CSEDevOps icon indicating copy to clipboard operation
CSEDevOps copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Azure CI Pipeline with 'agentScan' type is failing

Open mariocastillo86 opened this issue 10 months ago • 1 comments

Hi,

I've been looking for some good example of how this pipeline would look like but couldn't find it. My current one is failing with:

Starting: owaspzap ============================================================================== Task : OWASP Zap Scanner Description : Utilize the OWASP/ZAP scanner within Azure DevOps Version : 1.0.1 Author : Doyle Turner, Anthony Turner Help : ============================================================================== /usr/bin/bash /home/vsts/work/_tasks/owaspzap_866820e2-7f62-466f-94ec-afeeab860f89/1.0.1/localtarget.sh 172.17.0.1 /usr/bin/chmod 777 /home/vsts/work/1/s/owaspzap /usr/bin/id -u root 0 /opt/hostedtoolcache/docker-stable/17.9.0-ce/x64/docker run -u 0 -v /home/vsts/work/1/s/owaspzap:/zap/wrk/:rw owasp/zap2docker-stable zap-baseline.py -t http://172.17.0.1:80 -J report.json -r report.html Unable to find image 'owasp/zap2docker-stable:latest' locally /opt/hostedtoolcache/docker-stable/17.9.0-ce/x64/docker: Error response from daemon: pull access denied for owasp/zap2docker-stable, repository does not exist or may require 'docker login': denied: requested access to the resource is denied. See '/opt/hostedtoolcache/docker-stable/17.9.0-ce/x64/docker run --help'. ##[error]ENOENT: no such file or directory, open '/home/vsts/work/1/s/owaspzap/report.json' Finishing: owaspzap

I'm not sure where to add that docker login. This is my 'yml' file:

trigger:
- develop

pool:
  vmImage: ubuntu-latest

steps:
- task: DockerInstaller@0
  inputs:
    dockerVersion: '17.09.0-ce'
- task: DockerCompose@0
  inputs:
    containerregistrytype: 'Azure Container Registry'
    azureSubscription: 'MyAzureSubscription'
    azureContainerRegistry: 'MyContainerRegistry'
    dockerComposeFile: '**/docker-compose.yml'
    action: 'Run a Docker Compose command'
    dockerComposeCommand: 'rm'
    detached: true
- task: owaspzap@1
  inputs:
    aggressivemode: false
    scantype: agentScan
    threshold: 50
    port: 80
- bash: |
   sudo npm install -g handlebars-cmd

   cat <<EOF > owaspzap/nunit-template.hbs
   {{#each site}}

   <test-run
       id="2"
       name="Owasp test"
       start-time="{{../[@generated]}}"  >
       <test-suite
           id="{{@index}}"
           type="Assembly"
           name="{{[@name]}}"
           result="Failed"
           failed="{{alerts.length}}">
           <attachments>
               <attachment>
                   <filePath>owaspzap/report.html</filePath>
               </attachment>
           </attachments>
       {{#each alerts}}<test-case
           id="{{@index}}"
           name="{{alert}}"
           result="Failed"
           fullname="{{alert}}"
           time="1">
               <failure>
                   <message>
                       <![CDATA[{{{desc}}}]]>
                   </message>
                   <stack-trace>
                       <![CDATA[
   Solution:
   {{{solution}}}

   Reference:
   {{{reference}}}

   instances:{{#each instances}}
   * {{uri}}
       - {{method}}
       {{#if evidence}}- {{{evidence}}}{{/if}}
                       {{/each}}]]>
                   </stack-trace>
               </failure>
       </test-case>
       {{/each}}
       </test-suite>
   </test-run>
   {{/each}}
   EOF
  displayName: 'owasp nunit template'
  condition: always()

mariocastillo86 avatar Apr 23 '24 00:04 mariocastillo86

Hi, The link takes you to why and my workaround :) https://github.com/microsoft/CSEDevOps/issues/47

twartonick avatar Apr 25 '24 20:04 twartonick