Replies: 4 comments 3 replies
-
Looks like some kind of proxy error. It works fine on mac for a bunch of us, so not a known issue. |
Beta Was this translation helpful? Give feedback.
-
Yes it looks like. How to I set the proxy in the code. Or is there a way to pass it to the depscan ? Would like to do something like this |
Beta Was this translation helpful? Give feedback.
-
I think you can pass it using |
Beta Was this translation helpful? Give feedback.
-
@prabhu i get the error during the download of vuln database from ghcr . Is there a way to download offline and prove the path the dep-scan ? |
Beta Was this translation helpful? Give feedback.
-
Expected Behavior
Running depscan using docker for a saved docker image should produce reports.
Actual Behavior
docker run --rm -e VDB_HOME=/db -v $PWD:/app -v /tmp:/db ghcr.io/owasp-dep-scan/dep-scan --src /app/a.tar --reports-dir /app/reports -o /appdep.json -t docker
██████╗ ███████╗██████╗ ███████╗ ██████╗ █████╗ ███╗ ██╗
██╔══██╗██╔════╝██╔══██╗██╔════╝██╔════╝██╔══██╗████╗ ██║
██║ ██║█████╗ ██████╔╝███████╗██║ ███████║██╔██╗ ██║
██║ ██║██╔══╝ ██╔═══╝ ╚════██║██║ ██╔══██║██║╚██╗██║
██████╔╝███████╗██║ ███████║╚██████╗██║ ██║██║ ╚████║
╚═════╝ ╚══════╝╚═╝ ╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
INFO [2024-09-03 18:45:01,690] Generating Software Bill-of-Materials for container image /app/a.tar. This might take a few mins ...
INFO [2024-09-03 18:45:05,947] To improve performance, cache the bom file and invoke depscan with --bom /appdep-docker.json instead of -i
INFO [2024-09-03 18:45:05,948] About to download the vulnerability database from ghcr.io/appthreat/vdb:v5-rafs. This might take a while ...
INFO [2024-09-03 18:47:17,624] Unable to pull the vulnerability database (rafs image) from ghcr.io/appthreat/vdb:v5-rafs. Trying to pull the non-rafs-based VDB image.
INFO [2024-09-03 18:47:17,625] About to download the vulnerability database from ghcr.io/appthreat/vdbgz:v5. This might take a while ...
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 466, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1095, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 652, in connect
sock_and_verified = _ssl_wrap_socket_and_match_hostname(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 805, in ssl_wrap_socket_and_match_hostname
ssl_sock = ssl_wrap_socket(
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/util/ssl.py", line 465, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/util/ssl.py", line 509, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/ssl.py", line 455, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/ssl.py", line 1046, in _create
self.do_handshake()
File "/usr/lib64/python3.12/ssl.py", line 1321, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 789, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 490, in _make_request
raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 667, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 843, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 519, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='ghcr.io', port=443): Max retries exceeded with url: /v2/appthreat/vdbgz/manifests/v5 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/depscan", line 8, in
sys.exit(main())
^^^^^^
File "/opt/dep-scan/depscan/cli.py", line 1018, in main
paths_list = download_image()
^^^^^^^^^^^^^^^^
File "/opt/dep-scan/depscan/lib/orasclient.py", line 128, in download_image
paths_list = oras_client.pull(
^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/oras/client.py", line 138, in pull
return self.remote.pull(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/oras/provider.py", line 840, in pull
manifest = self.get_manifest(container, allowed_media_type, refresh_headers)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/dep-scan/depscan/lib/orasclient.py", line 39, in get_manifest
response = self.do_request(get_manifest, "GET", headers=headers)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/oras/decorator.py", line 60, in call
return self.func(cls, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/oras/provider.py", line 938, in do_request
response = self.session.request(
^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 698, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='ghcr.io', port=443): Max retries exceeded with url: /v2/appthreat/vdbgz/manifests/v5 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))
Steps to Reproduce
docker run --rm -e VDB_HOME=/db -v $PWD:/app -v /tmp:/db ghcr.io/owasp-dep-scan/dep-scan --src /app/a.tar --reports-dir /app/reports -o /appdep.json -t docker
Additional Information
No response
Beta Was this translation helpful? Give feedback.
All reactions