hcl-tech-software / appscan-codesweep-action Goto Github PK
View Code? Open in Web Editor NEWIntegrate static security testing with HCL AppScan CodeSweep with Github.
License: Apache License 2.0
Integrate static security testing with HCL AppScan CodeSweep with Github.
License: Apache License 2.0
Hi,
I have followed your documentation and configured the workflow with secrets generated for API Key and secret via the URL: https://cloud.appscan.com/main/settings
once the action is executed it shows the below information in log.
Run HCL-TECH-SOFTWARE/appscan-codesweep-action@v1
with:
asoc_key: ***
asoc_secret: ***
status: failure
env:
GITHUB_TOKEN: ***
/usr/bin/docker run --name hclcrioappscancodesweepactionlatest_7cd3e4 --label 7b361e --workdir /github/workspace --rm -e GITHUB_TOKEN -e INPUT_ASOC_KEY -e INPUT_ASOC_SECRET -e INPUT_STATUS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_DEBUG -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/calculator-api/calculator-api":"/github/workspace" hclcr.io/appscan/codesweep-action:latest
Not interested in this event: null.
Exiting...
##[debug]Docker Action run completed with exit code 0
Could you please let us know if there is something missed in terms of configuration here?
Hey guys,
I am facing an error when running the action for scanning my app through Github Actions.
This is my action file:
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Run AppScan CodeSweep
uses: HCL-TECH-SOFTWARE/appscan-codesweep-action@v1
with:
asoc_key: ${{ secrets.ASOC_KEY }}
asoc_secret: ${{ secrets.ASOC_SECRET }}
env:
GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
It seems to run the scan, find the issues, but can't connect into github for giving us the feedback on the PR (comment on each file that have an issue).
Have you ever faced something like that?
When trialing this action on an existing repo, I receive the following error when running in a pull request. Am I doing something wrong, or is this a bug?
Checking for added files...
fatal: Invalid symmetric difference expression 2be45770d5c3e76fcd5303d51dea78879d533382...29d299fa6a0d799d8be798713f4cea7d074d2772
Excerpt from workflow:
name: CodeSweep
on:
push:
branches: [ master ]
paths:
- 'src/**'
pull_request:
branches: [ master ]
jobs:
scan:
runs-on: ...
timeout-minutes: 2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v2
- uses: HCL-TECH-SOFTWARE/appscan-codesweep-action@v1
with:
asoc_key: ${{secrets.ASOC_KEY}}
asoc_secret: ${{secrets.ASOC_SECRET}}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.