error without docker and with docker today

[johnfelipe]

root@template:~/horusec# horusec version
Version:          v2.8.0
Git commit:       df32c1ce03d2de748cecb76cff383f2851e198c3
Built:            Wed Jun 08 13:57:08 2022
Distribution:     normal
root@template:~/horusec# cd
root@template:~# cd DXC.Angular15.Template.Front/
root@template:~/DXC.Angular15.Template.Front# horusec start -p .
WARN[0000] {HORUSEC_CLI} Config file not found
ERRO[0000] {HORUSEC_CLI} Your docker version is below of:   error=19.3
Error: docker not found. Please check and try again
Usage:
  horusec start [flags]

Examples:
horusec start

Flags:
  -t, --analysis-timeout int                 The timeout threshold for the Horusec CLI wait for the analysis to complete. The minimum time is 10 (default 600)
  -a, --authorization string                 Authorization token to use on Horusec server. Read more: https://docs.horusec.io/docs/tutorials/how-to-create-an-authorization-token (default "00000000-0000-0000-0000-000000000000")
  -C, --certificate-path string              Path to certificate of authority. Example -C="example/ca.crt"
  -P, --container-bind-project-path string   Project path in host to be used on Docker when running Horusec inside a container
  -c, --custom-rules-path string             Path with custom rules that should be used by Horusec engine
  -D, --disable-docker                       Run Horusec without docker. If enabled it will only run the following tools: horusec-csharp, horusec-kotlin, horusec-java, horusec-kubernetes, horusec-leaks, horusec-javascript, horusec-dart, horusec-nginx
  -G, --enable-commit-author                 Enable to search commit author of vulnerabilities
	  --enable-git-history                   Run Gitleaks and search for vulnerabilities in all git history of the project https://github.com/zricethezav/gitleaks
  -w, --enable-owasp-dependency-check        Run Owasp Dependency Check tool https://github.com/jeremylong/DependencyCheck
  -j, --enable-shellcheck                    Run ShellCheck tool https://github.com/koalaman/shellcheck
  -F, --false-positive strings               Ignore a vulnerability by hash and set it to be false positive. Example -F="hash1, hash2"
	  --headers stringToString               Custom headers to send on request to Horusec API. Example --headers='{"X-Auth-Service": "value"}' (default [])
  -h, --help                                 help for start
  -u, --horusec-url string                   The Horusec server address to send analysis results (default "http://0.0.0.0:8000")
  -i, --ignore strings                       Paths to ignore in the analysis. Example: -i="/path/to/ignore, **/*_test.go, **/assets/**" (default [*tmp*,**/.vscode/**])
  -s, --ignore-severity strings              The level of vulnerabilities to ignore in the output ("LOW"|"MEDIUM"|"HIGH"). Example: -s="LOW, HIGH" (default [INFO])
  -I, --information-severity                 Enable information severity vulnerabilities. Information vulnerabilities can contain a lot of false positives
  -S, --insecure-skip-verify                 Disable the certification validation. PLEASE, try not to use it
  -O, --json-output-file string              Output file to write analysis result. This flag should be used with --output-format
  -o, --output-format string                 Output format of analysis ("text"|"json"|"sarif"|"sonarqube"). For json, sarif, and sonarqube --json-output-file is required
  -p, --project-path string                  Path to run an analysis. If this value is not passed, Horusec will ask if you want to run the analysis in the current directory (default "/root/DXC.Angular15.Template.Front")
  -n, --repository-name string               Send repository name to Horusec server, by default sends the actual directory name (default "DXC.Angular15.Template.Front")
  -r, --request-timeout int                  The timeout threshold for the request to the Horusec server. The minimum time is 10 (default 300)
  -e, --return-error                         Return exit code 1 if found vulnerabilities. Default value is false (exit code 0)
  -R, --risk-accept strings                  Ignore a vulnerability by hash and set it to be risk accept. Example -R="hash1, hash2"
	  --show-vulnerabilities-types strings   Show vulnerabilities by types ("Vulnerability"|"Risk Accepted"|"False Positive"|"Corrected"). Example --show-vulnerabilities-types="Vulnerability, Risk Accepted" (default [Vulnerability])

Global Flags:
	  --config-file-path string   Path of the configuration file (default "/root/DXC.Angular15.Template.Front/horusec-config.json")
  -l, --log-file-path string      Path of log file (default "/tmp/horusec-2023-07-17-17-57-15.log")
	  --log-level string          Set log level ("panic"|"fatal"|"error"|"warn"|"info"|"debug"|"trace") (default "info")

and with docker

root@template:~/DXC.Angular15.Template.Front# docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)
Unable to find image 'horuszup/horusec-cli:latest' locally
latest: Pulling from horuszup/horusec-cli
59bf1c3509f3: Pull complete
1ea03e1895df: Pull complete
1ff98835b055: Pull complete
a3f2dd7b7d65: Pull complete
d182b62d4a35: Pull complete
d7a57db2abd7: Pull complete
73490af52bd3: Pull complete
69ef757ff51c: Pull complete
02b1b3930d32: Pull complete
920fb3b25d7f: Pull complete
Digest: sha256:829fce13916bfd1d61103be1e927d98f1ffbdfc4e78192b1fc1c1f8a4054e347
Status: Downloaded newer image for horuszup/horusec-cli:latest
time="2023-07-17T18:24:05Z" level=warning msg="{HORUSEC_CLI} Config file not found"
time="2023-07-17T18:24:05Z" level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3
Error: docker not found. Please check and try again
Usage:
  horusec start [flags]

Examples:
horusec start

Flags:
  -t, --analysis-timeout int                 The timeout threshold for the Horusec CLI wait for the analysis to complete. The minimum time is 10 (default 600)
  -a, --authorization string                 Authorization token to use on Horusec server. Read more: https://docs.horusec.io/docs/tutorials/how-to-create-an-authorization-token (default "00000000-0000-0000-0000-000000000000")
  -C, --certificate-path string              Path to certificate of authority. Example -C="example/ca.crt"
  -P, --container-bind-project-path string   Project path in host to be used on Docker when running Horusec inside a container
  -c, --custom-rules-path string             Path with custom rules that should be used by Horusec engine
  -D, --disable-docker                       Run Horusec without docker. If enabled it will only run the following tools: horusec-csharp, horusec-kotlin, horusec-java, horusec-kubernetes, horusec-leaks, horusec-javascript, horusec-dart, horusec-nginx
  -G, --enable-commit-author                 Enable to search commit author of vulnerabilities
	  --enable-git-history                   Run Gitleaks and search for vulnerabilities in all git history of the project https://github.com/zricethezav/gitleaks
  -w, --enable-owasp-dependency-check        Run Owasp Dependency Check tool https://github.com/jeremylong/DependencyCheck
  -j, --enable-shellcheck                    Run ShellCheck tool https://github.com/koalaman/shellcheck
  -F, --false-positive strings               Ignore a vulnerability by hash and set it to be false positive. Example -F="hash1, hash2"
	  --headers stringToString               Custom headers to send on request to Horusec API. Example --headers='{"X-Auth-Service": "value"}' (default [])
  -h, --help                                 help for start
  -u, --horusec-url string                   The Horusec server address to send analysis results (default "http://0.0.0.0:8000")
  -i, --ignore strings                       Paths to ignore in the analysis. Example: -i="/path/to/ignore, **/*_test.go, **/assets/**" (default [*tmp*,**/.vscode/**])
  -s, --ignore-severity strings              The level of vulnerabilities to ignore in the output ("LOW"|"MEDIUM"|"HIGH"). Example: -s="LOW, HIGH" (default [INFO])
  -I, --information-severity                 Enable information severity vulnerabilities. Information vulnerabilities can contain a lot of false positives
  -S, --insecure-skip-verify                 Disable the certification validation. PLEASE, try not to use it
  -O, --json-output-file string              Output file to write analysis result. This flag should be used with --output-format
  -o, --output-format string                 Output format of analysis ("text"|"json"|"sarif"|"sonarqube"). For json, sarif, and sonarqube --json-output-file is required
  -p, --project-path string                  Path to run an analysis. If this value is not passed, Horusec will ask if you want to run the analysis in the current directory (default "/")
  -n, --repository-name string               Send repository name to Horusec server, by default sends the actual directory name (default "/")
  -r, --request-timeout int                  The timeout threshold for the request to the Horusec server. The minimum time is 10 (default 300)
  -e, --return-error                         Return exit code 1 if found vulnerabilities. Default value is false (exit code 0)
  -R, --risk-accept strings                  Ignore a vulnerability by hash and set it to be risk accept. Example -R="hash1, hash2"
	  --show-vulnerabilities-types strings   Show vulnerabilities by types ("Vulnerability"|"Risk Accepted"|"False Positive"|"Corrected"). Example --show-vulnerabilities-types="Vulnerability, Risk Accepted" (default [Vulnerability])

Global Flags:
	  --config-file-path string   Path of the configuration file (default "/horusec-config.json")
  -l, --log-file-path string      Path of log file (default "/tmp/horusec-2023-07-17-18-24-05.log")
	  --log-level string          Set log level ("panic"|"fatal"|"error"|"warn"|"info"|"debug"|"trace") (default "info")

how solve this im using ubuntu 22

docker compose version

Docker Compose version v2.19.1

docker --version

Docker version 24.0.4, build 3713ee1

[matheussilvaprimo]

Did you get passed by this error? We are facing the same issue with v2.7.1 and v2.8.0