Welcome to the Linux Foundation Forum!

Lab 7.2 - Clair go panic

craig.jones
craig.jones Posts: 4
edited October 2021 in LFS260 Class Forum

Following the instruction in the lab to setup and run clair via docker-compose, step 8, generation of a report of the nginx vulnerabilities, unfortunately results in a go panic with the version specified in the docker-compose.yaml file (quay.io/coreos/clair:v2.0.6) and thus does not generate a report.

It looks like the clair bootstrapping has some issues pulling in manifests (one example, there are others) which probably results in the tool not bootstrapping properly and thus likely manifests itself in these other errors:

clair_1     | {"Event":"could not pull ubuntu-cve-tracker repository","Level":"error","Location":"ubuntu.go:174","Time":"2021-10-08 10:10:04.989570","error":"exit status 128","output":"Cloning into '.'...\nerror: RPC failed; HTTP 503 curl 22 The requested URL returned error: 503 Service Unavailable\nfatal: The remote end hung up unexpectedly\n"}

This configuration is now three years old so this may highlight the configuration of the Charlie Belmer repo is now outdated or points to resources no longer available?

I've used clair in production and am familiar with it already so I can happily skip this lab, but this may pose an issue for those that want to try this out

Comments

  • Encounter the same problem,and always founded 0 vulnerabilities with images.

  • mboleso
    mboleso Posts: 2

    I found the same problem, the result of scanning nginx image result into 0 vulnerabilities.

    The lab use github repository where the last commit is 4 years ago...

Categories

Upcoming Training