Clair JSON report artifact path
skjolber opened this issue · comments
The default output path does not work.
Could not create a report: could not write to file open /<repo>/<project>/<repo>:<tag>.json: no such file or directory
Support the
-r, --report=""
parameter in
It works for me. Do you have a circleci config and logs you can share?
Hi, we're not doing to much fancy, but we are using a private repository.
jobs:
container_vulnerability_scan:
executor: clair/default
steps:
- checkout
- attach_workspace:
at: .
- run: *gcp-docker-login
- clair/scan:
image_file: "./gcr.image.version"
where the ./gcr.image.version contains the full /<repo>/<project>/<repo>:<tag>. The default file path is really not a path that would normally be available in a normal linux installation - where does the report go in your testing?
The report gets stored as a circleci artifact. Do you also need to read it from the filesystem?
I have made a change so clair reports will be saved at /clair-reports/<image_name>.json inside the build container (They will also be uploaded as circleci artifacts at the same path).
The image name includes any custom registry, e.g. /clair-reports/361339499037.dkr.ecr.eu-west-1.amazonaws.com/pe-orbs:latest.
Can you test if this works for your use case using orb version ovotech/clair-scanner@dev:report-path-fix?
@danielflookovo it now works. We would be okey with a static filename, probably we'd just parse and post the result to slack or something like that. Would it be possible to support the input parameter though, with the current functionality as the default?
The specified image_file can have multiple images listed, each with a separate report. A static filename doesn't make much sense there.
@danielflookovo ok, I see your point.
This has been published as ovotech/clair-scanner@1.4.25.