding/json/stream.go:140 +0x1e8
encoding/json.(*Decoder).Decode(0xc013b77600, 0xfca620, 0xc0004b9e30, 0xffffed00ffffec, 0x7fffe0003fffd7)
	/Users/runner/hostedtoolcache/go/1.14.14/x64/src/encoding/json/stream.go:63 +0x79
github.com/anchore/grype/grype/pkg.parseSyftJSON(0x0, 0x0, 0x14dda20, 0xc0000960e0, 0x0, 0x14dfc20, 0xc013e9a210, 0xc013e2d1e0, 0xc0006225c8)
	/Users/runner/work/grype/grype/grype/pkg/syft_json_provider.go:177 +0xab
github.com/anchore/grype/grype/pkg.syftJSONProvider(0x7ffc2bb28f5c, 0xe, 0xc013eb2690, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/Users/runner/work/grype/grype/grype/pkg/syft_json_provider.go:49 +0x44
github.com/anchore/grype/grype/pkg.Provide(0x7ffc2bb28f5c, 0xe, 0x120e781, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/Users/runner/work/grype/grype/grype/pkg/provider.go:49 +0x18f
github.com/anchore/grype/cmd.startWorker.func1.2(0xc013e6de50, 0x7ffc2bb28f5c, 0xe, 0xc013e778e0, 0xc013eb2670, 0xc013eb2680, 0xc00061c480)
	/Users/runner/work/grype/grype/cmd/root.go:197 +0xe0
created by github.com/anchore/grype/cmd.startWorker.func1
	/Users/runner/work/grype/grype/cmd/root.go:194 +0x1fd

What you expected to happen:
I expected the grype-vulnerability-report.
How to reproduce it (as minimally and precisely as possible):
Dockerfile:

FROM ubuntu:21.04

RUN apt-get update && \
    apt-get install --no-install-recommends -y "curl=7.74.0-1ubuntu1" "ca-certificates=20210119build1" && \
    curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin &&\
    apt-get remove -y curl && \
    rm -rf /var/lib/apt/lists/*
ENTRYPOINT ["grype"]

Other Commands:
docker build -t grype:v1 .
docker save grype:v1 -o image.tar
docker run -it --rm -v $(pwd):/src/ grype:v1 /src/image.tar
Anything else we need to know?:
Maybe i did miss something and grype needs docker components, even for scanning a tar file? It would be helpful if you add requirements for grype in the README :).
Environment:

  • Output of grype version:
    Application: grype
    Version: 0.7.0
    BuildDate: 2021-01-28T14:03:23Z
    GitCommit: 8344b8f
    GitTreeState: clean
    Platform: linux/amd64
    GoVersion: go1.14.14
    Compiler: gc
    Supported DB Schema: 1
  • OS (e.g: cat /etc/os-release or similar):
@Overcolor Overcolor added the bug Something isn't working label Mar 17, 2021
@luhring
Copy link
Contributor

luhring commented Mar 17, 2021

HI @Overcolor, I'm not able to reproduce this yet...

You're correct, Grype doesn't need access to the Docker daemon if it's scanning an image that's available as a TAR file on the local filesystem.

Can you provide the exact command you ran that produced the output you pasted above? (panic: runtime error: invalid memory address or nil pointer dereference ...) Clearly, there's something that Grype didn't like in that scenario. 😃

From the stack trace, this seems related to #235, which was triggered by telling Grype to read in an SBOM instead of scanning an actual container image.

@Overcolor
Copy link
Author

I could not reproduce it with version 0.8.0. The commands i used are placed under "Other commands:" . The only possible difference is an user, which was in the analyzed image. Everything is working now like expected ^^ i am not really sure what went wrong, if i find it i will add this here.
Thanks for the fast response :)

@luhring
Copy link
Contributor

luhring commented Mar 17, 2021

Sure thing! Thanks for letting us know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants