Newest Version of Grype Causing Failures
name: Bug Report
about: Create a report to help us improve- Version: 1.4.10
- Platform: Linux
Hoppr-Cop seems to be dependent on Grype version 0.86.1 - I tried running Hoppr-Cop with Grype v0.92.2 and got the following errors:
GrypeScanner generated an exception: 1 validation error for GrypeResult
descriptor -> db -> error
field required (type=value_error.missing)
╭───────────────────── Traceback (most recent call last) ──────────────────────╮
│ /usr/local/lib/python3.12/site-packages/hopprcop/combined/combined_scanner.p │
│ y:114 in _run_concurrently │
│ │
│ 111 │ │ for future in concurrent.futures.as_completed(futures): │
│ 112 │ │ │ scanner = type(futures[future]).__name__ │
│ 113 │ │ │ try: │
│ ❱ 114 │ │ │ │ result: ScanResultT = future.result() │
│ 115 │ │ │ │ results[scanner] = result │
│ 116 │ │ │ except Exception as exc: │
│ 117 │ │ │ │ rich.print(f"{scanner} generated an exception: {exc}") │
│ │
│ /usr/lib64/python3.12/concurrent/futures/_base.py:449 in result │
│ │
│ 446 │ │ │ │ if self._state in [CANCELLED, CANCELLED_AND_NOTIFIED]: │
│ 447 │ │ │ │ │ raise CancelledError() │
│ 448 │ │ │ │ elif self._state == FINISHED: │
│ ❱ 449 │ │ │ │ │ return self.__get_result() │
│ 450 │ │ │ │ │
│ 451 │ │ │ │ self._condition.wait(timeout) │
│ 452 │
│ │
│ /usr/lib64/python3.12/concurrent/futures/_base.py:401 in __get_result │
│ │
│ 398 │ def __get_result(self): │
│ 399 │ │ if self._exception: │
│ 400 │ │ │ try: │
│ ❱ 401 │ │ │ │ raise self._exception │
│ 402 │ │ │ finally: │
│ 403 │ │ │ │ # Break a reference cycle with the exception in self._ │
│ 404 │ │ │ │ self = None │
│ │
│ /usr/lib64/python3.12/concurrent/futures/thread.py:59 in run │
│ │
│ 56 │ │ │ return │
│ 57 │ │ │
│ 58 │ │ try: │
│ ❱ 59 │ │ │ result = self.fn(*self.args, **self.kwargs) │
│ 60 │ │ except BaseException as exc: │
│ 61 │ │ │ self.future.set_exception(exc) │
│ 62 │ │ │ # Break a reference cycle with the exception 'exc' │
│ │
│ /usr/local/lib/python3.12/site-packages/hopprcop/combined/combined_scanner.p │
│ y:173 in submit_to_scanner │
│ │
│ 170 │ │ """ │
│ 171 │ │ │
│ 172 │ │ def submit_to_scanner(scanner: VulnerabilitySuper) -> list[Vul │
│ ❱ 173 │ │ │ return scanner.get_vulnerabilities_for_sbom(bom) │
│ 174 │ │ │
│ 175 │ │ vuln_map: dict[str, list[Vulnerability]] = self._run_concurren │
│ 176 │ │ results: list[Vulnerability] = merge_scanner_vulnerabilities(v │
│ │
│ /usr/local/lib/python3.12/site-packages/hopprcop/grype/grype_scanner.py:139 │
│ in get_vulnerabilities_for_sbom │
│ │
│ 136 │ │ │ │ parsed_bom.metadata.tools = None │
│ 137 │ │ │ │
│ 138 │ │ │ stdout, stderr = process.communicate(input=(bytes(parsed_b │
│ ❱ 139 │ │ │ result = GrypeResult(**json.loads(stdout)) │
│ 140 │ │ │ │
│ 141 │ │ │ for match in [match for match in result.matches if match.a │
│ 142 │ │ │ │ match_purl = get_package_url(match.artifact.purl) │
│ │
│ in pydantic.main.BaseModel.__init__:347 │
╰──────────────────────────────────────────────────────────────────────────────╯
ValidationError: 1 validation error for GrypeResult
descriptor -> db -> error
field required (type=value_error.missing)
The above exception was the direct cause of the following exception:
╭───────────────────── Traceback (most recent call last) ──────────────────────╮
│ /usr/local/lib/python3.12/site-packages/hopprcop/combined/cli.py:228 in │
│ vulnerability_report │
│ │
│ 225 │ │ │ │ transient=True, │
│ 226 │ │ │ ) as progress: │
│ 227 │ │ │ │ progress.add_task(description="Fetching vulnerabilitie │
│ ❱ 228 │ │ │ │ results = combined.get_vulnerabilities_for_sbom(parsed │
│ 229 │ │ │ │
│ 230 │ │ │ reporting.generate_vulnerability_reports(formats, results, │
│ 231 │ except Exception as exc: │
│ │
│ /usr/local/lib/python3.12/site-packages/hopprcop/combined/combined_scanner.p │
│ y:175 in get_vulnerabilities_for_sbom │
│ │
│ 172 │ │ def submit_to_scanner(scanner: VulnerabilitySuper) -> list[Vul │
│ 173 │ │ │ return scanner.get_vulnerabilities_for_sbom(bom) │
│ 174 │ │ │
│ ❱ 175 │ │ vuln_map: dict[str, list[Vulnerability]] = self._run_concurren │
│ 176 │ │ results: list[Vulnerability] = merge_scanner_vulnerabilities(v │
│ 177 │ │ return self._apply_enhancements(results) │
│ 178 │
│ │
│ /usr/local/lib/python3.12/site-packages/hopprcop/combined/combined_scanner.p │
│ y:118 in _run_concurrently │
│ │
│ 115 │ │ │ │ results[scanner] = result │
│ 116 │ │ │ except Exception as exc: │
│ 117 │ │ │ │ rich.print(f"{scanner} generated an exception: {exc}") │
│ ❱ 118 │ │ │ │ raise ScannerError(exc) from exc │
│ 119 │ │ │
│ 120 │ │ return results │
│ 121 │
╰──────────────────────────────────────────────────────────────────────────────╯
ScannerError: 1 validation error for GrypeResult
descriptor -> db -> error
field required (type=value_error.missing)
unexpected error: 1 validation error for GrypeResult
descriptor -> db -> error
field required (type=value_error.missing)It also appears the renovate isn't picking up updates to Trivy or Grype in the Dockerfile. Dockerfile is currently using older versions of both tools. I would expect Trivy to be updated to v0.63.0 and Grype to be updated to v0.92.2.