I have an error when using the template for IaC SAST.
Gitlab is 14.10, installed in my cloud, and accessible from the internet (I changed my real GitLab ULR to owngitlab.com)
The GitLab runner is installed in k8s.
Try to use SAST in my projects, but I get errors. Could somebody please help with this?
Here is part of my .gitlab-ci.yml
include:
- template: Security/SAST-IaC.latest.gitlab-ci.yml
stages:
- test
Pipeline log:
$ /analyzer run
[INFO] [kics] [2022-05-20T12:41:44Z] ▶ GitLab kics analyzer v1.5.2
[INFO] [kics] [2022-05-20T12:41:44Z] ▶ Detecting project
[INFO] [kics] [2022-05-20T12:41:44Z] ▶ Found relevant files in project, analyzing entire repository
[INFO] [kics] [2022-05-20T12:41:44Z] ▶ Running analyzer
[INFO] [kics] [2022-05-20T12:41:44Z] ▶ path /builds/tf/modules
[INFO] [kics] [2022-05-20T12:42:43Z] ▶ Creating report
[WARN] [kics] [2022-05-20T12:42:43Z] ▶ Could not detect git executable
Uploading artifacts for successful job
Uploading artifacts...
gl-sast-report.json: found 1 matching files and directories
ERROR: Uploading artifacts as "sast" to coordinator... error error=couldn't execute POST against https://owngitlab.com/api/v4/jobs/139/artifacts?artifact_format=raw&artifact_type=sast: Post "https://owngitlab.com/api/v4/jobs/139/artifacts?artifact_format=raw&artifact_type=sast": open gl-sast-report.json: permission denied id=139 token=hZ5dXhA7
WARNING: Retrying... context=artifacts-uploader error=invalid argument
ERROR: Uploading artifacts as "sast" to coordinator... error error=couldn't execute POST against https://owngitlab.com/api/v4/jobs/139/artifacts?artifact_format=raw&artifact_type=sast: Post "https://owngitlab.com/api/v4/jobs/139/artifacts?artifact_format=raw&artifact_type=sast": open gl-sast-report.json: permission denied id=139 token=hZ5dXhA7
WARNING: Retrying... context=artifacts-uploader error=invalid argument
ERROR: Uploading artifacts as "sast" to coordinator... error error=couldn't execute POST against https://owngitlab.com/api/v4/jobs/139/artifacts?artifact_format=raw&artifact_type=sast: Post "https://owngitlab.com/api/v4/jobs/139/artifacts?artifact_format=raw&artifact_type=sast": open gl-sast-report.json: permission denied id=139 token=hZ5dXhA7
FATAL: invalid argument
Cleaning up project directory and file based variables
00:00
ERROR: Job failed: command terminated with exit code 1
Related
I'm attempting to setup GitLab dependency scanning for a repository in my self-hosted GitLab server. I have included the job template and the test stage since I have overridden the stage clause. The job starts, but it fails soon after. When I set the variable SECURE_LOG_LEVEL to debug I see the following output.
$ /analyzer run
Using java version 'adoptopenjdk-17.0.2+8'
[INFO] [gemnasium-maven] [2023-01-28T15:21:00Z] [/go/src/app/cmd/gemnasium-maven/main.go:55] ▶ GitLab gemnasium-maven analyzer v3.11.1
[DEBU] [gemnasium-maven] [2023-01-28T15:21:00Z] [/go/src/app/finder/finder.go:64] ▶ inspect directory: .
[DEBU] [gemnasium-maven] [2023-01-28T15:21:00Z] [/go/src/app/finder/finder.go:96] ▶ skip ignored directory: .git
[DEBU] [gemnasium-maven] [2023-01-28T15:21:00Z] [/go/src/app/finder/detect.go:84] ▶ Selecting gradle for maven because this is the first match
[INFO] [gemnasium-maven] [2023-01-28T15:21:00Z] [/go/src/app/finder/finder.go:116] ▶ Detected supported dependency files in '.'. Dependency files detected in this directory will be processed. Dependency files in other directories will be skipped.
[DEBU] [gemnasium-maven] [2023-01-28T15:21:00Z] [/go/src/app/cmd/gemnasium-maven/main.go:234] ▶ Exporting dependencies for /path/to/my/app/build.gradle
[DEBU] [gemnasium-maven] [2023-01-28T15:21:05Z] [/go/src/app/builder/gradle/gradle.go:85] ▶ /path/to/my/app/gradlew --init-script /gemnasium-gradle-plugin-init.gradle gemnasiumDumpDependencies
Downloading https://services.gradle.org/distributions/gradle-7.1.1-bin.zip
..........10%...........20%...........30%..........40%...........50%...........60%..........70%...........80%...........90%...........100%
Welcome to Gradle 7.1.1!
Here are the highlights of this release:
- Faster incremental Java compilation
- Easier source set configuration in the Kotlin DSL
For more details see https://docs.gradle.org/7.1.1/release-notes.html
Starting a Gradle Daemon (subsequent builds will be faster)
FAILURE: Build failed with an exception.
* Where:
Initialization script '/gemnasium-gradle-plugin-init.gradle'
* What went wrong:
Could not compile initialization script '/gemnasium-gradle-plugin-init.gradle'.
> startup failed:
> General error during conversion: Unsupported class file major version 61
java.lang.IllegalArgumentException: Unsupported class file major version 61
at groovyjarjarasm.asm.ClassReader.<init>(ClassReader.java:189)
at groovyjarjarasm.asm.ClassReader.<init>(ClassReader.java:170)
at groovyjarjarasm.asm.ClassReader.<init>(ClassReader.java:156)
at groovyjarjarasm.asm.ClassReader.<init>(ClassReader.java:277)
...
How can I resolve this issue? I am using GitLab server v15.7.5.
I found a StackOverflow thread that is very similar to the issue I'm having.
It appears the version of ASM bundled with GitLab gemnasium-maven analyzer v3.11 does not support class files version 61 in Java v17.0.2+8.
I was able to get this working by downgrading GitLab gemnasium-maven analyzer to v2.31.0 and have filed a support request with GitLab to notify them of the issue.
To downgrade the dependency scanner, add the following block of code to your CICD template
.ds-analyzer:
variables:
DS_MAJOR_VERSION: 2
I am trying to use Infrastructure as Code (IaC) Scanning scans my IaC configuration files for known vulnerabilities. Reference: https://docs.gitlab.com/ee/user/application_security/iac_scanning/. However, I encountered the system problem in the pipeline.
[DEBU] [kics] [2022-11-11T03:55:29Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command#v1.9.2/run.go:256] ▶ SAST_EXCLUDED_PATHS=spec,test,tests,tmp39
[INFO] [kics] [2022-11-11T03:55:29Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command#v1.9.2/run.go:131] ▶ Detecting project
[INFO] [kics] [2022-11-11T03:55:29Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command#v1.9.2/run.go:153] ▶ Analyzer will attempt to analyze all projects in the repository41
[INFO] [kics] [2022-11-11T03:55:29Z] [/go/pkg/mod/gitlab.com/gitlab-org/security-products/analyzers/command#v1.9.2/run.go:165] ▶ Running analyzer42
[DEBU] [kics] [2022-11-11T03:55:29Z] [/go/src/app/analyze.go:48] ▶ custom rulesets not enabled
[INFO] [kics] [2022-11-11T03:55:29Z] [/go/src/app/analyze.go:67] ▶ path /builds/leo/tcf
[ERRO] [kics] [2022-11-11T03:55:38Z] [/go/src/app/analyze.go:87] ▶ Encountered a system problem; status code: 2, error: exit status 2, detail:
[FATA] [kics] [2022-11-11T03:55:38Z] [/go/src/app/main.go:30] ▶ kics scanner failure: exit status 2
Uploading artifacts for failed job00:0048Uploading artifacts...
WARNING: gl-sast-report.json: no matching files. Ensure that the artifact path is relative to the working directory
ERROR: No files to upload
Cleaning up project directory and file based variables00:0154ERROR: Job failed: exit code 1
I can't find relevant information about the errors. How can I solve the errors?
You can use your own config, independent of the GitLab template.
gitlab-ci.yml:
image:
name: checkmarx/kics:latest
entrypoint: [""]
script:
- kics scan -q /app/bin/assets/queries -p ${PWD} --ignore-on-exit all --report-formats glsast -o ${PWD} --output-name kics-results
artifacts:
reports:
sast: gl-sast-kics-results.json
when: always
I'm using Gitlab self server community version ci/cd function, It has been running well, But suddenly one day,All the projects in the gitlab/cicd has failed, it mentions below errors:
Uploading artifacts for successful job
Uploading artifacts...
promotion-api/my-boot-module-system/target/*.jar: found 1 matching files and directories
WARNING: Uploading artifacts as "archive" to coordinator... failed id=1515 responseStatus=500 Internal Server Error status=500 token=xrDFnLeB
WARNING: Retrying... context=artifacts-uploader error=invalid argument
WARNING: Uploading artifacts as "archive" to coordinator... failed id=1515 responseStatus=500 Internal Server Error status=500 token=xrDFnLeB
WARNING: Retrying... context=artifacts-uploader error=invalid argument
WARNING: Uploading artifacts as "archive" to coordinator... failed id=1515 responseStatus=500 Internal Server Error status=500 token=xrDFnLeB
FATAL: invalid argument
ERROR: Job failed: exit code 1
Below is the code in .gitlab-ci.yml
deploy-java:
stage: deploy
dependencies:
- build-java
image:
name: docker/compose:latest
before_script:
- docker info
- docker-compose -v
script:
- cd promotion-api
- docker-compose build
- docker images
- docker ps -a
- docker-compose up -d
tags:
- promotion
2021-3-29:
I switched the runner from linux version to docker, seems all fine till now
You ran into a bug in GitLab itself. Instead of a rather obscure HTTP status 500 it should say what the issue is explicitly. It is likely not a problem in your repository or CI settings.
Follow these issues to find out more:
Artifact is stopped in the transfer, possibly because it takes longer than some timeout to upload: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26869
Artifact is larger than 1 GB: https://gitlab.com/gitlab-org/gitlab/-/issues/267111
For me the problem was that gitlab had run out of disk-space.
After having deleted unnecessary artifacts and files everything was working correctly again.
You can check your system status (if you host your own gitlab) here: www.gitlab-url.com/admin/system_info
(Go to: Admin Area > Monitoring > System Info)
Hope it helps!
I try to use artifacts on my Gitlab and when my runner try to put my artifact file on Giltlab, i have this message :
WARNING: Uploading artifacts to coordinator... failed id=504 responseStatus=405 Method Not Allowed status=405 Method Not Allowed token=HebbSqMD
WARNING: Retrying...
WARNING: Uploading artifacts to coordinator... failed id=504 responseStatus=405 Method Not Allowed status=405 Method Not Allowed token=HebbSqMD
WARNING: Retrying...
WARNING: Uploading artifacts to coordinator... failed id=504 responseStatus=405 Method Not Allowed status=405 Method Not Allowed token=HebbSqMD
FATAL: invalid argument
ERROR: Job failed: exit code 1
My job is :
build:
stage: build
script:
- echo "Building the app" > out.txt
artifacts:
paths:
- out.txt
Gitlab 8.16 or 8.17 : same probleme
Gitlab runner on other host (docker executor) : 1.11.0 o 1.10.4 : same probleme
Simply, verified artifacts enabled in /etc/gitlab/gitlab.rb file:
## Build Artifacts
# gitlab_rails['artifacts_enabled'] = true
# gitlab_rails['artifacts_path'] = "/mnt/storage/artifacts"
Error occured while trying to build the recommendation engine using PredictionIO. Please anyone know how to solve this issue.
root#testing:~/PredictionIO/engines# pio build --verbose
[INFO] [Console$] Using command '/root/PredictionIO/sbt/sbt' at the current working directory to build.
[INFO] [Console$] If the path above is incorrect, this process will fail.
[INFO] [Console$] Uber JAR disabled. Making sure lib/pio-assembly-0.9.4.jar is absent.
[INFO] [Console$] Going to run: /root/PredictionIO/sbt/sbt package assemblyPackageDependency
[ERROR] [Console$] Error: Invalid or corrupt jarfile /root/PredictionIO/sbt/sbt-launch-0.13.7.jar
[ERROR] [Console$] Return code of previous step is 1. Aborting.
For me help to download this file
https://repo.typesafe.com/typesafe/ivy-releases/org.scala-sbt/sbt-launch/0.13.7/sbt-launch.jar
Rename downloaded file to sbt-launch-0.13.7.jar and replace previous file in PredictionIO/sbt/