Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installation Instructions Do Not Work as Written #398

Open
wits-zach opened this issue Sep 27, 2024 · 7 comments
Open

Installation Instructions Do Not Work as Written #398

wits-zach opened this issue Sep 27, 2024 · 7 comments
Labels
bug Something isn't working documentation Improvements or additions to documentation

Comments

@wits-zach
Copy link

Please provide a set of steps on how to reproduce the issue

  1. Run the install command on recent Kali Linux

curl -sSfL https://raw.githubusercontent.com/anchore/grype-db/main/install.sh | sh -s -- -b /usr/local/bin

  1. Run grype-db -g, fails

└─# grype-db -g
[0000] INFO grype-db version: 0.24.0
[0000] ERROR 1 error occurred:
* unable to generate vunnel providers: unable to execute vunnel list: exec: "docker": executable file not found in $PATH

error: 1 error occurred:
* unable to generate vunnel providers: unable to execute vunnel list: exec: "docker": executable file not found in $PATH

What happened:

grype-db -g fails to generate a list of providers, throws an error asking for docker in $PATH

What you expected to happen:

grype-db to create a list of providers

Anything else we need to know?:

Please update instructions for other necessary pre-reqs (does this require docker in some form?)

Environment:

  • Output of grype-db version:
    grype-db version
    Application: grype-db
    Version: 0.24.0
    BuildDate: 2024-09-26T11:38:18Z
    GitCommit: d8d1497
    GitDescription: v0.24.0
    Platform: linux/amd64
    GoVersion: go1.23.1
    Compiler: gc

  • OS (e.g: cat /etc/os-release or similar):

No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2023.4
Codename: kali-rolling

@wits-zach wits-zach added the bug Something isn't working label Sep 27, 2024
@popey popey added the documentation Improvements or additions to documentation label Sep 27, 2024
@popey
Copy link
Contributor

popey commented Sep 27, 2024

Hi @wits-zach - thanks for the issue. You're right, it's not completely clear to a new user what steps are required to bootstrap things.

You're right, you may need docker, podman, or a locally installed copy of vunnel. I went for the latter and did the following on my laptop, which already has uv installed.

$ mkdir -p ./temp/data
$ cd ./temp
$ uv venv
Using CPython 3.10.15
Creating virtual environment at: .venv
Activate with: source .venv/bin/activate
$ source .venv/bin/activate
(temp) $ uv pip install vunnel
Resolved 39 packages in 1.71s
   Built untokenize==0.1.1
   Built ijson==2.6.1
   Built sqlalchemy==1.4.54
Prepared 30 packages in 3.64s
Installed 39 packages in 83ms
 + certifi==2024.8.30
 + charset-normalizer==3.3.2
 + click==8.1.7
 + click-default-group==1.2.4
 + colorlog==6.8.2
 + cvss==3.2
 + defusedxml==0.7.1
 + docformatter==1.5.0
 + exceptiongroup==1.2.2
 + idna==3.10
 + ijson==2.6.1
 + importlib-metadata==7.2.1
 + iniconfig==2.0.0
 + iso8601==2.1.0
 + jinja2==3.1.4
 + lxml==5.3.0
 + markupsafe==2.1.5
 + mashumaro==3.13.1
 + mergedeep==1.3.4
 + orjson==3.10.7
 + packaging==24.1
 + pluggy==1.5.0
 + pytest==8.3.3
 + pytest-snapshot==0.9.0
 + python-dateutil==2.9.0.post0
 + pyyaml==6.0.2
 + requests==2.32.3
 + six==1.16.0
 + sqlalchemy==1.4.54
 + tomli==2.0.1
 + toposort==1.10
 + typing-extensions==4.12.2
 + untokenize==0.1.1
 + urllib3==2.2.3
 + vunnel==0.27.0
 + xsdata==22.12
 + xxhash==3.5.0
 + zipp==3.20.2
 + zstandard==0.23.0
(temp) $ curl -sSfL https://raw.githubusercontent.com/anchore/grype-db/main/install.sh | sh -s -- -b .
[info] fetching release script for tag='v0.24.0'
[info] using release tag='v0.24.0' version='0.24.0' os='darwin' arch='arm64'
[info] installed ./grype-db
(temp) $  cat >.grype-db.yaml <<'EOT'
provider:
  vunnel:
    executor: local
EOT
(temp) $ ./grype-db -g
[0000]  INFO grype-db version: 0.24.0
[0002]  INFO aggregating vulnerability data providers=[nvd alpine amazon chainguard debian github mariner oracle rhel sles ubuntu wolfi]
[0002]  INFO running vulnerability provider provider=chainguard
[0002]  INFO running vulnerability provider provider=nvd
[0002]  INFO running vulnerability provider provider=amazon
[0002]  INFO running vulnerability provider provider=alpine
[0002]  INFO chainguard: running chainguard provider
[0002]  INFO nvd: running nvd provider
[0002]  INFO chainguard: downloading chainguard secdb https://packages.cgr.dev/chainguard/security.json
[0002]  INFO nvd: downloading all CVEs
[0002]  INFO amazon: running amazon provider
[0002]  INFO alpine: running alpine provider
[0002]  INFO amazon: downloading amazon security advisory from https://alas.aws.amazon.com/AL2/alas.rss
[0002]  INFO alpine: downloading alpine secdb metadata from: https://secdb.alpinelinux.org
[0002]  INFO alpine: Downloading secdb edge main

etc.

Just thought I'd provide that to get you going, in case you don't want to install docker or podman. You don't need uv, but could use plain old pip install but this keeps it all nicely isolated.

Hope that helps, and we'll get the documentation updated accordingly.

Thanks again for the issue.

@willmurphyscode
Copy link
Contributor

The action here is to update https://github.com/anchore/grype-db?tab=readme-ov-file#recommended to mention that grype-db doesn't do much without Vunnel, and explain that vunnel is run either in docker (which requires docker) directly as a python package, which requires that the python package be available and on PATH.

@smythp
Copy link

smythp commented Nov 5, 2024

Won't the GitHub provider fail without a token? Do you have instructions for that?

Edit: I'd asked about this earlier on #333. If I get it working I'll write up some instructions.

@popey
Copy link
Contributor

popey commented Nov 5, 2024

@smythp You're right, there's some API key requirements here, I suspect. A fresh pair of eyes on it would be very helpful,. Thank you.

@smythp
Copy link

smythp commented Nov 9, 2024

I've got a blog post coming out on this on dev.to on Tuesday, once that comes out I'll crib commands from it to update the README.

@popey
Copy link
Contributor

popey commented Nov 9, 2024

@smythp awesome! I love reading blog posts from users. Do feel free to post the link here - or share it in the General category on the Anchore Community Discourse to start a conversation. :)

@smythp
Copy link

smythp commented Nov 12, 2024

Thanks for the suggestion, @popey. The blog post is up and I posted in the general topic. Thanks for any feedback and hope it's a useful post for those digging into Grype's upstream provider utilities.

I'll look into doing a PR for the README using this material before the end of the week. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working documentation Improvements or additions to documentation
Projects
Status: Ready
Development

No branches or pull requests

4 participants