Describe the bug I'm scanning RH 7.7 machines with the Bare-Metal / Docker container configuration. I get results back for application code Java, Python, etc. But nothing about the RPMs and packages installed.

To Reproduce Steps to reproduce the behavior:

1. Install RH 7.7 - Might be tricky to find the ISO....

2. Docker Won't install on RH 7.7 so you'll need to add some Centos packages sudo yum -y install http://mirror.centos.org/centos/7/extras/x86_64/Packages/container-selinux-2.107-3.el7.noarch.rpm --nogpgcheck sudo yum -y install http://mirror.centos.org/centos/7/extras/x86_64/Packages/slirp4netns-0.4.3-4.el7_8.x86_64.rpm --nogpgcheck sudo yum -y install http://mirror.centos.org/centos/7/extras/x86_64/Packages/fuse3-libs-3.6.1-4.el7.x86_64.rpm --nogpgcheck sudo yum -y install http://mirror.centos.org/centos/7/extras/x86_64/Packages/fuse-overlayfs-0.7.2-6.el7_8.x86_64.rpm --nogpgcheck sudo yum -y install docker-ce docker-ce-cli containerd.io

3. Then start docker and run the Sensor Agent as per the documentation.

4. Run a scan with all options enabled.

Expected behavior I'd expect to see details of the RPMs with CVEs that need updating.

Components/Services affected

• [ ] UI/Frontend
• [ ] API/Backend
• [ X] Agent
• [ ] Deployment/YAMLs
• [ ] CI/CD Integration
• [ ] Other (specify)

Additional context Both the Agent and Management Console are running as virtual machines (Oracle Virtual Box) on my laptop. I wanted to do a scan of RH 7.7 before updating to RH 7.9 to see how many CVEs get fixed, and how many remain.

Hi,

I've setup the management console on an AWS instance using the repository instructions. I've registered an account and accessed the console but I can't navigate to any other pages (registries, vulnerabilities, settings etc.). It seems to be in a loop of 'resuming the live state' and is stuck 'Optimizing hosts'.

I've given it over 60 minutes as the readme mentioned, but there's been no change.

I can't find any obvious problems looking through the various container logs. I wondered if someone here could offer any guidance?

Maybe this isn't really a bug, but maybe an configuration or compatibility issue. The sensor must be install on external chip set devices they are in a network comparison. Basic for this is armV7.

The package installation in dependencies was installing docker.io on armv7. Which image or where can find the armV7 deploy image for ?

1. try to deploy the deepfence_agent_ce:latest on armv7 with following script
2. See error

docker run -dit --cpus=".2" --name=deepfence-agent --restart on-failure --pid=host --net=host \ --privileged=true -v /sys/kernel/debug:/sys/kernel/debug:rw -v /var/log/fenced \ -v /var/run/docker.sock:/var/run/docker.sock -v /:/fenced/mnt/host/:ro \ -e USER_DEFINED_TAGS="" -e MGMT_CONSOLE_URL="XXX.XXX.XXX.XXX" -e MGMT_CONSOLE_PORT="443" \ -e DEEPFENCE_KEY="API-KEY" \ deepfenceio/deepfence_agent_ce:latest Result: WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm/v7) and no specific platform was requested Components/Services affected

• [ ] UI/Frontend
• [ ] API/Backend
• [x] Agent
• [ ] Deployment/YAMLs
• [ ] CI/CD Integration
• [ ] Other (specify)

Dear team,

I would like to ask you about the following error I have.

The error happens after a zero installation by downloading the docker-compose file and running it.

I only modify in it the default port since I have in use the 443, but after that everything is the same.

The docker runs correctly but when I try to enter the port I get the following message in the browser: "secure connection failed" "PR_END_OF_FILE_ERRROR".

It doesn't seem to be a browser problem since I validated it with several ...

I run the command docker ps -a and I see that there is an instance with an error.

Error :

5f182a2d1de5 deepfenceio/deepfence_init_ce:1.4.1 "/usr/local/bin/entr…" 2 hours ago Exited (0) 2 seconds ago df-init-container

I really don't know what I could do... the instance has the capability to support docker and is on AWS EC2 which I understand is compatible with this solution.

thanks,

Describe the bug: Cannot upload the vulnerability database.

To Reproduce: Steps to reproduce the behavior:

1. Go to Settings > Vulnerability & Secret Management
2. Upload the vulnerability database with tar.gz file
3. Check Network tab on browser, it shows POST 404 Not Found with this URL: https://address/undefined/df-api/upload-vulnerability-db

Screenshots:

Additional context: Deepfence: 1.4.0

Describe the bug Threat mapper downloaded from git URL, performed steps to run management console on local server but console does not show up on the local IP address and given PORT.

To Reproduce Steps to reproduce the behavior:

1. Go to 'https://github.com/deepfence/ThreatMapper'
2. Clone the repo.
3. Follow steps give on: https://github.com/deepfence/ThreatMapper/wiki/Building-Console-and-Sensors-from-Source to run Threat Mapper Management Console on local server.
4. Check if Threat Mapper Management Console came up on given IP and PORT.

Expected behavior Threat Mapper Management Console should come up on given IP and PORT.

Screenshots Attaching a PDF in comments section for detailed explanation and to show successful configuration steps.

