Giters

ZupIT / horusec

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Home Page:https://horusec.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

BitBucket Integration

brunobotelhobr opened this issue · comments

commented

I'm trying to integrate Horusec on BitBucket.
But I need help when creating container tools of analysis.

Bitbucket gave me this error:

Error when creating a container of analysis: " error=" Error response from daemon: authorization denied by plugin pipelines: --mounts is not allowed"

It seems like Bitbucket does not support --mount. It just supports --volume.
If I manually trigger a container with --volume, it works (docker run -v=$BITBUCKET_CLONE_DIR:/test ubuntu).

This is the code that I'm using on the integration,

image: ubuntu
clone:
  depth: full
pipelines:
  branches:
    master:
      - step:
          name: SAST
          image: docker:19.03.0-dind
          script:
            - docker ps
            # Test --volume with ubuntu, works
            - docker run -v=$BITBUCKET_CLONE_DIR:/test ubuntu
            - set -eux
            - apk add --no-cache curl sudo bash git jq
            - curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest
            - horusec --log-level="trace" start -P $BITBUCKET_CLONE_DIR -p $BITBUCKET_CLONE_DIR
          services:
            - docker

What would you like to be added:
A Custom command flag to customize how horusec provides the code for external tools like phpcs ( use --mount or --volume).

Why is this needed:
Bitbucket is a well used tool, without this I cant figureout a way to use horusec on it.

Execution Log:

+ horusec start -P $BITBUCKET_CLONE_DIR -p $BITBUCKET_CLONE_DIR
time="2023-01-26T19:15:24Z" level=warning msg="{HORUSEC_CLI} When starting the analysis WE SKIP A TOTAL OF 75 FILES that are not considered to be analyzed. To see more details use flag --log-level=debug"
time="2023-01-26T19:15:24Z" level=warning msg="Horusec will return a timeout after 600 seconds. This time can be customized in the cli settings."
time="2023-01-26T19:15:24Z" level=warning msg="{HORUSEC_CLI} PLEASE DON'T REMOVE \".horusec\" FOLDER BEFORE THE ANALYSIS FINISH! Don’t worry, we’ll remove it after the analysis ends automatically! Project sent to folder in location: [/opt/atlassian/pipelines/agent/build/.horusec/f5b4fb4c-b666-44db-9ce5-74fb18d3da16]"
⣾ Scanning code ...
....
⣻ Scanning code ...time="2023-01-26T19:15:31Z" level=error msg="{HORUSEC_CLI} Error when create container of analysis: " error="Error response from daemon: authorization denied by plugin pipelines: --mounts is not allowed"
⢿ Scanning code ...
⡿ Scanning code ...time="2023-01-26T19:15:32Z" level=error msg="{HORUSEC_CLI} Error when create container of analysis: " error="Error response from daemon: authorization denied by plugin pipelines: --mounts is not allowed"

Evidences

With --volume, it works:
Screenshot 2023-01-26 at 16 18 08

It seen like horusec is using --mount, Bit bucket do not support this.

Screenshot 2023-01-26 at 16 18 31

Screenshot 2023-01-26 at 16 18 47

commented

I'm having the same problem...
Is there a chance of fix this in a future version?

commented

I'm having the same problem !!
Is there a chance to fix this at some point?