Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to run secret_scanner in Gitlab pipeline> podman ps:exit status 125 #113

Open
zumkemi opened this issue Nov 30, 2023 · 2 comments
Open

Unable to run secret_scanner in Gitlab pipeline> podman ps:exit status 125 #113

zumkemi opened this issue Nov 30, 2023 · 2 comments
Assignees
@ibreakthecloud

Comments

@zumkemi
Copy link

zumkemi commented Nov 30, 2023

tried to run a scan-Job:

image: docker:latest
services:
  - docker:dind 

variables:
  DOCKER_HOST: tcp://docker:2375 
  DOCKER_DRIVER: overlay2 
  DOCKER_TLS_CERTDIR: ""
  IMAGE_NAME: myownimage 
  IMAGE_TAG: v1

secret-detection-image:
  stage: image-scan
  image:
    name: deepfenceio/deepfence_secret_scanner:2.1.0   
    entrypoint: [""]
  script:
    - echo ${REGISTRY_TOKEN} | docker login --username ${REGISTRY_USER} --password-stdin $CI_REGISTRY  
    - /home/deepfence/usr/SecretScanner -config-path /home/deepfence/usr --image-name ${DOCKER_ENV_CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${IMAGE_TAG}

results in:

$ /home/deepfence/usr/SecretScanner -config-path /home/deepfence/usr --image-name ${DOCKER_ENV_CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${IMAGE_TAG}
INFO[2023-11-30T13:58:15Z] main.go:131 Scanning image registry.gitlab.com/...omited.../...omited.../myownimage:v1 for secrets... 
ERRO[2023-11-30T13:58:16Z] utils.go:46 cmd: /usr/bin/podman --remote --url unix:///run/podman/podman.sock ps 
ERRO[2023-11-30T13:58:16Z] utils.go:47 exit status 125                              
WARN[2023-11-30T13:58:16Z] autodetect.go:256 podman ps:exit status 125: Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: Get "http://d/v4.5.1/libpod/_ping": dial unix /run/podman/podman.sock: connect: no such file or directory 
ERRO[2023-11-30T13:58:23Z] process_image.go:65 scanImage: Could not save container image: could not detect container runtime. Check if the image name is correct. 
FATA[2023-11-30T13:58:23Z] main.go:134 main: error while scanning image: %scould not detect container runtime 
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1
@zumkemi
Copy link
Author

zumkemi commented Dec 4, 2023

seems to be similar aquasecurity/trivy#2432

@ibreakthecloud
Copy link
Member

Hi @zumkemi . The recommended way to run secret scanner in GitLab CI is here: https://github.com/deepfence/ThreatMapper/blob/main/ci-cd-integrations/gitlab/.gitlab-ci.yml#L50-L66

we run secretscanner inside docker:latest that ensures all the required sock paths (DIND: docker in docker). You can refer to this GitLab CI Pipeline demo that scans an nginx image, https://gitlab.com/harshvkarn/demo-app/-/jobs/6158031549

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ibreakthecloud ibreakthecloud

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@varunsharma0286 @ibreakthecloud @zumkemi