RE: kubernetes scanner not showing results

@atripp Wunderfull... Glad I could help.. Looking forward to test when it arrives :)

@Dan_Woolf I may have another Idea.... We are running on containerd ... not on dockerd...
Maybe this makes a difference: https://github.com/kubernetes/kubernetes/issues/95968

@atripp Uh.. Ok.. Yes this sounds like an interesting topic ;)

I can give you one more insight.. This is our first k8s setup, and we have chosen to run our own cluster, locally. So we don't use aws, azure or google... Basically this menas: we could have done anything wrong when setting up the cluster.. Missing something, adding something that does not belong there, and so on...

For me personally, the information in ProGet is currently nothing I HAVE to have, I actually just wonted to test this and see what is possible ;)

In maybe 6-12 months we will probably do a migration to azure k8s, maybe then it will work.. But I think for now, I have wasted enough of your time... Thank you for taking such a detailed look into this issue!

@Dan_Woolf Sorry to say that, but I really dont know how to help you further. I sent you another json (could be identical, or only have small changes) but was created in a different way.. Maybe this is more useful?

@rhessinger
Rancher: v2.6.2
Kubernetes: v1.19.9

@rhessinger said in kubernetes scanner not showing results:

[QA-729] Kubernetes API

E-Mail is on its way again.. :)

*it probably should be suppor(t)@

@rhessinger E-Mail is on the way.. :)

@dean-houston If possible I would prefer not to do that... There might be some sensible data that should not be shared... I know it makes your task a little harder, but I could offer a remote session or something similar...

Its a local image.. build and pushed to ProGet by our pipeline..
Let me know how I can support you with the queries.

@gdivis I got the fail message at the end of the update.. So, no, it did not work.
yes, none of the services where starting.

I got my issues sorted out by uninstalling and re-config many things.. But moving the install-dir should not have happened by doing a console update.

@rhessinger I think so. One example:

maybe its related to the library/ part?

Yes, there are 495 entries in that table...

I'm on the latest ProGet (Version 6.0.5 (Build 9)) and I'm using the latest Kubernetes extension (1.10.1).

It seems to work because of the logs:

Scanning Kubernetes API at https://xxx.xx
Beginning package/container scan using Kubernetes API at https://xxx.xx...
Package/Container Scanner completed.
Scan using Kubernetes API at https://xxx.xx complete; recording data...

So I set up the kubernetes scanner to be able to see the usage of each image in a feed.
Although the feed is set up to use the scanner, and the scanner seems to work, there is no usage for an image, even though I'm sure there is.

So.. Has this feature been used by anyone yet? And is it working and I'm just doing something wrong?

I just tried to update proget using the commandline update option:

hub.exe install ProGet --IsUpgrade=true

Although the installation was set to d:\ProGet, it got changed to C:\Program Files\ProGet

After that, nothing worked anymore. we then tried to uninstall and re-install completely, without any success.

Another issue was that I have local admin rights on the Server where ProGet is installed, but I dont have SQL rights to access the database. This lead to another issue when updating.

Awesome.. Will the duplicates be removed automatically?

And today I got another one:

And as you can see, its always the same issue
Since the Update to Version 6 was done on saturday last week (5 days) and we currently have 6 times the same issue, I would actually think its a daily task the duplicates the vulnerability (+ the original that has been assesed before the update)

@rhessinger

We have OSS and Clair, so yes, we have two.. But Clair is not used for npm..

1a.

1b.

2a.

2b.

@rhessinger Version 6.0.4 (Build 8)

I was trying to create a kubernetes scanner, but when clicking on "Kubernetes API Scanner" inside the modal, it shows an error 500 telling me that the values is not allowed to be NULL.

Sorry, the following stacktrace contains some german....... ;)

 An error occurred in the web application: Der Wert darf nicht NULL sein.
Parametername: Inedo.Extensions.Kubernetes.Scanners.KubernetesApiScanner is not a Inedo.Extensibility.VulnerabilitySources.VulnerabilitySource.

Stack trace: bei Inedo.Web.Editors.ExtensionEditor.Initialize(Type extensionType)
bei Inedo.Web.Editors.ExtensionEditor.GetEditorInternal[TDefaultEditorType](Type type)
bei Inedo.ProGet.WebApplication.Pages.Administration.PackageContainerScanners.CreateOrEditPackageContainerScannerPage.CreateChildControls()
bei Inedo.ProGet.WebApplication.Pages.ProGetSimplePageBase.<InitializeAsync>d__12.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bei Inedo.Web.PageFree.SimplePageBase.<ExecutePageLifeCycleAsync>d__57.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bei Inedo.Web.PageFree.SimplePageBase.<ProcessRequestAsync>d__56.MoveNext()
--- Ende der Stapelüberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelöst wurde ---
bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
bei System.Web.TaskAsyncHelper.EndTask(IAsyncResult ar)
bei Inedo.Web.Handlers.AsyncHandlerWrapper.EndProcessRequest(IAsyncResult result)
bei System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
bei System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step)
bei System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Do you have any idea how this could be fixed? I already tried removing and re-adding the plugin and restarting the server.

I noticed that we have two vulnerabilities for the same CWE-400 issue that have different ID's:

xxx.xx/vulnerabilities/vulnerability?vulnerabilityId=875
xxx.xx/vulnerabilities/vulnerability?vulnerabilityId=1120

They are both completely equal (at least it looks like it). The only difference, one was already marked as "Caution", the other was new an unassessed.

This lead to npm installation error, since we dont allow unassessed vulnerabilities.

We are running ProGet 6.0.4 (Build 8).

Any Ideas why this happened and how we can prevent the same vulnerability to appear twice with different ID's?

Alright.. So we are using ProGet and have it installed on a VM with Windows...
We are also hosting our own k8s both for development and production..
And I was thinking about puting ProGet into k8s to more and more reduce the amount of VM's we are running...
But then again, on ProGet we have our docker images.. Which are needed for almost anything in k8s.... So I was wondering, what would be the best solution to host Proget?

Any Ideas and thoughts are welcome... ;)