-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installation Instructions Do Not Work as Written #398
Comments
Hi @wits-zach - thanks for the issue. You're right, it's not completely clear to a new user what steps are required to bootstrap things. You're right, you may need docker, podman, or a locally installed copy of vunnel. I went for the latter and did the following on my laptop, which already has uv installed. $ mkdir -p ./temp/data
$ cd ./temp
$ uv venv
Using CPython 3.10.15
Creating virtual environment at: .venv
Activate with: source .venv/bin/activate
$ source .venv/bin/activate
(temp) $ uv pip install vunnel
Resolved 39 packages in 1.71s
Built untokenize==0.1.1
Built ijson==2.6.1
Built sqlalchemy==1.4.54
Prepared 30 packages in 3.64s
Installed 39 packages in 83ms
+ certifi==2024.8.30
+ charset-normalizer==3.3.2
+ click==8.1.7
+ click-default-group==1.2.4
+ colorlog==6.8.2
+ cvss==3.2
+ defusedxml==0.7.1
+ docformatter==1.5.0
+ exceptiongroup==1.2.2
+ idna==3.10
+ ijson==2.6.1
+ importlib-metadata==7.2.1
+ iniconfig==2.0.0
+ iso8601==2.1.0
+ jinja2==3.1.4
+ lxml==5.3.0
+ markupsafe==2.1.5
+ mashumaro==3.13.1
+ mergedeep==1.3.4
+ orjson==3.10.7
+ packaging==24.1
+ pluggy==1.5.0
+ pytest==8.3.3
+ pytest-snapshot==0.9.0
+ python-dateutil==2.9.0.post0
+ pyyaml==6.0.2
+ requests==2.32.3
+ six==1.16.0
+ sqlalchemy==1.4.54
+ tomli==2.0.1
+ toposort==1.10
+ typing-extensions==4.12.2
+ untokenize==0.1.1
+ urllib3==2.2.3
+ vunnel==0.27.0
+ xsdata==22.12
+ xxhash==3.5.0
+ zipp==3.20.2
+ zstandard==0.23.0
(temp) $ curl -sSfL https://raw.githubusercontent.com/anchore/grype-db/main/install.sh | sh -s -- -b .
[info] fetching release script for tag='v0.24.0'
[info] using release tag='v0.24.0' version='0.24.0' os='darwin' arch='arm64'
[info] installed ./grype-db
(temp) $ cat >.grype-db.yaml <<'EOT'
provider:
vunnel:
executor: local
EOT
(temp) $ ./grype-db -g
[0000] INFO grype-db version: 0.24.0
[0002] INFO aggregating vulnerability data providers=[nvd alpine amazon chainguard debian github mariner oracle rhel sles ubuntu wolfi]
[0002] INFO running vulnerability provider provider=chainguard
[0002] INFO running vulnerability provider provider=nvd
[0002] INFO running vulnerability provider provider=amazon
[0002] INFO running vulnerability provider provider=alpine
[0002] INFO chainguard: running chainguard provider
[0002] INFO nvd: running nvd provider
[0002] INFO chainguard: downloading chainguard secdb https://packages.cgr.dev/chainguard/security.json
[0002] INFO nvd: downloading all CVEs
[0002] INFO amazon: running amazon provider
[0002] INFO alpine: running alpine provider
[0002] INFO amazon: downloading amazon security advisory from https://alas.aws.amazon.com/AL2/alas.rss
[0002] INFO alpine: downloading alpine secdb metadata from: https://secdb.alpinelinux.org
[0002] INFO alpine: Downloading secdb edge main etc. Just thought I'd provide that to get you going, in case you don't want to install docker or podman. You don't need Hope that helps, and we'll get the documentation updated accordingly. Thanks again for the issue. |
The action here is to update https://github.com/anchore/grype-db?tab=readme-ov-file#recommended to mention that |
Won't the GitHub provider fail without a token? Do you have instructions for that? Edit: I'd asked about this earlier on #333. If I get it working I'll write up some instructions. |
@smythp You're right, there's some API key requirements here, I suspect. A fresh pair of eyes on it would be very helpful,. Thank you. |
I've got a blog post coming out on this on dev.to on Tuesday, once that comes out I'll crib commands from it to update the README. |
@smythp awesome! I love reading blog posts from users. Do feel free to post the link here - or share it in the General category on the Anchore Community Discourse to start a conversation. :) |
Thanks for the suggestion, @popey. The blog post is up and I posted in the general topic. Thanks for any feedback and hope it's a useful post for those digging into Grype's upstream provider utilities. I'll look into doing a PR for the README using this material before the end of the week. 👍 |
Please provide a set of steps on how to reproduce the issue
curl -sSfL https://raw.githubusercontent.com/anchore/grype-db/main/install.sh | sh -s -- -b /usr/local/bin
└─# grype-db -g
[0000] INFO grype-db version: 0.24.0
[0000] ERROR 1 error occurred:
* unable to generate vunnel providers: unable to execute vunnel list: exec: "docker": executable file not found in $PATH
error: 1 error occurred:
* unable to generate vunnel providers: unable to execute vunnel list: exec: "docker": executable file not found in $PATH
What happened:
grype-db -g fails to generate a list of providers, throws an error asking for docker in $PATH
What you expected to happen:
grype-db to create a list of providers
Anything else we need to know?:
Please update instructions for other necessary pre-reqs (does this require docker in some form?)
Environment:
Output of
grype-db version
:grype-db version
Application: grype-db
Version: 0.24.0
BuildDate: 2024-09-26T11:38:18Z
GitCommit: d8d1497
GitDescription: v0.24.0
Platform: linux/amd64
GoVersion: go1.23.1
Compiler: gc
OS (e.g:
cat /etc/os-release
or similar):No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2023.4
Codename: kali-rolling
The text was updated successfully, but these errors were encountered: