Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secure Supply Chain Analysis (DockerFile Analysis) times out in case of invalid Docker Image Path #696

Open
Mkk-VMS opened this issue Jan 8, 2024 · 0 comments

Comments

@Mkk-VMS
Copy link

Mkk-VMS commented Jan 8, 2024

Secure Supply Chain Analysis timed out when performing DockerFile Analysis. After further investigation, one of my Dockerfiles was invalid.

Reproduce the timeout, docker file with double :: before the tag
FROM ACR/registry::tag

Expectation: Scan failure with error noting invalid DockerFile
Actual: Scan failure due to time out

2024-01-08T18:30:22.3594023Z ##[section]Starting: Secure Supply Chain Analysis (auto-injected by policy)
2024-01-08T18:30:22.3598894Z ==============================================================================
2024-01-08T18:30:22.3599056Z Task : Secure Supply Chain Analysis
2024-01-08T18:30:22.3599167Z Description : A task to scan for vulnerabilities in your software supply chain. Formerly "NuGet Security Analysis".
2024-01-08T18:30:22.3599309Z Version : 0.2.195
2024-01-08T18:30:22.3599384Z Author : Microsoft Corporation
2024-01-08T18:30:22.3599499Z Help : See https://aka.ms/sscatask for more information.
2024-01-08T18:30:22.3599594Z ==============================================================================
2024-01-08T18:30:23.3354961Z Telemetry ID: d74b4973-8030-401a-bd0e-235a58fd7660
2024-01-08T18:30:23.3355273Z For more information please visit: https://aka.ms/sscatask
2024-01-08T18:30:23.3389456Z > Starting Multifeed Nuget Security Analysis:
2024-01-08T18:30:23.3950660Z > Starting Multifeed Corext Analysis:
2024-01-08T18:30:23.4023442Z > Starting Multifeed Python Security Analysis:
2024-01-08T18:30:23.5020283Z > Starting CFS NuGet Analysis:
2024-01-08T18:30:23.5652895Z > Starting CFS NPM Analysis:
2024-01-08T18:30:23.6032703Z > Starting CFS Maven Analysis:
2024-01-08T18:30:23.6129092Z > Starting CFS Cargo Analysis:
2024-01-08T18:30:23.6348615Z > Starting CFS CoreXT Analysis:
2024-01-08T18:30:23.6449287Z > Starting CFS CDPx Analysis:
2024-01-08T18:30:23.6544452Z > Starting DockerFile Analysis:
2024-01-08T18:35:22.3693729Z ##[error]The task has timed out.
2024-01-08T18:35:22.3704732Z ##[section]Finishing: Secure Supply Chain Analysis (auto-injected by policy)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant