`cnquery scan mock` not able to resolve services #4330

mm-weber · 2024-07-10T19:18:13Z

When running

cnspec scan mock --discover all --use-recording ./fail-rec.json -o full -f ./redhat-test-7.mql.yaml

all check that use the

! Error: Ensure dhcp server services are not in use
Message: 1 error occurred:
* rpc error: code = Unknown desc = could not retrieve service list

! Error: Ensure ip6tables is enabled and active
Message: 1 error occurred:
* rpc error: code = Unknown desc = could not retrieve service list

The text was updated successfully, but these errors were encountered:

mm-weber · 2024-07-10T19:24:02Z

Also, all checks using some sort of package("sudo").installed-type checks will all return fail, even if the recording.

mm-weber · 2024-10-17T12:33:46Z

Also, this cnspec scan k8s --use-recording certifications/aks-1.5.0/pass-k8s.json -f policies/azure-aks.mql.yaml yields:

mm-weber · 2024-10-17T13:14:28Z

In short:

Make the --use-recording switch work reliably across all providers
Show the exact syntax needed for each provider.
Also make sure the --use-recording switch does not try to connect to the online asset, but only connects to the recording.json file offline.

mm-weber added the bug Something isn't working label Jul 10, 2024

mm-weber mentioned this issue Dec 16, 2024

🐛 Issues with the --use-recording switch and cnspec mock mondoohq/cnspec#1297

Open

Provide feedback