[Bug/Feature Request]: Fails to run using Rancher Desktop - Rancher Desktop Support?

[syserr0r]

Python Version

n/a

Checkov Installation Method

docker

CheckovPrismaless Version

1.0.107

VSCode Version

1.93.1

Operating System

Windows 10

Description of the Bug

CheckovPrismaless fails to run the docker command - every file save where Checkov would be called results in a "Any troubles? We can help you figure out what happened" notification.

Enabling debugging and looking at the logs I can see CheckovPrismaless does not correctly get the version from docker, see the following output when calling the "Install or Update" command:

[info]: Trying to install Checkov using Docker. 
[debug]: Testing docker installation with command: docker pull bridgecrew/checkov:latest 
[info]: Checkov installed successfully using Docker. {"checkovPath":"docker"}
[info]: Checkov installation:  {"checkovInstallationMethod":"docker","checkovPath":"docker"}
[debug]: Version command: docker run --rm bridgecrew/checkov:latest -v 
[debug]: Response from version command:  
[debug]: Previously installed checkov version matches the newly installed one 

When CheckovPrismaless then tries to run it attempts to docker run with the previously found empty version string, resulting in trying to run the image bridgecrew/checkov: which is invalid, this can be seen as follows:

[debug]: Getting cached results for hash 36cdc7e38193da3bec85a6b5240412ec 
[debug]: Today: 1727305200000 
[debug]: Cache date: 1727305200000 
[debug]: Cache date (1727305200000) is not stale 
[debug]: useCache is true, but did not find cached results for file: /path/to/project/file.py, hash: 36cdc7e38193da3bec85a6b5240412ec 
[debug]: Getting cached results for hash 36cdc7e38193da3bec85a6b5240412ec 
[debug]: Today: 1727305200000 
[debug]: Cache date: 1727305200000 
[debug]: Cache date (1727305200000) is not stale 
[debug]: useCache is true, but did not find cached results for file: /path/to/project/file.py, hash: 36cdc7e38193da3bec85a6b5240412ec 
[info]: Starting to scan. 
[debug]: Output:
origin	[email protected]:project/project.git (fetch)
origin	[email protected]:project/project.git (push)
 
[info]: repo [email protected]:project/project.git 
[info]: repo nameproject/project 
[info]: Running checkov: 
[info]: docker run --rm --tty --name vscode-checkov-1727358015878 --env LOG_LEVEL=DEBUG --env BC_SOURCE=vscode --env BC_SOURCE_VERSION=unknown -v "/path/to/project:/checkovScan" -w /checkovScan bridgecrew/checkov: -f "file.py" -s --repo-id project/project --skip-check BC_LIC* -o json 
[warn]: Checkov stderr: docker: invalid reference format.
See 'docker run --help'.
 
[debug]: Checkov scan process exited with code 125 
[debug]: Checkov task output: {"stdout":""}
[error]: Error occurred while running a checkov scan {"error":"Checkov exited with code 125"}
[info]: Cancellation token invoked, aborting checkov run. 
[debug]: Getting cached results for hash 36cdc7e38193da3bec85a6b5240412ec 
[debug]: Today: 1727305200000 
[debug]: Cache date: 1727305200000 
[debug]: Cache date (1727305200000) is not stale 
[debug]: useCache is true, but did not find cached results for file: /path/to/project/file.py, hash: 36cdc7e38193da3bec85a6b5240412ec 
[info]: not deleting container vscode-checkov-1727358015878 as it was already removed 
[info]: Starting to scan. 
[debug]: Output:
origin	[email protected]:project/project.git (fetch)
origin	[email protected]:project/project.git (push)
 
[info]: repo [email protected]:project/project.git 
[info]: repo nameproject/project 
[info]: Running checkov: 
[info]: docker run --rm --tty --name vscode-checkov-1727358018440 --env LOG_LEVEL=DEBUG --env BC_SOURCE=vscode --env BC_SOURCE_VERSION=unknown -v "/home/tony/git-dev/project/project:/checkovScan" -w /checkovScan bridgecrew/checkov: -f "file.py" -s --repo-id project/project --skip-check BC_LIC* -o json 
[warn]: Checkov stderr: docker: invalid reference format.
See 'docker run --help'.
 
[debug]: Checkov scan process exited with code 125 
[debug]: Checkov task output: {"stdout":""}
[error]: Error occurred while running a checkov scan {"error":"Checkov exited with code 125"}
[info]: Cancellation token invoked, aborting checkov run. 
[info]: not deleting container vscode-checkov-1727358018440 as it was already removed 

Running the command manually in the WSL2 terminal we can see no output:

user@debian:~$ docker run --rm bridgecrew/checkov:latest -v
user@debian:~$

Re-running the command with the -it flags gives us the correct output:

user@debian:~$ docker run --rm -it bridgecrew/checkov:latest -v
3.2.255

Running both commands on a linux VM with docker installed we can see they both output the version string (so no adverse affects to adding the -it flag and explains why it would work with docker):

root@debian-vm:~# docker run --rm -it bridgecrew/checkov:latest -v
3.2.255
root@debian-vm:~# docker run --rm bridgecrew/checkov:latest -v
3.2.255

Steps to Reproduce

• Install WSL2
• Install Rancher Desktop
• Install Debian WSL2 distro
• Enable WSL2 integration in Rancher Desktop settings
• Install VSCode with CheckovPrismaless and WSL support extensions
• Open VSCode using a project from WSL
• Observe "Any troubles? We can help you figure out what happened" notifications on every save and failures in logs

[syserr0r]

For reference this appears to be caused by this upstream issue: rancher-sandbox/rancher-desktop#3239

[XargsUK]

Thanks for flagging this @syserr0r, and for the details reproduction steps!

