Dependency Scanning via Gemnasium template - "ERROR: Could not find a version that satisfies the requirement"

SirSteel · December 8, 2021, 12:14am

Hello,

I have been trying to set up the dependency scanning for a Python project and have been struggling with some puzzling errors.

I always get this particular error in the debug:

ERROR: Could not find a version that satisfies the requirement …

The relevant bits of the .gitlab-ci.yml

include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml

gemnasium-python-dependency_scanning:
  stage: security
  variables:
    DS_PIP_DEPENDENCY_PATH: requirements.txt
    SECURE_LOG_LEVEL: debug
    DS_PYTHON_VERSION: 3.8.8
  script:
    - which python
    - python -V
    - which pip
    - pip -V
    - "/analyzer run"

I have tried many variations but the runner logs always return the same result:

$ which python
/usr/local/bin/python
$ python -V
Python 3.6.15
$ which pip
/usr/local/bin/pip
$ pip -V
pip 21.2.4 from /usr/local/lib/python3.6/site-packages/pip (python 3.6)
$ /analyzer run
[INFO] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ GitLab gemnasium-python analyzer v2.19.0
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ inspect directory: .
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ skip ignored directory: .git
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ skip excluded path: tests
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ electing pip for pypi because this is the first match
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ electing pip for pypi because this is the first match
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ skip other directories
[DEBU] [gemnasium-python] [2021-12-07T23:51:14Z] ▶ Exporting dependencies for /builds/project_path/requirements.txt
[DEBU] [gemnasium-python] [2021-12-07T23:51:15Z] ▶ /usr/local/bin/pip install --disable-pip-version-check --find-links requirements.txt --requirement requirements.txt --no-index
Looking in links: requirements.txt
ERROR: Could not find a version that satisfies the requirement altgraph==0.17.2 (from versions: none)
ERROR: No matching distribution found for altgraph==0.17.2
exit status 1

Already attempted things:

Setting and not setting the python version
Turning DS_REMEDIATE to false → both versions still show that the python version stays the same 3.6
cleaning up the requirements.txt → even numpy could not be found

Is it possible that the gemnasium simply does not support python 3.8?

I am using a self-manager GitLab, version: 14.4.2-ee, Runner version: 14.4.0

bgi · May 2, 2022, 2:32pm

Hi, have you found a solution for the problem?

My problem is that the gemnasium job doesn’t find the latest version of a package (waitress) .

ERROR: Could not find a version that satisfies the requirement waitress==2.1.1 (from versions: 0.1, ..., 2.0.0)`
ERROR: No matching distribution found for waitress==2.1.1

Topic		Replies	Views
Gemnasium Dependency Scanning for Python3.8+ DevSecOps ci , python	1	2248	March 23, 2022
Dependency scanning fails without details of the error or what is this expected key DevSecOps ci , maven , test , security	1	1821	November 5, 2019
Gemnasium-Python CI job: installing local python packages GitLab CI/CD ci , python	0	1189	April 8, 2022
Unable to pull python:3.10 image General	3	240	April 19, 2024
DependencyScanning - Maven + GitLab Package Repository DevSecOps maven	11	1813	November 3, 2023

Dependency Scanning via Gemnasium template - "ERROR: Could not find a version that satisfies the requirement"

Related topics