Container Scanning no longer reports analyzer version
Summary
Version 3.0.0 of container scanning which was updated in Change base image from Alpine to CentOS no longer reports the analyzer version in the log output.
Steps to reproduce
$ docker run registry.gitlab.com/gitlab-org/security-products/analyzers/klar:3 /analyzer --version
[INFO] [klar] [2020-11-05T03:19:04Z] ▶ GitLab klar analyzer v
Incorrect Usage. flag provided but not defined: -version
[FATA] [klar] [2020-11-05T03:19:04Z] ▶ flag provided but not defined: -version
Example Project
Last working check analyzer version job:
Success: Analyzer binary version '3.0.0' matches CHANGELOG.md version '3.0.0'
Current check analyzer version job:
[INFO] [klar] [2020-11-04T18:18:33Z] ▶ GitLab klar analyzer v
[FATA] [klar] [2020-11-04T18:18:33Z] ▶ flag provided but not defined: -version
Warning: analyzer binary does not have a version configured. Please update the analyzer binary version to match the most recent version in CHANGELOG.md.
Note: the reason why the the above test results in a success status instead of a failure is because when originally implementing Add version check job, one of the concerns was:
If the
app.Version
value is not configured, for example gemnasium doesn't define this value, thenversion-check
will output a warning and return a 0 status code. This will allow us to immediately use thisversion-check
script in all analyzer projects without altering existing behaviour.
So the check analyzer version
job will only fail if the reported version doesn't match the one in the CHANGELOG.md
- it will not fail if no version is reported at all, which is the current bug behaviour.
What is the current bug behavior?
Container Scanning version value is not output:
docker run registry.gitlab.com/gitlab-org/security-products/analyzers/klar:3 /analyzer --version
[FATA] [klar] [2020-11-05T03:19:04Z] ▶ flag provided but not defined: -version
What is the expected correct behavior?
Container Scanning version value should be output:
docker run registry.gitlab.com/gitlab-org/security-products/analyzers/klar:2 /analyzer --version
analyzer version 2.6.0
[INFO] [klar] [2020-11-05T03:29:42Z] ▶ GitLab klar analyzer v2.6.0
Possible fixes
The script/build file sets the AnalyzerVersion
var from script/version which reads the version from the CHANGELOG.md
file, however, the CHANGELOG.md
file is not available, because **/*.md
has been added to the .dockerignore
file. The fix is to remove **/*.md
from .dockerignore
.
/cc @gonzoyumo @thiagocsf