Environment

Aqua CSP => 4.5, Docker, harbor-scanner-aqua

Deployment Task

Note: At the time of publication, the latest available version of the scannercli binary is 4.5.19357 and the harbor-scanner-aqua version is 0.1.1.  Deployment steps could differ in component versions as described below.

The provided scannercli binary version embedded during the Aqua Harbor adapter build process could be older than the latest minor release of Aqua CSP.

Using an older version of the scannercli binary compared to the running Aqua console could cause some errors which might prevent the scan from terminating successfully.


ERROR Error when trying to parse Full-Size value from /saveScanResults request{error 25 0 strconv.ParseInt: parsing "": invalid syntax}

We are going to patch the Aqua Harbor adapter with the latest scannercli version available.


Deployment Steps


Patch the Image


1. Check if the current scannercli version is different than the deployed Aqua console.

scannercli version 4.5.19304, compiled Oct 31 2019 10:49:47

2. Create a directory for the build context:

mkdir scanner-adapter-patched && cd scanner-adapter-patched


3. Get the latest available scannercli binary.

wget --user your.account@aquasec.com --ask-password https://download.aquasec.com/scanner/4.5.0/scannercli -O scannercli-latest


4.  Add the execute mode bit to the scannercli binary file and check its version.

chmod 764 scannercli-latest

./scannercli-latest version

scannercli version 4.5.19357, compiled Dec 23 2019 13:04:55

n.b. if the version of the available scannercli is behind the one of the running Aqua console and you are still having problems using the adapter, please contact the Aqua support team.

5. Build the patched image.

vim Dockerfile

FROM docker.io/aquasec/harbor-scanner-aqua:0.1.1

COPY scannercli-latest /usr/local/bin/scannercli

(sudo) docker build -t aquasec/harbor-scanner-aqua:0.1.1-patch .

6. Use the patched image e.g., as a Docker container.

sudo docker container run -d --network same_as_harbor_network \

 --rm --name harbor-scanner-aqua \
 -u root:root -p 8080:8080 -e SCANNER_LOG_LEVEL=debug \
 -e SCANNER_AQUA_USER=harbor-scanner -e SCANNER_AQUA_PASSWORD=your_pass \
 -e SCANNER_AQUA_HOST=http://aqua-console:port \
 -e SCANNER_STORE_REDIS_URL=redis://redis_ip:port \
 aquasec/harbor-scanner-aqua:0.1.1-patch


Rebuild the harbor-scanner-aqua adapter
 

1. Backup the project directory

mv harbor-scanner-aqua harbor-scanner-aqua.bak

2. Get a new clone of the project

git clone https://github.com/aquasecurity/harbor-scanner-aqua.git

3. Get the latest scannercli binary

cd harbor-scanner-aqua

wget --user your.account@aquasec.com --ask-password https://download.aquasec.com/scanner/4.5.0/scannercli -O scannercli

4. Check the scannercli binary version

./scannercli version

scannercli version 4.5.19357, compiled Dec 23 2019 13:04:55


5. Run make to compile the binary in the scanner-adapter

make

6. Build into a Docker container

make container

Related information

End of Life

This article is valid until a way to provide the corresponding scannercli version to the Aqua console will be available for the harbor-scanner-aqua plugin.