I was able to replicate the issue you reported, and found that there were two areas that needed adjusting. First of all, I replaced the --tty argument with --interactive, which allowed for the version to be returned when using Rancher Desktop. I added the same flag through to the is passed through in the runVersionCommand in src/utils.ts.

Please could you let me know if this resolves it for you?

• Clone this repo in your WSL environment
• Switch branch: git switch fix-docker-version
• Perform a npm install . in the project root
• Open VSCode (usually code .)
• Press F5, which should open an extension development host.

If so, I'll perform a bit more testing in some different environments, but should be able to get this pushed out asap.

Thanks again!

From there, you can open a repo with something supported by Checkov, and see if you get any errors.

Edit: In testing for myself, --tty/-t was not required, and actually created some noise

[syserr0r]

Sorry for the delay in getting back to you, it has been kinda hectic around here 😅

I wasn't sure which version of node/npm to use, so I used the latest lts (node v20.18.0/npm v10.8.2).

Pressing F5 launches a new VSCode window and presents the following error pop-up:
Activating extension 'XargsUK.checkov-prismaless' failed: Cannot find module '/home/tony/git-dev/checkov-prismaless-vscode/out/extension.js' Require stack: - /home/tony/.vscode-server/bin/d78a74bcdfad14d5d3b1b782f87255d802b57511/out/vs/workbench/api/node/extensionHostProcess.js

Attempting to troubleshoot further:

• There is no out folder in the project directory.
• Running npm install . or npm ci has no effect.
• Running the task watch fails with: /bin/bash: line 1: npm: command not found
• Running npm watch in the project root appears to have generated a the out folder - debugging now appears to work 🎉

The logs from checkov.log look promising:

[info]: Starting Checkov Extension. {"extensionVersion":"unknown","vscodeVersion":"1.94.0"}
[info]: Trying to install Checkov using Docker. 
[debug]: Testing docker installation with command: docker pull bridgecrew/checkov:latest 
[info]: Checkov installed successfully using Docker. {"checkovPath":"docker"}
[info]: Checkov installation:  {"checkovInstallationMethod":"docker","checkovPath":"docker"}
[debug]: Version command: docker run --rm --interactive bridgecrew/checkov:latest -v 
[debug]: Response from version command: 3.2.256
 
[info]: Previously installed checkov version does not match the newly installed one. Clearing results cache. 
[debug]: Clearing results cache 

Restarting debugging (F5) for the extension, opening a test python file and running a checkov scan results in this from checkov.log:

[info]: Starting Checkov Extension. {"extensionVersion":"unknown","vscodeVersion":"1.94.0"}
[info]: Trying to install Checkov using Docker. 
[debug]: Testing docker installation with command: docker pull bridgecrew/checkov:latest 
[info]: Checkov installed successfully using Docker. {"checkovPath":"docker"}
[info]: Checkov installation:  {"checkovInstallationMethod":"docker","checkovPath":"docker"}
[debug]: Version command: docker run --rm --interactive bridgecrew/checkov:latest -v 
[debug]: Response from version command: 3.2.256
 
[debug]: Previously installed checkov version matches the newly installed one 
[debug]: Getting cached results for hash aea9850e2f06743611f47335625397d0 
[debug]: Today: 1728428400000 
[debug]: Cache date: 1728428400000 
[debug]: Cache date (1728428400000) is not stale 
[debug]: Found cached results for file: /home/tony/test.py, hash: aea9850e2f06743611f47335625397d0 
[debug]: Saving results for file /home/tony/test.py (hash: aea9850e2f06743611f47335625397d0) 
[debug]: Today: 1728428400000 
[debug]: Cache date: 1728428400000 
[debug]: Cache date (1728428400000) is not stale 
[debug]: Cache for file /home/tony/test.py already has an entry for hash aea9850e2f06743611f47335625397d0 
[debug]: Getting cached results for hash aea9850e2f06743611f47335625397d0 
[debug]: Today: 1728428400000 
[debug]: Cache date: 1728428400000 
[debug]: Cache date (1728428400000) is not stale 
[debug]: Found cached results for file: /home/tony/test.py, hash: aea9850e2f06743611f47335625397d0 
[debug]: Saving results for file /home/tony/test.py (hash: aea9850e2f06743611f47335625397d0) 
[debug]: Today: 1728428400000 
[debug]: Cache date: 1728428400000 
[debug]: Cache date (1728428400000) is not stale 
[debug]: Cache for file /home/tony/test.py already has an entry for hash aea9850e2f06743611f47335625397d0 
[debug]: Getting cached results for hash aea9850e2f06743611f47335625397d0 
[debug]: Today: 1728428400000 
[debug]: Cache date: 1728428400000 
[debug]: Cache date (1728428400000) is not stale 
[debug]: Found cached results for file: /home/tony/test.py, hash: aea9850e2f06743611f47335625397d0 
[debug]: Saving results for file /home/tony/test.py (hash: aea9850e2f06743611f47335625397d0) 
[debug]: Today: 1728428400000 
[debug]: Cache date: 1728428400000 
[debug]: Cache date (1728428400000) is not stale 
[debug]: Cache for file /home/tony/test.py already has an entry for hash aea9850e2f06743611f47335625397d0 

Looks good to me 👍

[syserr0r]

@XargsUK any news on when the fix for this might be published? Is there a blocker I can help with?

[XargsUK]

Going to be releasing this now 👍🏼 Been testing over the past couple of weeks, happy with it.