Comments (6)
eliasgranderubio
commented on May 30, 2024
Hi @ilcapone ,
What were the images that you tried to analyze? If you get this error it looks like you are trying to analyze images without OS, I mean, images from scratch, could you confirm me this?
from dagda.
ilcapone
commented on May 30, 2024
Yes, I think that the image is build without OS. I can't identify if it is from scratch. I attach some evidence where I have tried to identify the OS. additionally, do you need a test to obtain more information?
thanks in advance!
/ # uname -a
Linux f16bb506ef1e 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 GNU/Linux
/ # cat /etc/issue
cat: can't open '/etc/issue': No such file or directory
/ # cat /etc/os-release
cat: can't open '/etc/os-release': No such file or directory
/ # cat /etc/redhat-release
cat: can't open '/etc/redhat-release': No such file or directory
/ # lsb_release -a
/bin/sh: lsb_release: not found
/ # cat /etc/debian_version
cat: can't open '/etc/debian_version': No such file or directory
/ # ls /etc/
group hosts mtab nsswitch.conf services ssl
hostname localtime network passwd resolv.conf shadow
from dagda.
eliasgranderubio
commented on May 30, 2024
Could you review the history of the image typing docker history --no-trunc <image_name>? The output will show us the real base image history and more information that it could help us.
On the other hand, Dagda has three analysis steps: OS packages, dependencies, and malware. If the image has not a complete OS, the packages review will not be possible, so I understand that the better way of do the analysis will be excluding that step and analyzing both dependencies and malware. Do you think so?
from dagda.
ilcapone
commented on May 30, 2024
With that, it would be perfect. And in what state would the report be, in the packetes section it will come out with some error status or will that part be empty?
Additionally I leave the result of the command ocker history --no-trunc <image_name> :
IMAGE CREATED CREATED BY SIZE COMMENT
sha256:22a0d86c681c96c9f07bd0be62853caade3d23866028b47c4a1509d8b42b359b 7 months ago /bin/sh -c #(nop) ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/google-cloud-sdk/bin 0B
<missing> 7 months ago /bin/sh -c (echo "deb https://packages.cloud.google.com/apt cloud-sdk-$(lsb_release -c -s) main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list) && (curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -) && apt-get update && apt-get -y upgrade && apt-get -y install curl google-cloud-sdk google-cloud-sdk-app-engine-python google-cloud-sdk-app-engine-python-extras kubectl python-crypto python-dev vim wget && rm -rf /var/lib/apt/lists/* && wget -q 'https://bootstrap.pypa.io/get-pip.py' -O get-pip.py && python get-pip.py && rm get-pip.py && pip install kubernetes oauth2client google-api-python-client Jinja2 google-api-helper protobuf 1GB
<missing> 7 months ago /bin/sh -c #(nop) WORKDIR /root 0B
<missing> 7 months ago /bin/sh -c #(nop) ENV HOME=/root 0B
<missing> 7 months ago /bin/sh -c #(nop) MAINTAINER [email protected] 0B
<missing> 10 months ago /bin/sh -c #(nop) CMD ["/bin/bash"] 0B
<missing> 10 months ago |1 DOCKER_VERSION= /bin/sh -c apt-get update && apt-get -y upgrade && apt-get -y install apt-transport-https ca-certificates curl gettext gnupg2 software-properties-common && (curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -) && (add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable") && apt-get update && apt-get -y install docker-ce=$(apt-cache show docker-ce | grep 'Version:' | awk '{print $NF}' | grep "$DOCKER_VERSION" | head -n 1) && rm -rf /var/lib/apt/lists/* 664MB
<missing> 10 months ago /bin/sh -c #(nop) ARG DOCKER_VERSION= 0B
<missing> 10 months ago /bin/sh -c #(nop) MAINTAINER [email protected] 0B
<missing> 12 months ago /bin/sh -c #(nop) CMD ["bash"] 0B
<missing> 12 months ago /bin/sh -c #(nop) ADD file:b380df301ccb5ca09f0d7cd5697ed402fa55f3e9bc5df2f4d489ba31f28de58a in / 100MB
from dagda.
eliasgranderubio
commented on May 30, 2024
Reading the docker history, I identify an apt-get command so in this case, the issue I think is another different.
Anyways, my commit would fix the issue including both your issue and the issues due to images from scratch, so, please, update the project and verify it.
from dagda.
eliasgranderubio
commented on May 30, 2024
I have reviewed all cases and the commit looks like fix the issue in all of them so, I close the issue.
Please, if the error persists, feel free to reopen it.
Regards.
from dagda.
Related Issues (20)
- docker-compose instructions unclear and db error HOT 1
- docker-compose.yaml unfriendly to macos version of docker?
- dagda crashing when sent check job?
- When initialize database , I'm getting "TypeError: documents must be a non-empty list" error
- when i run python3 dagda.py vuln --product python --product_version=3.8-slim error 500 HOT 1
- When I inspect the container image, everything is fine. HOT 2
- Scanning image with included NPM project does not show NPM vulnerabilities HOT 1
- The problem of using docker-compose to build and deploy dagda is suspected to be a bug
- How to add custom falco rules HOT 1
- Vuln --init_status has been initializing and is never finishd
- docker image scan with dagda in standalone server mode. HOT 1
- Vuln --init fails HOT 2
- check result remains Analyzing HOT 1
- Dagda issue HOT 1
- Error while starting dagda (TypeError: an integer is required - got type bytes) HOT 3
- Scan containers running in K8s? HOT 1
- Many false-positives HOT 1
- Falcosecurity/ falco output file not found. HOT 4
- Publicly Accessible CVE Database
- docker compose build doesn't work: markupsafe dependency missing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dagda.