synopsys-sig / synopsys-action Goto Github PK
View Code? Open in Web Editor NEWSynopsys Action consuming Synopsys scanning tools
License: Apache License 2.0
synopsys-action's People
Contributors
Stargazers
Watchers
Forkers
jcroall kevindejong-tomtom kiransynopsys iamkiran alreadyforkallbranches alreadyforkallbranches lawrenceperson tvcsantos seolyekwon mecatro7 mbutrimov fork-github-action emanuelschmoczer keyfactorsynopsys-action's Issues
Access Token
I am getting the error [Polaris Initializer] ERROR: Invalid access token "***": invalid length.
Looking at your actions, it looks like you are too. Is there a solution? Does this action work?
ERROR: error occurred while parsing the Pull Request diff: Error while reading the diff: bufio.Scanner: token too long
I am getting an error when trying to scan a pull request
Error while reading the diff: bufio.Scanner: token too long
I believe it's related to this file being a large diff...
Looking around online I have found a couple of other repositories that have had a similar issue and have fixed it by chunking up the data:
"detect-action" or "synopsys-action" ... which one shall be used?
There is another repository called "detect-action". There are many PRs there which doesn't seem to have been evaluated. Somebody mentioned that that repo is not in use anymore. But there is no deprecation information.
Would be great if somebody could clarify whether "detect-action" or this "synopsys-action" repo should be used for performing a Black Duck SCA scan in a GitHub workflow.
Thanks!
Unexpected response from Connect API
We have Coverity installation in place in my corporate workspace.
Can you please provide more informational logs or document steps to debug this 500 error? When running this action in our corporate environment, I need to find out what's happening behind the scenes.
I am using the action.yaml provided here: https://github.com/synopsys-sig/synopsys-action#synopsys-github-action---coverity-cloud-deployment-with-thin-client
2023-01-04 11:06:15.5226 EST [Check pull request] INFO: Starting Adapter
2023-01-04 11:06:15.5281 EST [Check pull request] INFO: Adapter finished
2023-01-04 11:06:15.0000 EST [Connect Workflow Controller] ERROR: failed to find the coverity version supported: Received unexpected response status code '500 ' from Connect API
2023-01-04 11:06:15.7101 EST [Coverity Connect Controller] ERROR: Adapter failed: exit status 1
2023-01-04 11:06:15.7131 EST [Default Blackduck Scan Mode] INFO: Adapter finished
2023-01-04 11:06:15.7334 EST [Coverity connect post scan] INFO: Adapter finished
Synopsys Action workflow execution completed
Error: Workflow failed! Exit Code: 2 Error from adapter end
Scan failure severities of Black Duck don't match what is shown in BD UI.
Scan failure severities of Black Duck.
Supported values: ALL, NONE, BLOCKER, CRITICAL, MAJOR, MINOR, OK, TRIVIAL, UNSPECIFIED
On the portal I see: Critical, High, Medium, Low, None
Please help translate, or explain what I am not understanding.
DETECT_JAVA_OPTS is ignored
I'm trying to configure a Java truststore to connect to a BlackDuckHub instance. I've set these Java options as environment variable:
DETECT_JAVA_OPTS: "-Djavax.net.ssl.trustStore=./blackduck.truststore -Djavax.net.ssl.trustStorePassword=${{ secrets.BLACKDUCK_TRUSTSTORE_PASSWORD }}"
Works fine when I just curl https://detect.synopsys.com/detect9.sh but when I try to use synopsys-sig/[email protected] in my GitHub action, it can't connect. I'd rather not trust all certs by default (I know BLACKDUCK_TRUST_CERT: true is an option).
Is there a way to use synopsys-sig in my GitHub action with a custom truststore?
Action not compatible with older detect version
I was trying to use the action for detect version 7.14.0. I found out that using RAPID scan mode is currently not working when creating reports.
Its choosing detect version Detect Version: 8.9.0
below are the error are observed
FAILURE_BLACKDUCK_FEATURE_ERROR - Detect encountered an error while attempting an operation on Black Duck. Ensure that your Black Duck version is compatible with this version of Detect, and that your Black Duck user account has the required roles.
Unable to download artifact. Response code: 401 Unauthorized
as our license doesnot support latest run, Can we have support older version.
Passing parameters to Black Duck
Hello,
since I was not able to find it in the documentation - how can I pass the following parameters to Black Duck using your action?
DETECT_PROJECT_VERSION_NAME
DETECT_PROJECT_NAME
DETECT_NPM_DEPENDENCY_TYPES_EXCLUDED
DETECT_INCLUDED_DETECTOR_TYPES
DETECT_SOURCE_PATH
Thanks in advance.
Node.js 16 actions are deprecated
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: synopsys-sig/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
Please create a new release with Node.js 20.
Thanks!
detect.excluded.directories overridden by bridge exclude entry
I'm setting the detect.excluded.directories value and the execution of this action seems to override the values to a single *./bridge entry. I've tried using the DETECT_EXCLUDED_DIRECTORIES as well to the same effect.
github workflow
input snippet:
...
env:
DETECT_EXCLUDED_DIRECTORIES: myTestProject, **myTestProject, **/myTestProject, myOtherTestProject, **myOtherTestProject, **/myOtherTestProject
..
OR
env:
detect.excluded.directories: myTestProject, **myTestProject, **/myTestProject, myOtherTestProject, **myOtherTestProject, **/myOtherTestProject
...
output snippet (during execution of bdhub 8.11.0):
...
2023-08-02 17:16:00.0000 UTC [Blackduck Execution] [main] INFO: --- detect.excluded.directories = /home/runner/work/myProject/myProject/.bridge [cmd]
...
Update vulnerable dependencies
Update vulnerable dependencies
Hi team, would you help to update dependencies and release a version to resolve a few CVEs? I saw there was an attempt (#141) but don't know why it is reverted.
how to exclude files and folders ?
It here any parameter for exclude file and folders ?
ERROR: 400 Bad Request on /api/developer-scans/xxx?offset=0&limit=100
I am trying to switch from using the bash script of the BlackDuck Detect to this action and running into issue when it waits for the scan.
The following configuration is for the bash script which works fine
- name: BlackDuck Detect
run: |
bash <(curl -s https://detect.synopsys.com/detect9.sh) \
--blackduck.url=${{ secrets.BLACKDUCK_URL }} \
--blackduck.api.token=${{ secrets.BLACKDUCK_API_KEY }} \
--detect.project.name=${{ needs.get_blackduck_tag.outputs.name }} \
--detect.blackduck.scan.mode=${{ needs.get_blackduck_tag.outputs.mode }} \
--detect.project.version.name=${{ needs.get_blackduck_tag.outputs.version }} \
--detect.project.version.phase=${{ needs.get_blackduck_tag.outputs.phase }} \
--detect.project.version.distribution=INTERNAL \
--detect.project.version.update=trueBut when I try to use the action with the following configuration
- name: Black Duck Scan
uses: synopsys-sig/[email protected]
env:
DETECT_BLACKDUCK_SCAN_MODE: ${{ needs.get_blackduck_tag.outputs.mode }}
DETECT_PROJECT_NAME: ${{ needs.get_blackduck_tag.outputs.name }}
DETECT_PROJECT_VERSION_DISTRIBUTION: INTERNAL
DETECT_PROJECT_VERSION_NAME: ${{ needs.get_blackduck_tag.outputs.version }}
DETECT_PROJECT_VERSION_PHASE: ${{ needs.get_blackduck_tag.outputs.phase }}
DETECT_PROJECT_VERSION_UPDATE: true
LOGGING_LEVEL_DETECT: DEBUG
with:
blackduck_url: ${{ secrets.BLACKDUCK_URL }}
blackduck_token: ${{ secrets.BLACKDUCK_API_KEY }}
blackduck_prComment_enabled: true
github_token: ${{ secrets.GITHUB_TOKEN }}I got the 400 Bad Request in one of the step. I verified that the variables we set for the detect are the same across both run. The debug log is shown below
2024-02-02 01:48:02.0000 UTC [Blackduck Execution] [main] INFO: --- ----------------------------------
2024-02-02 01:48:02.0000 UTC [Blackduck Execution] [main] INFO: --- Project name: {repo}
2024-02-02 01:48:02.0000 UTC [Blackduck Execution] [main] INFO: --- Project version: 2024.02.01
2024-02-02 01:48:03.0000 UTC [Blackduck Execution] [main] INFO: --- Begin Rapid Mode Scan
2024-02-02 01:48:04.0000 UTC [Blackduck Execution] [main] INFO: --- Uploaded Rapid Scan: ***/api/developer-scans/d9934315-8823-4bc4-aa63-70b04b51eadd
[202](https://github.com/{org}/{repo}/actions/runs/7750219629/job/21136168242?pr=93#step:4:203)4-02-02 01:48:04.0000 UTC [Blackduck Execution] [main] INFO: --- ----------------------------------
2024-02-02 01:48:04.0000 UTC [Blackduck Execution] [main] INFO: --- Signature Scanner tool will not be run.
2024-02-02 01:48:04.0000 UTC [Blackduck Execution] [main] INFO: --- ----------------------------------
2024-02-02 01:48:04.0000 UTC [Blackduck Execution] [main] INFO: --- Binary Scanner tool will not be run.
2024-02-02 01:48:04.0000 UTC [Blackduck Execution] [main] INFO: --- ----------------------------------
2024-02-02 01:48:04.0000 UTC [Blackduck Execution] [main] INFO: --- Container Scanner tool will not be run.
2024-02-02 01:48:04.0000 UTC [Blackduck Execution] [main] INFO: --- Try #1 for task Waiting for Rapid Scans (elapsed: 00:00:00.000)...not done yet, waiting 1 seconds and trying again...
2024-02-02 01:48:05.0000 UTC [Blackduck Execution] [main] ERROR: --- ----------------------------------
2024-02-02 01:48:05.0000 UTC [Blackduck Execution] [main] ERROR: --- Detect run failed.
2024-02-02 01:48:05.0000 UTC [Blackduck Execution] [main] ERROR: --- An unrecoverable error occurred which may be due to your environment and/or configuration. Please double check the Detect documentation: https://sig-product-docs.synopsys.com/bundle/integrations-detect/page/introduction.html
2024-02-02 01:48:05.6168 UTC [Blackduck Execution] INFO: com.synopsys.integration.rest.exception.IntegrationRestException: There was a problem trying to GET ***/api/developer-scans/d9934315-8823-4bc4-aa63-70b04b51eadd?offset=0&limit=100, response was 400 Bad Request, reason phrase was Bad Request.
2024-02-02 01:48:05.6169 UTC [Blackduck Execution] INFO: at com.synopsys.integration.rest.response.DefaultResponse.throwExceptionForError(DefaultResponse.java:[210](https://github.com/{org}/{repo}/actions/runs/7750219629/job/21136168242?pr=93#step:4:211))
2024-02-02 01:48:05.6169 UTC [Blackduck Execution] INFO: at com.synopsys.integration.blackduck.http.client.DefaultBlackDuckHttpClient.throwExceptionForError(DefaultBlackDuckHttpClient.java:104)
2024-02-02 01:48:05.6169 UTC [Blackduck Execution] INFO: at com.synopsys.integration.blackduck.service.BlackDuckApiClient.execute(BlackDuckApiClient.java:166)
2024-02-02 01:48:05.6170 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.workflow.blackduck.developer.blackduck.DetectRapidScanWaitJobFull.isComplete(DetectRapidScanWaitJobFull.java:60)
2024-02-02 01:48:05.6170 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.workflow.blackduck.developer.blackduck.DetectRapidScanWaitJobFull.attemptJob(DetectRapidScanWaitJobFull.java:48)
2024-02-02 01:48:05.6170 UTC [Blackduck Execution] INFO: at com.synopsys.integration.wait.ResilientJobExecutor.executeJob(ResilientJobExecutor.java:34)
2024-02-02 01:48:05.6171 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.workflow.blackduck.developer.RapidModeWaitOperation.waitForFullScans(RapidModeWaitOperation.java:36)
2024-02-02 01:48:05.6171 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.operation.OperationRunner.lambda$waitForFullRapidResults$10(OperationRunner.java:570)
2024-02-02 01:48:05.6171 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:36)
2024-02-02 01:48:05.6172 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:27)
2024-02-02 01:48:05.6172 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationAuditLog.namedInternal(OperationAuditLog.java:53)
2024-02-02 01:48:05.6172 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationAuditLog.namedInternal(OperationAuditLog.java:48)
2024-02-02 01:48:05.6172 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.operation.OperationRunner.waitForFullRapidResults(OperationRunner.java:567)
2024-02-02 01:48:05.6173 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.RapidModeStepRunner.runOnline(RapidModeStepRunner.java:123)
2024-02-02 01:48:05.6173 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.DetectRun.run(DetectRun.java:86)
2024-02-02 01:48:05.6173 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.Application.runApplication(Application.java:[214](https://github.com/{org}/{repo}/actions/runs/7750219629/job/21136168242?pr=93#step:4:215))
2024-02-02 01:48:05.6173 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.Application.run(Application.java:143)
2024-02-02 01:48:05.6174 UTC [Blackduck Execution] INFO: at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:759)
2024-02-02 01:48:05.6174 UTC [Blackduck Execution] INFO: at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:749)
2024-02-02 01:48:05.6174 UTC [Blackduck Execution] INFO: at org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
2024-02-02 01:48:05.6175 UTC [Blackduck Execution] INFO: at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:164)
2024-02-02 01:48:05.6175 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.Application.main(Application.java:97)
2024-02-02 01:48:05.6175 UTC [Blackduck Execution] INFO: at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2024-02-02 01:48:05.6175 UTC [Blackduck Execution] INFO: at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
2024-02-02 01:48:05.6175 UTC [Blackduck Execution] INFO: at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2024-02-02 01:48:05.6176 UTC [Blackduck Execution] INFO: at java.base/java.lang.reflect.Method.invoke(Method.java:568)
2024-02-02 01:48:05.6176 UTC [Blackduck Execution] INFO: at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
2024-02-02 01:48:05.6176 UTC [Blackduck Execution] INFO: at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
2024-02-02 01:48:05.6177 UTC [Blackduck Execution] INFO: at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
2024-02-02 01:48:05.6177 UTC [Blackduck Execution] INFO: at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65)
2024-02-02 01:48:05.6178 UTC [Blackduck Execution] INFO: com.synopsys.integration.detect.lifecycle.OperationException: com.synopsys.integration.rest.exception.IntegrationRestException: There was a problem trying to GET ***/api/developer-scans/d9934315-8823-4bc4-aa63-70b04b51eadd?offset=0&limit=100, response was 400 Bad Request, reason phrase was Bad Request.
2024-02-02 01:48:05.6178 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:78)
2024-02-02 01:48:05.6178 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:27)
2024-02-02 01:48:05.6178 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationAuditLog.namedInternal(OperationAuditLog.java:53)
2024-02-02 01:48:05.6179 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationAuditLog.namedInternal(OperationAuditLog.java:48)
2024-02-02 01:48:05.6179 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.operation.OperationRunner.waitForFullRapidResults(OperationRunner.java:567)
2024-02-02 01:48:05.6179 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.RapidModeStepRunner.runOnline(RapidModeStepRunner.java:123)
2024-02-02 01:48:05.6179 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.DetectRun.run(DetectRun.java:86)
2024-02-02 01:48:05.6180 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.Application.runApplication(Application.java:214)
2024-02-02 01:48:05.6180 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.Application.run(Application.java:143)
2024-02-02 01:48:05.6180 UTC [Blackduck Execution] INFO: at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:759)
2024-02-02 01:48:05.6181 UTC [Blackduck Execution] INFO: at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:749)
2024-02-02 01:48:05.6181 UTC [Blackduck Execution] INFO: at org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
2024-02-02 01:48:05.6181 UTC [Blackduck Execution] INFO: at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:164)
2024-02-02 01:48:05.6181 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.Application.main(Application.java:97)
2024-02-02 01:48:05.6182 UTC [Blackduck Execution] INFO: at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2024-02-02 01:48:05.6182 UTC [Blackduck Execution] INFO: at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
2024-02-02 01:48:05.6182 UTC [Blackduck Execution] INFO: at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2024-02-02 01:48:05.6182 UTC [Blackduck Execution] INFO: at java.base/java.lang.reflect.Method.invoke(Method.java:568)
2024-02-02 01:48:05.6183 UTC [Blackduck Execution] INFO: at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49)
2024-02-02 01:48:05.6183 UTC [Blackduck Execution] INFO: at org.springframework.boot.loader.Launcher.launch(Launcher.java:108)
2024-02-02 01:48:05.6183 UTC [Blackduck Execution] INFO: at org.springframework.boot.loader.Launcher.launch(Launcher.java:58)
2024-02-02 01:48:05.6183 UTC [Blackduck Execution] INFO: at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65)
2024-02-02 01:48:05.6184 UTC [Blackduck Execution] INFO: Caused by: com.synopsys.integration.rest.exception.IntegrationRestException: There was a problem trying to GET ***/api/developer-scans/d9934315-8823-4bc4-aa63-70b04b51eadd?offset=0&limit=100, response was 400 Bad Request, reason phrase was Bad Request.
2024-02-02 01:48:05.6184 UTC [Blackduck Execution] INFO: at com.synopsys.integration.rest.response.DefaultResponse.throwExceptionForError(DefaultResponse.java:210)
2024-02-02 01:48:05.6184 UTC [Blackduck Execution] INFO: at com.synopsys.integration.blackduck.http.client.DefaultBlackDuckHttpClient.throwExceptionForError(DefaultBlackDuckHttpClient.java:104)
2024-02-02 01:48:05.6184 UTC [Blackduck Execution] INFO: at com.synopsys.integration.blackduck.service.BlackDuckApiClient.execute(BlackDuckApiClient.java:166)
2024-02-02 01:48:05.6185 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.workflow.blackduck.developer.blackduck.DetectRapidScanWaitJobFull.isComplete(DetectRapidScanWaitJobFull.java:60)
2024-02-02 01:48:05.6185 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.workflow.blackduck.developer.blackduck.DetectRapidScanWaitJobFull.attemptJob(DetectRapidScanWaitJobFull.java:48)
2024-02-02 01:48:05.6185 UTC [Blackduck Execution] INFO: at com.synopsys.integration.wait.ResilientJobExecutor.executeJob(ResilientJobExecutor.java:34)
2024-02-02 01:48:05.6186 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.workflow.blackduck.developer.RapidModeWaitOperation.waitForFullScans(RapidModeWaitOperation.java:36)
2024-02-02 01:48:05.6186 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.operation.OperationRunner.lambda$waitForFullRapidResults$10(OperationRunner.java:570)
2024-02-02 01:48:05.6186 UTC [Blackduck Execution] INFO: at com.synopsys.integration.detect.lifecycle.run.step.utility.OperationWrapper.wrapped(OperationWrapper.java:36)
2024-02-02 01:48:05.6186 UTC [Blackduck Execution] INFO: ... 21 common frames omitted
2024-02-02 01:48:05.0000 UTC [Blackduck Execution] [main] ERROR: --- ----------------------------------
I tried switching to trace level logging but it doesn't seems to provide any more information than the debug level. The configuration, as far as I can tell, are the same other than the logging level (which I added to try to troubleshoot) and the PR comment flag (but that is for the action, not for the detect itself).
Setting detect version
For various reasons i need ability to use defferent detect versions (not only latest).
As far as i understand right now, synopsys bridge would use latest detect version when running blackduck stage.
There is an option
DETECT_LATEST_RELEASE_VERSION but it doesn't affect synopsys bridge, which continues to downloading latest.
Are there any options, how i can force bridge to use specific detect version ?
Right now it is just executes latest downloaded jar, which happened to be 9.4.0:
java -jar /home/runner/.synopsys/bridge/tools/synopsys-detect/9.4.0/synopsys-detect-9.4.0.jar
I think, i can use a dirty trick, which will include manually downloading correct version of synopsys-detect jar and putting it under specific name in the specific directory, but that isn't 100% waterproof.
Are there any other options, i should consider ?
blackduck_automation_prcomment with GitHub Enterprise
How can I configure the synopsys-action to work with GitHub Enterprise? If I set blackduck_automation_prcomment: true the action tries to communicate with github.com instead of the GH Enterprise instance the action is running on which obviously fails.
