error without docker and with docker today
johnfelipe opened this issue · comments
felipe commented
root@template:~/horusec# horusec version
Version: v2.8.0
Git commit: df32c1ce03d2de748cecb76cff383f2851e198c3
Built: Wed Jun 08 13:57:08 2022
Distribution: normal
root@template:~/horusec# cd
root@template:~# cd DXC.Angular15.Template.Front/
root@template:~/DXC.Angular15.Template.Front# horusec start -p .
WARN[0000] {HORUSEC_CLI} Config file not found
ERRO[0000] {HORUSEC_CLI} Your docker version is below of: error=19.3
Error: docker not found. Please check and try again
Usage:
horusec start [flags]
Examples:
horusec start
Flags:
-t, --analysis-timeout int The timeout threshold for the Horusec CLI wait for the analysis to complete. The minimum time is 10 (default 600)
-a, --authorization string Authorization token to use on Horusec server. Read more: https://docs.horusec.io/docs/tutorials/how-to-create-an-authorization-token (default "00000000-0000-0000-0000-000000000000")
-C, --certificate-path string Path to certificate of authority. Example -C="example/ca.crt"
-P, --container-bind-project-path string Project path in host to be used on Docker when running Horusec inside a container
-c, --custom-rules-path string Path with custom rules that should be used by Horusec engine
-D, --disable-docker Run Horusec without docker. If enabled it will only run the following tools: horusec-csharp, horusec-kotlin, horusec-java, horusec-kubernetes, horusec-leaks, horusec-javascript, horusec-dart, horusec-nginx
-G, --enable-commit-author Enable to search commit author of vulnerabilities
--enable-git-history Run Gitleaks and search for vulnerabilities in all git history of the project https://github.com/zricethezav/gitleaks
-w, --enable-owasp-dependency-check Run Owasp Dependency Check tool https://github.com/jeremylong/DependencyCheck
-j, --enable-shellcheck Run ShellCheck tool https://github.com/koalaman/shellcheck
-F, --false-positive strings Ignore a vulnerability by hash and set it to be false positive. Example -F="hash1, hash2"
--headers stringToString Custom headers to send on request to Horusec API. Example --headers='{"X-Auth-Service": "value"}' (default [])
-h, --help help for start
-u, --horusec-url string The Horusec server address to send analysis results (default "http://0.0.0.0:8000")
-i, --ignore strings Paths to ignore in the analysis. Example: -i="/path/to/ignore, **/*_test.go, **/assets/**" (default [*tmp*,**/.vscode/**])
-s, --ignore-severity strings The level of vulnerabilities to ignore in the output ("LOW"|"MEDIUM"|"HIGH"). Example: -s="LOW, HIGH" (default [INFO])
-I, --information-severity Enable information severity vulnerabilities. Information vulnerabilities can contain a lot of false positives
-S, --insecure-skip-verify Disable the certification validation. PLEASE, try not to use it
-O, --json-output-file string Output file to write analysis result. This flag should be used with --output-format
-o, --output-format string Output format of analysis ("text"|"json"|"sarif"|"sonarqube"). For json, sarif, and sonarqube --json-output-file is required
-p, --project-path string Path to run an analysis. If this value is not passed, Horusec will ask if you want to run the analysis in the current directory (default "/root/DXC.Angular15.Template.Front")
-n, --repository-name string Send repository name to Horusec server, by default sends the actual directory name (default "DXC.Angular15.Template.Front")
-r, --request-timeout int The timeout threshold for the request to the Horusec server. The minimum time is 10 (default 300)
-e, --return-error Return exit code 1 if found vulnerabilities. Default value is false (exit code 0)
-R, --risk-accept strings Ignore a vulnerability by hash and set it to be risk accept. Example -R="hash1, hash2"
--show-vulnerabilities-types strings Show vulnerabilities by types ("Vulnerability"|"Risk Accepted"|"False Positive"|"Corrected"). Example --show-vulnerabilities-types="Vulnerability, Risk Accepted" (default [Vulnerability])
Global Flags:
--config-file-path string Path of the configuration file (default "/root/DXC.Angular15.Template.Front/horusec-config.json")
-l, --log-file-path string Path of log file (default "/tmp/horusec-2023-07-17-17-57-15.log")
--log-level string Set log level ("panic"|"fatal"|"error"|"warn"|"info"|"debug"|"trace") (default "info")
and with docker
root@template:~/DXC.Angular15.Template.Front# docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)
Unable to find image 'horuszup/horusec-cli:latest' locally
latest: Pulling from horuszup/horusec-cli
59bf1c3509f3: Pull complete
1ea03e1895df: Pull complete
1ff98835b055: Pull complete
a3f2dd7b7d65: Pull complete
d182b62d4a35: Pull complete
d7a57db2abd7: Pull complete
73490af52bd3: Pull complete
69ef757ff51c: Pull complete
02b1b3930d32: Pull complete
920fb3b25d7f: Pull complete
Digest: sha256:829fce13916bfd1d61103be1e927d98f1ffbdfc4e78192b1fc1c1f8a4054e347
Status: Downloaded newer image for horuszup/horusec-cli:latest
time="2023-07-17T18:24:05Z" level=warning msg="{HORUSEC_CLI} Config file not found"
time="2023-07-17T18:24:05Z" level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3
Error: docker not found. Please check and try again
Usage:
horusec start [flags]
Examples:
horusec start
Flags:
-t, --analysis-timeout int The timeout threshold for the Horusec CLI wait for the analysis to complete. The minimum time is 10 (default 600)
-a, --authorization string Authorization token to use on Horusec server. Read more: https://docs.horusec.io/docs/tutorials/how-to-create-an-authorization-token (default "00000000-0000-0000-0000-000000000000")
-C, --certificate-path string Path to certificate of authority. Example -C="example/ca.crt"
-P, --container-bind-project-path string Project path in host to be used on Docker when running Horusec inside a container
-c, --custom-rules-path string Path with custom rules that should be used by Horusec engine
-D, --disable-docker Run Horusec without docker. If enabled it will only run the following tools: horusec-csharp, horusec-kotlin, horusec-java, horusec-kubernetes, horusec-leaks, horusec-javascript, horusec-dart, horusec-nginx
-G, --enable-commit-author Enable to search commit author of vulnerabilities
--enable-git-history Run Gitleaks and search for vulnerabilities in all git history of the project https://github.com/zricethezav/gitleaks
-w, --enable-owasp-dependency-check Run Owasp Dependency Check tool https://github.com/jeremylong/DependencyCheck
-j, --enable-shellcheck Run ShellCheck tool https://github.com/koalaman/shellcheck
-F, --false-positive strings Ignore a vulnerability by hash and set it to be false positive. Example -F="hash1, hash2"
--headers stringToString Custom headers to send on request to Horusec API. Example --headers='{"X-Auth-Service": "value"}' (default [])
-h, --help help for start
-u, --horusec-url string The Horusec server address to send analysis results (default "http://0.0.0.0:8000")
-i, --ignore strings Paths to ignore in the analysis. Example: -i="/path/to/ignore, **/*_test.go, **/assets/**" (default [*tmp*,**/.vscode/**])
-s, --ignore-severity strings The level of vulnerabilities to ignore in the output ("LOW"|"MEDIUM"|"HIGH"). Example: -s="LOW, HIGH" (default [INFO])
-I, --information-severity Enable information severity vulnerabilities. Information vulnerabilities can contain a lot of false positives
-S, --insecure-skip-verify Disable the certification validation. PLEASE, try not to use it
-O, --json-output-file string Output file to write analysis result. This flag should be used with --output-format
-o, --output-format string Output format of analysis ("text"|"json"|"sarif"|"sonarqube"). For json, sarif, and sonarqube --json-output-file is required
-p, --project-path string Path to run an analysis. If this value is not passed, Horusec will ask if you want to run the analysis in the current directory (default "/")
-n, --repository-name string Send repository name to Horusec server, by default sends the actual directory name (default "/")
-r, --request-timeout int The timeout threshold for the request to the Horusec server. The minimum time is 10 (default 300)
-e, --return-error Return exit code 1 if found vulnerabilities. Default value is false (exit code 0)
-R, --risk-accept strings Ignore a vulnerability by hash and set it to be risk accept. Example -R="hash1, hash2"
--show-vulnerabilities-types strings Show vulnerabilities by types ("Vulnerability"|"Risk Accepted"|"False Positive"|"Corrected"). Example --show-vulnerabilities-types="Vulnerability, Risk Accepted" (default [Vulnerability])
Global Flags:
--config-file-path string Path of the configuration file (default "/horusec-config.json")
-l, --log-file-path string Path of log file (default "/tmp/horusec-2023-07-17-18-24-05.log")
--log-level string Set log level ("panic"|"fatal"|"error"|"warn"|"info"|"debug"|"trace") (default "info")
how solve this im using ubuntu 22
docker compose version
Docker Compose version v2.19.1
docker --version
Docker version 24.0.4, build 3713ee1
Matheus Primo commented
Did you get passed by this error? We are facing the same issue with v2.7.1 and v2.8.0