Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sufficient support to CLI dockerimage for running the ScaResolver #614

Closed
juegge opened this issue Nov 9, 2023 · 4 comments
Closed

Add sufficient support to CLI dockerimage for running the ScaResolver #614

juegge opened this issue Nov 9, 2023 · 4 comments
Labels
enhancement New feature or request

Comments

@juegge
Copy link

juegge commented Nov 9, 2023

Currently, when trying to run the CLI dockerimage with the ScaResolver the run will fail, because the alpine image that is used for the ast-cli dockerimage is missing libraries that are required to run the ScaResolver.
The missing libraries are as follows (output from ldd)
ldd ScaResolver�[0;m
/lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libdl.so.2 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
Error loading shared library libgcc_s.so.1: No such file or directory (needed by ScaResolver)
libz.so.1 => /lib/libz.so.1 (0x7f8cdb232000)
libm.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
librt.so.1 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)

Since the dockerimage is built to run as non root user these libraries cannot be added e. g. using apk..
E. g. if you try run this example, https://github.com/Checkmarx/ci-cd-integrations/blob/main/CxScaResolver/bitbucket-pipelines.yml
it will fail with an error like this:
Using SCA resolver: ./ScaResolver [offline -s ./ -n project-name -r /tmp/sca229206833.json --ignore-dev-dependencies true --log-level Debug]
2023/11/08 14:30:17
ScaResolver error: fork/exec ./ScaResolver: no such file or directory
If you look carefully you will notice that the github and azure examples use "ubuntu-latest" as the base image, which has the required libraries.
@juegge juegge added the enhancement New feature or request label Nov 9, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 9, 2023

Internal Jira issue: AST-32207

@juegge
Copy link
Author

juegge commented Nov 10, 2023
edited
Loading

The root cause is that the ScaResolver seems to be a glibc based software. However, alpine linux is not glibc based and therefore cannot run the ScaResolver, at least not in an easy & reliable way.
However, ast-cli can run on glibc based linux like e. g. debian;buster-slim, which also runs the ScaResolver just fine.
An example of a working pipeline can be found here: https://gitlab.com/jurgen-cx/utilities/-/blob/main/CxONE_GitlabCI_Scaresolver.yml

@juegge
Copy link
Author

juegge commented Nov 13, 2023

ok, the solution is to use the alpine based SCAresolver: https://sca-downloads.s3.amazonaws.com/cli/latest/ScaResolver-musl64.tar.gz

@juegge juegge closed this as completed Nov 13, 2023
@kaplanlior
Copy link

Add reference Checkmarx/ci-cd-integrations#38

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kaplanlior @juegge