I think the action itself should figure out where it is running and select the appropriate API endpoint accordingly.
2023-06-16 10:34:37.7338 CEST [GitHub Commenter] INFO: will use default GitHub API URL "https://api.github.com/", as "github.api.url" is not configured
2023-06-16 10:34:37.9617 CEST [GitHub Commenter] ERROR: authorization failure - please check if the value configured for "github.user.token" has appropriate permissions: Bad credentials: Received unexpected response status code '401 Unauthorized' from GitHub API
2023-06-16 10:34:37.9874 CEST [GitHub Commenter] ERROR: Adapter failed: exit status 1
Error: Workflow failed! Exit Code: 2 Error from adapter endAction Attempts to Download Bridge Executable Even When Path For Executable is Set
We are using Running GitHub enterprise in an air gapped environment. We have sync'd the synopsys-action into our environment and downloaded the bridge executable to the runner. When the SYNOPSYS_BRIDGE_PATH variable is set, the action still seems to attempt to download the executable from the synopsis
Runner OS - Windows 2019 Data Center Edition
Bridge Version Downloaded: https://sig-repo.synopsys.com/artifactory/bds-integrations-release/com/synopsys/integration/synopsys-action/0.1.192/
Path and Directory for the bridge:
Directory: C:\apps\blackduck-bridge
Mode LastWriteTime Length Name
d----- 4/25/2023 6:58 PM extensions
-a---- 4/25/2023 6:58 PM 8537 LICENSE.txt
-a---- 4/25/2023 6:58 PM 4078048 synopsys-bridge.exe
-a---- 4/25/2023 6:58 PM 4078048 bridge.exe
-a---- 4/25/2023 6:58 PM 515 versions.txt
GitHub Workflow File:
name: Hello World - Testing Black Duck
on:
- workflow_dispatch
jobs:
test_black_duck_windows_2019:
runs-on: App-Factory-Win-2019
steps:
- uses: actions/checkout@v3
- name: Synopsys Action
uses: vendor-actions/[email protected]
with:
coverity_project_name: ${{ secrets.COVERITY_PROJECT_NAME }}
blackduck_apiToken: ${{ secrets.BLACKDUCK_API_TOKEN }}
blackduck_url: ${{ secrets.BLACKDUCK_URL }}
SYNOPSYS_BRIDGE_PATH: "C:\\apps\\blackduck-bridge"
# Optional parameter. By default, pushes will initiate a full "intelligent" scan and pull requests
# will initiate a rapid scan.
blackduck_scan_full: true
blackduck_scan_failure_severities: "ALL"
# multiple parameters
# blackduck_scan_failure_severities: "BLOCKER,CRITICAL,TRIVIAL"
Error Message:
Run vendor-actions/synopsys-action@v1.1.0
with:
coverity_project_name: ***
blackduck_apiToken: ***
blackduck_url: ***
SYNOPSYS_BRIDGE_PATH: C:\apps\blackduck-bridge
blackduck_scan_full: true
blackduck_scan_failure_severities: ALL
Synopsys Action started...
Checking for latest version of Bridge to download and configure
Error: Workflow failed! read ECONNRESET
Blackduck rapid compare mode cannot be set to ALL
I would like to set detect.blackduck.rapid.compare.mode=ALL via the environment variable DETECT_BLACKDUCK_RAPID_COMPARE_MODE. This is not possible - quite in contrast to the README I must say - because the action itself passes detect.blackduck.rapid.compare.mode=BOM_COMPARE_STRICT via cmdline which takes precedence:
2023-06-16 11:13:58.1110 CEST [Blackduck Execution] INFO: 2023-06-16 11:13:58 MESZ INFO [main] --- detect.blackduck.rapid.compare.mode = BOM_COMPARE_STRICT [cmd] FAILURE_ACCURACY_NOT_MET
Hey!
I am getting Extraction for NPM Package Json Parse has accuracy of LOW but HIGH is required by the current detect.accuracy.required configuration. when running on javascript (frontend) project.
Workflow was a copypaste from the BlackDuck docs. And I don't see how detect.accuracy.required can be set.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.