You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 2, 2023. It is now read-only.
Hi,
We encountered an issue with github's action 'scan_and_push_container_images_to_registries'
at the 'Convert Container Scan Report to SARIF' step, here's is the ouput:
"
Run rm3l/container-scan-to-sarif-action@v1.7.0
with:
converter-version: 0.7.1
output-file: scanreport.sarif
env:
DOCKER_BUILDKIT: 1
GITHUB_TOKEN: ***
JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.3-7/x64
GRADLE_BUILD_ACTION_SETUP_COMPLETED: true
GRADLE_BUILD_ACTION_CACHE_RESTORED: true
Run mkdir -p ~/.local/bin
mkdir -p ~/.local/bin
curl -L "https://github.com/rm3l/container-scan-to-sarif/releases/download/0.7.1/container-scan-to-sarif_0.7.1_Linux_x86_64.tar.gz"
| tar zx -C ~/.local/bin --strip-components=1
chmod +x ~/.local/bin/container-scan-to-sarif
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
DOCKER_BUILDKIT: 1
GITHUB_TOKEN: ***
JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.3-7/x64
GRADLE_BUILD_ACTION_SETUP_COMPLETED: true
GRADLE_BUILD_ACTION_CACHE_RESTORED: true
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
68 703k 68 479k 0 0 1028k 0 --:--:-- --:--:-- --:--:-- 1028k
100 703k 100 703k 0 0 1484k 0 --:--:-- --:--:-- --:--:-- 31.2M
Run # Converter versions >= 0.6.0 dropped support for the "-output" CLI option.
Converter versions >= 0.6.0 dropped support for the "-output" CLI option.
Instead, they directly write the resulting SARIF to the standard output
if ~/.local/bin/container-scan-to-sarif --help | grep 'output string' > /dev/null; then
~/.local/bin/container-scan-to-sarif
-input ""
-output "scanreport.sarif";
else
~/.local/bin/container-scan-to-sarif
-input ""
| tee "scanreport.sarif";
fi
echo "::set-output name=sarif-report-path::scanreport.sarif"
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
DOCKER_BUILDKIT: 1
GITHUB_TOKEN: ***
JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.3-7/x64
GRADLE_BUILD_ACTION_SETUP_COMPLETED: true
GRADLE_BUILD_ACTION_CACHE_RESTORED: true
Usage of /home/runner/.local/bin/container-scan-to-sarif:
-input string
path to the Container Scan JSON Report (default "./scanreport.json")
2022/07/08 09:53:11 open : no such file or directory
"
The next step 'Upload SARIF reports to GitHub Security tab' also failed with the following ouput:
"
Run github/codeql-action/upload-sarif@v2
Error: Input required and not supplied: sarif_file
Error: Input required and not supplied: sarif_file
at Object.getInput (/home/runner/work/_actions/github/codeql-action/v2/node_modules/@actions/core/lib/core.js:109:15)
at Object.getRequiredInput (/home/runner/work/_actions/github/codeql-action/v2/lib/actions-util.js:47:17)
at run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:52:77)
at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:74:9)
"
Thank in advance for the help
Regards
Michel
The text was updated successfully, but these errors were encountered:
Or if you can share the output of the step before that runs the Azure/container-scan action (which produced the resulting scan report file in JSON), that would be helpful in determining what the issue could be.
Hi,
We encountered an issue with github's action 'scan_and_push_container_images_to_registries'
at the 'Convert Container Scan Report to SARIF' step, here's is the ouput:
"
Run rm3l/container-scan-to-sarif-action@v1.7.0
with:
converter-version: 0.7.1
output-file: scanreport.sarif
env:
DOCKER_BUILDKIT: 1
GITHUB_TOKEN: ***
JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.3-7/x64
GRADLE_BUILD_ACTION_SETUP_COMPLETED: true
GRADLE_BUILD_ACTION_CACHE_RESTORED: true
Run mkdir -p ~/.local/bin
mkdir -p ~/.local/bin
curl -L "https://github.com/rm3l/container-scan-to-sarif/releases/download/0.7.1/container-scan-to-sarif_0.7.1_Linux_x86_64.tar.gz"
| tar zx -C ~/.local/bin --strip-components=1
chmod +x ~/.local/bin/container-scan-to-sarif
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
DOCKER_BUILDKIT: 1
GITHUB_TOKEN: ***
JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.3-7/x64
GRADLE_BUILD_ACTION_SETUP_COMPLETED: true
GRADLE_BUILD_ACTION_CACHE_RESTORED: true
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
68 703k 68 479k 0 0 1028k 0 --:--:-- --:--:-- --:--:-- 1028k
100 703k 100 703k 0 0 1484k 0 --:--:-- --:--:-- --:--:-- 31.2M
Run # Converter versions >= 0.6.0 dropped support for the "-output" CLI option.
Converter versions >= 0.6.0 dropped support for the "-output" CLI option.
Instead, they directly write the resulting SARIF to the standard output
if ~/.local/bin/container-scan-to-sarif --help | grep 'output string' > /dev/null; then
~/.local/bin/container-scan-to-sarif
-input ""
-output "scanreport.sarif";
else
~/.local/bin/container-scan-to-sarif
-input ""
| tee "scanreport.sarif";
fi
echo "::set-output name=sarif-report-path::scanreport.sarif"
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
DOCKER_BUILDKIT: 1
GITHUB_TOKEN: ***
JAVA_HOME: /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/17.0.3-7/x64
GRADLE_BUILD_ACTION_SETUP_COMPLETED: true
GRADLE_BUILD_ACTION_CACHE_RESTORED: true
Usage of /home/runner/.local/bin/container-scan-to-sarif:
-input string
path to the Container Scan JSON Report (default "./scanreport.json")
2022/07/08 09:53:11 open : no such file or directory
"
The next step 'Upload SARIF reports to GitHub Security tab' also failed with the following ouput:
"
Run github/codeql-action/upload-sarif@v2
Error: Input required and not supplied: sarif_file
Error: Input required and not supplied: sarif_file
at Object.getInput (/home/runner/work/_actions/github/codeql-action/v2/node_modules/@actions/core/lib/core.js:109:15)
at Object.getRequiredInput (/home/runner/work/_actions/github/codeql-action/v2/lib/actions-util.js:47:17)
at run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:52:77)
at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:74:9)
"
Thank in advance for the help
Regards
Michel
The text was updated successfully, but these errors were encountered: