The issue
The Horusec Docker image starting from version 2.8 is not working properly inside a DinD CI/CD like GitLab CI.
Debugging
Using this line:
docker version -f '{{json .}}' | jq
I have this output inside the CI:
{
"Client": {
"Platform": {
"Name": ""
},
"Version": "23.0.1",
"ApiVersion": "1.42",
"DefaultAPIVersion": "1.42",
"GitCommit": "a5ee5b1",
"GoVersion": "go1.19.5",
"Os": "linux",
"Arch": "amd64",
"BuildTime": "Thu Feb 9 19:45:43 2023",
"Context": "default"
},
"Server": {
"Platform": {
"Name": "Docker Engine - Community"
},
"Components": [
{
"Name": "Engine",
"Version": "23.0.1",
"Details": {
"ApiVersion": "1.42",
"Arch": "amd64",
"BuildTime": "Thu Feb 9 19:48:50 2023",
"Experimental": "false",
"GitCommit": "bc3805a",
"GoVersion": "go1.19.5",
"KernelVersion": "5.4.109+",
"MinAPIVersion": "1.12",
"Os": "linux"
}
},
{
"Name": "containerd",
"Version": "v1.6.16",
"Details": {
"GitCommit": "31aa4358a36870b21a992d3ad2bef29e1d693bec"
}
},
{
"Name": "runc",
"Version": "1.1.4",
"Details": {
"GitCommit": "v1.1.4-0-g5fd4c4d"
}
},
{
"Name": "docker-init",
"Version": "0.19.0",
"Details": {
"GitCommit": "de40ad0"
}
}
],
"Version": "23.0.1",
"ApiVersion": "1.42",
"MinAPIVersion": "1.12",
"GitCommit": "bc3805a",
"GoVersion": "go1.19.5",
"Os": "linux",
"Arch": "amd64",
"KernelVersion": "5.4.109+",
"BuildTime": "2023-02-09T19:48:50.000000000+00:00"
}
}
Using this command here:
docker run \
-v "$(pwd):$CONTAINER_PATH" \
-v /var/run/docker.sock:/var/run/docker.sock \
horuszup/horusec-cli:XPTO horusec start \
-p "$CONTAINER_PATH" -P "$(pwd)" --config-file-path "$CONTAINER_PATH/custom.json" -O "$fileName"
- When
XPTOisv2.8(OUTPUT NOT EXPECTED):
Digest: sha256:829fce13916bfd1d61103be1e927d98f1ffbdfc4e78192b1fc1c1f8a4054e347
Status: Downloaded newer image for horuszup/horusec-cli:v2.8
time="2023-02-21T14:57:36Z" level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3
Error: docker not found. Please check and try again
Usage:
horusec start [flags]
- When
XPTOisv2.7:
Digest: sha256:a2624618794abc503caac80dc213a35bfc51046bf80ff3248b4949808e83184c
Status: Downloaded newer image for horuszup/horusec-cli:v2.7
==================================================================================
time="2023-02-21T14:55:38Z" level=warning msg="{HORUSEC_CLI} No authorization token was found, your code it is not going to be sent to horusec. Please enter a token with the -a flag to configure and save your analysis"
time="2023-02-21T14:55:38Z" level=warning msg="{HORUSEC_CLI} XX VULNERABILITIES WERE FOUND IN YOUR CODE SENT TO HORUSEC, TO SEE MORE DETAILS USE THE LOG LEVEL AS DEBUG AND TRY AGAIN"
Error: analysis finished with blocking vulnerabilities
My environment
- GitLab CI/CD
Running with gitlab-runner 15.9.0~beta.115.g598a7c91 (598a7c91)
on blue-1.shared.runners-manager.gitlab.com/default j1aLDqxS, system ID: s_b437a71a38f9
Preparing the "docker+machine" executor
Using Docker executor with image docker:23.0 ...
Starting service docker:dind ...
Pulling docker image docker:dind ...
Using docker image sha256:cd27a71ea4555b
- Docker in Docker
- Horusec official Docker image
Note: this is working perfectly in my environment:
OS: Kali Linux (on the Windows Subsystem for Linux)
Kernel: x86_64 Linux 5.15.79.1-microsoft-standard-WSL2
References
- Latest Horusec image here.
- The piece of code where I think the issue is.
- The Docker client used by Horusec code.
- A similar issue happened here.
