Comments (5)
eliasgranderubio
commented on May 29, 2024
Hi @binoopnanu ,
Probably, your docker environment has the icc=false configuration parameter setted, so your containers cannot communicate with others within the same host through docker bridge networks.
Despite of this, you can configure your docker-compose.yml like I show you below thanks to the unresolved issue 21990 of the Moby repository --> moby/moby#21990
Please, test the next docker-compose.yml in your environment and let me know if your issue would be fixed :-)
version: '2'
services:
dagda:
build: .
image: 3grander/dagda:0.8.0
container_name: dagda
entrypoint: python dagda.py start -s 0.0.0.0 -p 5000 -m 172.17.0.1 -mp 27018
ports:
- "5000:5000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /tmp:/tmp
depends_on:
- vulndb
vulndb:
image: mongo
container_name: vulndb
ports:
- "27018:27017"
volumes:
- ./db:/data/db
from dagda.
binoopnanu
commented on May 29, 2024
Hi @eliasgranderubio ,
I've used the new docker-compose file...
the db has been updated.
bash-4.3# python3 dagda.py vuln --init_status
{
"status": "Updated",
"timestamp": "2018-09-27 02:21:14.605383"
}
bash-4.3#
But I am getting a below error when I try to scan alpine image..
bash-4.3# python3 dagda.py history
[
{
"anomalies": 0,
"image_name": "alpine",
"libs_vulns": 0,
"malware_bins": 0,
"os_vulns": 0,
"reportid": "5bb2a613d8b9180001b13fb1",
"start_date": "2018-10-01 23:00:59.492841",
"status": "Unexpected exception of type DagdaError occured: '4depcheck output file [/tmp/4depcheck/alpine.json] not found.'"
}
]
bash-4.3# python3 dagda.py history alpine --d "5bb2a613d8b9180001b13fb1"
[
{
"id": "5bb2a613d8b9180001b13fb1",
"image_name": "alpine",
"static_analysis": {
"malware_binaries": [],
"os_packages": {
"ok_os_packages": 13,
"os_packages_details": [
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "musl",
"version": "1.1.19",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "busybox",
"version": "1.28.4",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "alpine-baselayout",
"version": "3.1.0",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "alpine-keys",
"version": "2.1",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "libressl2.7-libcrypto",
"version": "2.7.4",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "libressl2.7-libssl",
"version": "2.7.4",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "libressl2.7-libtls",
"version": "2.7.4",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "ssl_client",
"version": "1.28.4",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "zlib",
"version": "1.2.11",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "apk-tools",
"version": "2.10.1",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "scanelf",
"version": "1.2.3",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "musl-utils",
"version": "1.1.19",
"vulnerabilities": []
},
{
"is_false_positive": false,
"is_vulnerable": false,
"product": "libc-utils",
"version": "0.7.1",
"vulnerabilities": []
}
],
"total_os_packages": 13,
"vuln_os_packages": 0
},
"prog_lang_dependencies": {
"dependencies_details": {
"java": [],
"js": [],
"nodejs": [],
"php": [],
"python": [],
"ruby": []
},
"vuln_dependencies": 0
}
},
"status": "Unexpected exception of type DagdaError occured: '4depcheck output file [/tmp/4depcheck/alpine.json] not found.'",
"timestamp": "2018-10-01 23:00:59.492841"
}
]
bash-4.3#
Any idea what could be the reason ?
from dagda.
eliasgranderubio
commented on May 29, 2024
Hi @binoopnanu ,
If you have this error message, probably you have blocked the root user within containers execution in your environment. This issue is pending for fixed it in 4depcheck project:
If you run the same test in another environment, does dagda work fine? Could you inspect the docker logs for the 4depcheck containers?
from dagda.
eliasgranderubio
commented on May 29, 2024
Hi @binoopnanu,
Could you give me any feedback about this issue?
from dagda.
eliasgranderubio
commented on May 29, 2024
I close this issue because I have not any feedback about it for a long time.
Please, if the error persists, reopen it.
from dagda.
Related Issues (20)
- docker-compose instructions unclear and db error HOT 1
- docker-compose.yaml unfriendly to macos version of docker?
- dagda crashing when sent check job?
- Is it possible to run dagda as a container? HOT 1
- Unexpected exception of type RecursionError occurred: ('maximum recursion depth exceeded',)
- Unable to use python3 dagda.py vuln --init HOT 4
- Scanning image with included NPM project does not show NPM vulnerabilities HOT 1
- The problem of using docker-compose to build and deploy dagda is suspected to be a bug
- How to add custom falco rules HOT 1
- Vuln --init_status has been initializing and is never finishd
- docker image scan with dagda in standalone server mode. HOT 1
- Vuln --init fails HOT 2
- check result remains Analyzing HOT 1
- Dagda issue HOT 1
- Error while starting dagda (TypeError: an integer is required - got type bytes) HOT 3
- Scan containers running in K8s? HOT 1
- Many false-positives HOT 1
- Falcosecurity/ falco output file not found. HOT 4
- Publicly Accessible CVE Database
- docker compose build doesn't work: markupsafe dependency missing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dagda.