ZupIT / horusec

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Home Page:https://horusec.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Horusec management don't show metrics from jenkins analysis in docker

risonaldomoura opened this issue · comments

What happened:
I'm running jenkins in docker and a pipeline step is analysis with horusec. This step is running in local machine using ssh, the logs from vulnerability in jenkins show how as expected, but in horusec web management installed in the same local machine don't show metrics expected.

What you expected to happen:
Horusec web management show metrics from analysis in jenkins.

How to reproduce it (as minimally and precisely as possible):

  1. Install horusec web management in the local machine using docker.

  2. Run jenkins pipeline and configure stage Horusec in Jenkinsfile the way pointing step for run in local machine that has horusec web management installed:

stage('Horusec') {
            steps {
                script {
                    withCredentials([usernamePassword(credentialsId: 'macos', passwordVariable: 'pass', usernameVariable: 'user')]) {
                        remote.name = "$user"
                        remote.host = "192.168.0.196"
                        remote.user = "$user"
                        remote.password = "$pass"
                        remote.allowAnyHosts = true
                        remote.pty = true
                    }
                    sshCommand remote: remote, command: "curl -fsSL 'https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh' | bash -s latest" , sudo: true
                    sh 'horusec start -p="./" -e="true"'
                }
            }
        }

note: I'm using withCredentials method because have a sudo command in the script install.sh from horusec.

Anything else we need to know?:
When running analysis horusec in terminal from local machine, the metrics show in horusec web management.
The environment is a docker container and kubernetes. Jenkins is a image docker using a agent for run pipeline with horusec analysis.

Environment:

horusec version
Version: v2.8.0
Git commit: df32c1c
Built: Wed Jun 08 13:57:08 2022
Distribution: normal

docker version
Version: 4.0.1 (68347)

kubernetes version
Version: v1.21.4

Agent Operational System
Version: macOS Monterey 12.4