Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63700

GCR Vulnerability Scanner Plugin does not work

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Blocker
    • Resolution: Unresolved
    • Component/s: gcr-scanner-plugin
    • Environment:
    • Similar Issues:

      Description

      Seems the plugin is quite outdated and does not work with latest GCloud SDK, especially gcloud auth - manage oauth2 credentials for the Google Cloud SDK that it uses internally to talk to Container Analysis API internally.

      Due to this the plugin no more works as expected. Sample Failure Log:

      [Pipeline] gcrImageVulnerabilityScanner
      GCR Image Scanning for gcr.io/my-project/my-image@sha256:1fdbaaa0754b3c4ab in progress...
      ProjectName is my-project
      ResourceUrl is https://gcr.io/my-project/my-image@sha256:1fdbaa46df0e31fdbaaa0754b3c4ab
      Executing sh script inside container gcloud of pod gcr-scanner-d21nh-rsbs9
      Executing command: "gcloud" "auth" "application-default" "print-access-token" "--format=json" 
      exit
      {
        "expired": false,
        "expiry": {
          "datetime": "2020-09-16 11:17:46.778327",
          "day": 16,
          "hour": 11,
          "microsecond": 778327,
          "minute": 17,
          "month": 9,
          "second": 46,
          "year": 2020
        },
        "requires_scopes": false,
        "scopes": [
          "https://www.googleapis.com/auth/devstorage.read_only",
          "https://www.googleapis.com/auth/logging.write",
          "https://www.googleapis.com/auth/monitoring",
          "https://www.googleapis.com/auth/service.management.readonly",
          "https://www.googleapis.com/auth/servicecontrol",
          "https://www.googleapis.com/auth/trace.append"
        ],
        "service_account_email": "xxxxxx-xxxxx@developer.gserviceaccount.com",
        "token": "ya30.c.Lph....",
        "valid": true
      }
      The status of gcloud statement is 0
      Creating GrafeasClient now...
      ERROR: null
      Something went wrong while setting up GrafeasClient...
      

      Seems the access-token-json is no more in compatible with what gcr-scanner-plugin expects and hence it is throwing the error "null" and unable to create the GrafeasClient for scanning vulnerabilities.

      Hence the plugin is broken and does not work at all.

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              wilkhu90 Sumeet Wilkhu
              Reporter:
              venkateshsampath Venkatesh Ramachandran Sampath
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: