ThreatMapper icon indicating copy to clipboard operation
ThreatMapper copied to clipboard

Published 20 hours ago verified publisher icon deepfence

Secret Scanner Issues

Open saurabh2253 opened this issue 2 years ago • 1 comments

Running secret scan on k8s.gcr.io/echoserver:1.10 in docker agent throws below errors: Screenshot 2022-08-18 at 6 52 28 AM

Screenshot 2022-08-18 at 10 45 43 AM

saurabh2253 avatar Aug 18 '22 05:08 saurabh2253

  1. Save Failed Errors were observed in containerd environment with the message : invalid repository name (365ec60129c5426b4cf160257c06f6ad062c709e0576c8b3d9a5dcc488f5252d), cannot specify 64-byte hexadecimal strings Above was fixed by commit
  2. In kubernetes cluster of 3 nodes with 6 vcpus and 12 GB memory in total, on scanning echoserver image for secrets the secret scanner process died with message of SIGKILL in supervisor logs. This was fixed by changing cpu resource request in values.yaml from 150m to 300m.
  3. In DigitalOcean agent with 8Gb memory following error logs were observed when scanning echoserver:
fatal error: runtime: out of memory
​
runtime stack:
runtime.throw({0x11c6715?, 0x105000000?})
        /usr/local/go/src/runtime/panic.go:992 +0x71
runtime.sysMap(0xc1a5000000, 0x7f1a5d670d38?, 0x7f1a5d670da0?)
        /usr/local/go/src/runtime/mem_linux.go:189 +0x11b
runtime.(*mheap).grow(0x18ad680, 0x8274b?)
        /usr/local/go/src/runtime/mheap.go:1404 +0x225
runtime.(*mheap).allocSpan(0x18ad680, 0x8274b, 0x0, 0x1)
        /usr/local/go/src/runtime/mheap.go:1170 +0x171
runtime.(*mheap).alloc.func1()
        /usr/local/go/src/runtime/mheap.go:912 +0x65
runtime.systemstack()
        /usr/local/go/src/runtime/asm_amd64.s:469 +0x49
​

Supervisor logs: 21:15:19,211 INFO exited: secret_scanner (exit status 2; not expected)

saurabh2253 avatar Aug 22 '22 02:08 saurabh2253

fixed

ibreakthecloud avatar Sep 29 '22 14:09 ibreakthecloud