Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Blocker
Component/s: gcr-scanner-plugin
Labels:
- exception
- gcloud
- jenkins
- pipeline
- plugin
Environment:

Hide
Jenkins Version: 2.249.1
GCR Vulnerability Scanner Plugin (gcr-scanner-plugin) Version: 1.0
GCR Vulnerability Scanner Plugin (gcr-scanner-plugin)Maven ID: io.jenkins.plugins:gcr-scanner:1.0
Google Cloud SDK 304.0.0
alpha 2020.07.31
beta 2020.07.31
bq 2.0.58
core 2020.07.31
gsutil 4.52
kubectl 1.15.11

Show
Jenkins Version: 2.249.1 GCR Vulnerability Scanner Plugin (gcr-scanner-plugin) Version: 1.0 GCR Vulnerability Scanner Plugin (gcr-scanner-plugin)Maven ID: io.jenkins.plugins:gcr-scanner:1.0 Google Cloud SDK 304.0.0 alpha 2020.07.31 beta 2020.07.31 bq 2.0.58 core 2020.07.31 gsutil 4.52 kubectl 1.15.11

Similar Issues:

Show

Seems the plugin is quite outdated and does not work with latest GCloud SDK, especially gcloud auth - manage oauth2 credentials for the Google Cloud SDK that it uses internally to talk to Container Analysis API internally.

Due to this the plugin no more works as expected. Sample Failure Log:

[Pipeline] gcrImageVulnerabilityScanner
GCR Image Scanning for gcr.io/my-project/my-image@sha256:1fdbaaa0754b3c4ab in progress...
ProjectName is my-project
ResourceUrl is https://gcr.io/my-project/my-image@sha256:1fdbaa46df0e31fdbaaa0754b3c4ab
Executing sh script inside container gcloud of pod gcr-scanner-d21nh-rsbs9
Executing command: "gcloud" "auth" "application-default" "print-access-token" "--format=json" 
exit
{
  "expired": false,
  "expiry": {
    "datetime": "2020-09-16 11:17:46.778327",
    "day": 16,
    "hour": 11,
    "microsecond": 778327,
    "minute": 17,
    "month": 9,
    "second": 46,
    "year": 2020
  },
  "requires_scopes": false,
  "scopes": [
    "https://www.googleapis.com/auth/devstorage.read_only",
    "https://www.googleapis.com/auth/logging.write",
    "https://www.googleapis.com/auth/monitoring",
    "https://www.googleapis.com/auth/service.management.readonly",
    "https://www.googleapis.com/auth/servicecontrol",
    "https://www.googleapis.com/auth/trace.append"
  ],
  "service_account_email": "xxxxxx-xxxxx@developer.gserviceaccount.com",
  "token": "ya30.c.Lph....",
  "valid": true
}
The status of gcloud statement is 0
Creating GrafeasClient now...
ERROR: null
Something went wrong while setting up GrafeasClient...

Seems the access-token-json is no more in compatible with what gcr-scanner-plugin expects and hence it is throwing the error "null" and unable to create the GrafeasClient for scanning vulnerabilities.

Hence the plugin is broken and does not work at all.

Assignee:: Sumeet Wilkhu

Reporter:: Venkatesh Ramachandran Sampath

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2020-09-16 10:58

Updated:: 2022-07-31 23:38

Details

Description

Attachments

Activity

People

Dates