Hey Guys,
I'm trying to configure Clair to scan my proget docker registry. My Clair container is up and running and it looks like step 1 in the "Vulnerability Scanning" section here is working OK:
https://docs.inedo.com/docs/proget/compliance/clair#configureproget
However I'm getting these errors in the Clair error log when executing "Step 2":
quay.io/coreos/clair:v2.1.6@sha256:ac7ea2811ac7f21a140b048c9b02bd9854b881b62dca0a4f7bfc7220db399710/Proget_clairApp.1.wj83pt57ty9puvx18bng4in48/159eccc6e7c8 {"Event":"failed to extract data from path","Level":"error","Location":"worker.go:122","Time":"2021-02-08 20:04:53.195393","error":"could not find layer","layer":"sha256:bb9fc6048a9dd25ab6a26f64809be519e91cca2cf15d4e0cdddd0a8f99a3cd94","path":"https://proget.xxxxxxxxxx.com/api/docker-blobs/download/sha256%3Abb9fc6048a9dd25ab6a26f64809be519e91cca2cf15d4e0cdddd0a8f99a3cd94"}
Event Actions
My assumption is that Clair is struggling downloading the image from ProGet as I require authentication on ProGet to connect to the docker registry.
How do I pass (proget) credentials to Clair so that it can use them to download the image layers?
The strange thing is that I do see this "API" credential created when the "VulernablityDownloader" task is running, but it doesn't seam to have access:
I'm running ProGet v5.3.22 and Clair v2.1.6
I see errors like this in the "VulnerablityDownloader" log:
WARN : 2021-02-08 20:05:35Z - Clair returned error BadRequest for layer sha256:c9817fc410f6223217d62f147379cbdfc3ed993cd307adccc05eebdcfc818f69.
WARN : 2021-02-08 20:05:35Z - Clair returned error BadRequest for layer sha256:c9817fc410f6223217d62f147379cbdfc3ed993cd307adccc05eebdcfc818f69.
WARN : 2021-02-08 20:05:35Z - Clair returned error BadRequest for layer sha256:9f30fc0b74dd5bc842d09b2b2d8afcac1ed37b7d28c4d85beb3b96bb5726e770.
ERROR: 2021-02-08 20:05:35Z - Unhandled exception: System.NullReferenceException: Object reference not set to an instance of an object.
at Inedo.Extension.Clair.VulnerabilitySources.ClairVulnerabilitySource.PushLayerToClair(JsonSerializer serializer, WebRequest request, IVulnerabilityDockerBlob blob) in C:\InedoAgent\BuildMasterTemp\192.168.44.60\Temp\_E82939\Src\Clair\InedoExtension\VulnerabilitySources\ClairVulnerabilitySource.cs:line 190
at Inedo.Extension.Clair.VulnerabilitySources.ClairVulnerabilitySource.GetVulnerabilitiesAsync(IVulnerabilitySourceContext context) in C:\InedoAgent\BuildMasterTemp\192.168.44.60\Temp\_E82939\Src\Clair\InedoExtension\VulnerabilitySources\ClairVulnerabilitySource.cs:line 43
at Inedo.ProGet.ScheduledTasks.General.VulnerabilityDownloaderScheduledTask.ExecuteAsync(ScheduledTaskContext context) in C:\InedoAgent\BuildMasterTemp\192.168.44.60\Temp\_E106466\Src\ProGetCoreEx\ScheduledTasks\General\VulnerabilityDownloaderScheduledTask.cs:line 35
at Inedo.ProGet.Service.Executions.ActiveScheduledTaskExecution.ExecuteAsync() in C:\InedoAgent\BuildMasterTemp\192.168.44.60\Temp\_E106466\Src\ProGet.Service\Executions\ActiveScheduledTaskExecution.cs:line 61
Also getting errors like this in the error log:
Thanks
Simon