Hi There,
I've installed the Clair extension into my ProGet 5.2.3 docker container and configured a Vulerablity Source as follows:
I can run the following command from the ProGet container commandline:
curl http://clairapp:6060/v1/namespaces
And get the following result, so I know Clair is running correctly and that the ProGet container can communicate successfully with the Clair API endpoint.
{"Namespaces":[{"Name":"alpine:v3.7","VersionFormat":"dpkg"},{"Name":"alpine:v3.8","VersionFormat":"dpkg"},{"Name":"alpine:v3.10","VersionFormat":"dpkg"},{"Name":"alpine:v3.11","VersionFormat":"dpkg"},{"Name":"alpine:v3.3","VersionFormat":"dpkg"},{"Name":"alpine:v3.5","VersionFormat":"dpkg"},{"Name":"alpine:v3.6","VersionFormat":"dpkg"},{"Name":"alpine:v3.9","VersionFormat":"dpkg"},{"Name":"alpine:v3.4","VersionFormat":"dpkg"},{"Name":"amzn:2","VersionFormat":"rpm"},{"Name":"amzn:2018.03","VersionFormat":"rpm"},{"Name":"debian:unstable","VersionFormat":"dpkg"},{"Name":"debian:8","VersionFormat":"dpkg"},{"Name":"debian:9","VersionFormat":"dpkg"},{"Name":"debian:11","VersionFormat":"dpkg"},{"Name":"debian:10","VersionFormat":"dpkg"},{"Name":"ubuntu:12.10","VersionFormat":"dpkg"},{"Name":"ubuntu:16.04","VersionFormat":"dpkg"},{"Name":"ubuntu:15.10","VersionFormat":"dpkg"},{"Name":"ubuntu:19.04","VersionFormat":"dpkg"},{"Name":"ubuntu:17.10","VersionFormat":"dpkg"},{"Name":"ubuntu:18.04","VersionFormat":"dpkg"},{"Name":"ubuntu:14.04","VersionFormat":"dpkg"},{"Name":"ubuntu:17.04","VersionFormat":"dpkg"},{"Name":"ubuntu:16.10","VersionFormat":"dpkg"},{"Name":"ubuntu:12.04","VersionFormat":"dpkg"},{"Name":"ubuntu:14.10","VersionFormat":"dpkg"},{"Name":"ubuntu:15.04","VersionFormat":"dpkg"},{"Name":"ubuntu:18.10","VersionFormat":"dpkg"},{"Name":"ubuntu:13.04","VersionFormat":"dpkg"},{"Name":"oracle:6","VersionFormat":"rpm"},{"Name":"oracle:7","VersionFormat":"rpm"},{"Name":"oracle:5","VersionFormat":"rpm"},{"Name":"oracle:8","VersionFormat":"rpm"}]}
However when I run the VulnerabilityDownloader Scheduled Task manually by pressing this:
I get the following error:
ERROR: 2020-06-18 19:25:52Z - Unhandled exception: System.InvalidCastException: Specified cast is not valid.
at Inedo.ProGet.ScheduledTasks.General.VulnerabilityDownloaderScheduledTask.ExecuteAsync (Inedo.ProGet.ScheduledTasks.ScheduledTaskContext context) [0x00133] in <5c992ee154394e758c7258b17e1dbffb>:0
at Inedo.ProGet.Service.Executions.ActiveScheduledTaskExecution.ExecuteAsync () [0x00182] in <a7f73bf1cfd3422e88d7232a4ec2eaf3>:0
Ultimately I don't believe the ProGet to Clair connection is really working, is there any way I can verify this?
One of the main reasons I believe this is because when I issue the CURL Command above I get a Clair log that reads:
{"Event":"Handled HTTP request","Level":"info","Location":"router.go:57","Time":"2020-06-18 19:35:53.616609","elapsed time":1216718,"method":"GET","remote addr":"10.0.5.4:42524","request uri":"/v1/namespaces","status":"200"}
However I don't get any such logs from ProGet attempting to use the Clair API.
Thanks in advance
Simon