Currently, when trying to run the CLI dockerimage with the ScaResolver the run will fail, because the alpine image that is used for the ast-cli dockerimage is missing libraries that are required to run the ScaResolver.
The missing libraries are as follows (output from ldd)
ldd ScaResolver�[0;m
/lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libdl.so.2 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
Error loading shared library libgcc_s.so.1: No such file or directory (needed by ScaResolver)
libz.so.1 => /lib/libz.so.1 (0x7f8cdb232000)
libm.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
librt.so.1 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
Since the dockerimage is built to run as non root user these libraries cannot be added e. g. using apk..
E. g. if you try run this example, https://github.com/Checkmarx/ci-cd-integrations/blob/main/CxScaResolver/bitbucket-pipelines.yml
it will fail with an error like this:
Using SCA resolver: ./ScaResolver [offline -s ./ -n project-name -r /tmp/sca229206833.json --ignore-dev-dependencies true --log-level Debug]
2023/11/08 14:30:17
ScaResolver error: fork/exec ./ScaResolver: no such file or directory
If you look carefully you will notice that the github and azure examples use "ubuntu-latest" as the base image, which has the required libraries.
Currently, when trying to run the CLI dockerimage with the ScaResolver the run will fail, because the alpine image that is used for the ast-cli dockerimage is missing libraries that are required to run the ScaResolver.
The missing libraries are as follows (output from ldd)
ldd ScaResolver�[0;m
/lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libdl.so.2 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
Error loading shared library libgcc_s.so.1: No such file or directory (needed by ScaResolver)
libz.so.1 => /lib/libz.so.1 (0x7f8cdb232000)
libm.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
librt.so.1 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f8cdbd01000)
Since the dockerimage is built to run as non root user these libraries cannot be added e. g. using apk..
E. g. if you try run this example, https://github.com/Checkmarx/ci-cd-integrations/blob/main/CxScaResolver/bitbucket-pipelines.yml
it will fail with an error like this:
Using SCA resolver: ./ScaResolver [offline -s ./ -n project-name -r /tmp/sca229206833.json --ignore-dev-dependencies true --log-level Debug]
2023/11/08 14:30:17
ScaResolver error: fork/exec ./ScaResolver: no such file or directory
If you look carefully you will notice that the github and azure examples use "ubuntu-latest" as the base image, which has the required libraries.