Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest version of packaging causes crash when trying to import LegacyVersion #4025

Closed
jamiegosling opened this issue Dec 8, 2022 · 1 comment
Closed

Latest version of packaging causes crash when trying to import LegacyVersion #4025

jamiegosling opened this issue Dec 8, 2022 · 1 comment
Labels
crash

Comments

@jamiegosling
Copy link

jamiegosling commented Dec 8, 2022
edited
Loading

Describe the issue
We have a pipeline which installs checkov on an alpine:latest container using
pip3 install --upgrade pip && pip3 install --upgrade setuptools pip3 install checkov

The install is fine, but checkov fails to run with the error

ImportError: cannot import name 'LegacyVersion' from 'packaging.version' (/usr/lib/python3.10/site-packages/packaging/version.py)

Exception Trace

Traceback (most recent call last):
  File "/usr/bin/checkov", line 2, in <module>
    from checkov.main import run
  File "/usr/lib/python3.10/site-packages/checkov/main.py", line 20, in <module>
    from checkov.argo_workflows.runner import Runner as argo_workflows_runner
  File "/usr/lib/python3.10/site-packages/checkov/argo_workflows/runner.py", line 7, in <module>
    from checkov.common.images.image_referencer import ImageReferencer, Image
  File "/usr/lib/python3.10/site-packages/checkov/common/images/image_referencer.py", line 12, in <module>
    from checkov.common.bridgecrew.vulnerability_scanning.image_scanner import image_scanner
  File "/usr/lib/python3.10/site-packages/checkov/common/bridgecrew/vulnerability_scanning/image_scanner.py", line 15, in <module>
    from checkov.common.bridgecrew.vulnerability_scanning.integrations.docker_image_scanning import \
  File "/usr/lib/python3.10/site-packages/checkov/common/bridgecrew/vulnerability_scanning/integrations/docker_image_scanning.py", line 8, in <module>
    from checkov.common.bridgecrew.vulnerability_scanning.integrations.twistcli import TwistcliIntegration
  File "/usr/lib/python3.10/site-packages/checkov/common/bridgecrew/vulnerability_scanning/integrations/twistcli.py", line 11, in <module>
    from checkov.common.bridgecrew.platform_integration import bc_integration
  File "/usr/lib/python3.10/site-packages/checkov/common/bridgecrew/platform_integration.py", line 31, in <module>
    from checkov.common.bridgecrew.wrapper import reduce_scan_reports, persist_checks_results, \
  File "/usr/lib/python3.10/site-packages/checkov/common/bridgecrew/wrapper.py", line 13, in <module>
    from checkov.common.util.json_utils import CustomJSONEncoder
  File "/usr/lib/python3.10/site-packages/checkov/common/util/json_utils.py", line 6, in <module>
    from packaging.version import LegacyVersion, Version
ImportError: cannot import name 'LegacyVersion' from 'packaging.version' (/usr/lib/python3.10/site-packages/packaging/version.py)

Desktop (please complete the following information):

  • OS: alpine 3.17.0
  • Checkov Version 2.2.130

Additional context
It looks like the deprecation of a class in packaging might be the root cause:
pypa/packaging#407
@jamiegosling
Copy link
Author

Actually I can see a PR has already been merged for this
#4012

@chenrui333 chenrui333 mentioned this issue Dec 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crash
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jamiegosling