Components/Services affected

Additional context OS Details: Ubuntu 20.04.4 LTS (64-bit) CPU/RAM/SSD: Intel Core i7 / 32 GB RAM / 512 GB SSD

Unable to run vulnerability scans on management console node and registries. Vulnerability scans start but hang after a while with error "Scan was interrupted". There is no info in the docker-compose logs to investigate or viewable logs from the console itself.

Thanks for providing this tool!

Describe the bug When trying to generate a PDF report with vulnerabilities a PDF with the text "No vulnerabilities found for the applied filters" is always generated. Switching to the XLSX format returns thousands.

To Reproduce Steps to reproduce the behavior:

1. Go to 'Integrations > Reports / PDF/XLSX'
2. Select 'Vulnerabilities', 'container image', 'last 1 day' and PDF format.
3. Click Download.
4. Wait until report is generated and download it (a file without vulnerabilities is generated).
5. Switch to XLSX download type and click Download.
6. A XLSX file with thousand of vulnerabilities is shown.

Expected behavior I expected that the only difference would be the file format. The list of vulnerabilities should be the same.

Screenshots Filter settings and "Filters used" - Note the differences here.

Extract from XLSX:

PDF file downloaded:

Components/Services affected

Making a best effort guess here.

• [X] UI/Frontend
• [X] API/Backend
• [ ] Agent
• [ ] Deployment/YAMLs
• [ ] CI/CD Integration
• [ ] Other (specify)

I hope the above helps with tracking down the issue. Since the Filters Used are different depending on file format, I suspect the issue might lay there.

Thanks

Describe the bug I started with the getting started page with docker-compose. After starting the services, I can enter the portal and click on "Register". After I filled the form, I got the error "Console URL is not valid"

To Reproduce Steps to reproduce the behavior:

1. Go to this page: https://github.com/deepfence/ThreatMapper/wiki/Installing-the-Management-Console
2. Follow instruction in section: "Install the ThreatMapper Management Console - Single Docker Host"
3. Go to web-portal "https://localhost/"
4. Click on register
5. Enter your details
6. Click on button to submit form
7. Got the error "Console URL is not valid"

Expected behavior Registration should be successfull to be able to login into the web-ui.

Screenshots

Components/Services affected

• [X] UI/Frontend
• [X] API/Backend
• [ ] Agent
• [ ] Deployment/YAMLs
• [ ] CI/CD Integration
• [ ] Other (specify)

Additional context None

Provided the docer-compose.yml file, when executing the following command:

docker-compose -f docker-compose.yml up -d

I am unable to browse to the management console as not all containers are started, specifically the deepfence-es-master container which presents the following errors:

Exception in thread "main" java.lang.RuntimeException: starting java failed with [137]
output:

error:
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
	at org.elasticsearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:123)
	at org.elasticsearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:88)
	at org.elasticsearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:59)
	at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:95)

Would appreciate any guidance.

1. Setup a K8s cluster. Install management console on it.
2. Connect a regular vm agent. In this setup there is just one fsharp docker container running on the vm.
3. Scan both the fsharp container and the vm. Both scans run forever.

As part of the ongoing effort to integrate with neo4j graph (https://github.com/deepfence/ThreatMapper/issues/692) we are adding a new CLI to allow headless interaction with the console.

• [x] Topology API
• [x] Threat API
• [x] Authentication
• [x] User API
  • [ ] Login API
  • [x] APIToken
  • [x] Register
• [x] Scan API
  • [x] Secret scan
  • [ ] Compliance scan
  • [ ] Malware scan
  • [ ] Cloud scan
• [ ] Ingesters API

• We currently provide an API that helps diffing (new vulnerabilities, fixed vulnerabilities, etc) between any two given scan IDs on any node (container images or a host). This feature should be provided in UI.
• API exists for vulnerability scan, required for secret scan
• https://deepfence.github.io/deepfence_runtime_api/#operation--deepfence-v1.5-vulnerability_scan_diff-get

Describe the bug When the kubernetes sensor agent pods run on ARM64 (graviton2) worker nodes they crash with this error: exec /usr/local/bin/start_services: exec format error

To Reproduce Steps to reproduce the behavior:

1. Deploy https://github.com/deepfence/ThreatMapper/tree/master/deployment-scripts/helm-charts/deepfence-agent to a k8s cluster that is running ARM worker nodes.
2. Pods from the daemonset that try to run on ARM nodes error out: exec /usr/local/bin/start_services: exec format error

• [ ] UI/Frontend
• [ ] API/Backend
• [x] Agent
• [ ] Deployment/YAMLs
• [ ] CI/CD Integration
• [ ] Other (specify)

merge vulnerability mapper from ThreatMapper to package-scanner making it easier to run vulnerability scans using syft and grype from a single place

add option to run only sbom generation(syft) on agent and run grype on threatmapper console using command line flags

Describe the bug My top level domain is engineering ex; xxx.xxx.engineering since engineering is a large alphabet, the console URL is not accepting it

Describe the bug Earlier we used to have a filter called 'severity' in notification, which helped to filter only selected severity vuln. to be pushed as notification to slack, teams, etc. It's not present now.

Screenshots

Components/Services affected

• [x] UI/Frontend
• [ ] API/Backend
• [ ] Agent
• [ ] Deployment/YAMLs
• [ ] CI/CD Integration
• [ ] Other (specify)

Additional context Add any other context about the problem here.