hcl-tech-software / appscan-codesweep-action Goto Github PK

Hi,

I have followed your documentation and configured the workflow with secrets generated for API Key and secret via the URL: https://cloud.appscan.com/main/settings

once the action is executed it shows the below information in log.

Run HCL-TECH-SOFTWARE/appscan-codesweep-action@v1
with:
asoc_key: ***
asoc_secret: ***
status: failure
env:
GITHUB_TOKEN: ***
/usr/bin/docker run --name hclcrioappscancodesweepactionlatest_7cd3e4 --label 7b361e --workdir /github/workspace --rm -e GITHUB_TOKEN -e INPUT_ASOC_KEY -e INPUT_ASOC_SECRET -e INPUT_STATUS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_DEBUG -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/calculator-api/calculator-api":"/github/workspace" hclcr.io/appscan/codesweep-action:latest
Not interested in this event: null.
Exiting...
##[debug]Docker Action run completed with exit code 0

Could you please let us know if there is something missed in terms of configuration here?

Hey guys,

I am facing an error when running the action for scanning my app through Github Actions.

This is the error:

This is my action file:

on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v1
      - name: Run AppScan CodeSweep
        uses: HCL-TECH-SOFTWARE/appscan-codesweep-action@v1
        with:
          asoc_key: ${{ secrets.ASOC_KEY }}
          asoc_secret: ${{ secrets.ASOC_SECRET }}
    env: 
      GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}

It seems to run the scan, find the issues, but can't connect into github for giving us the feedback on the PR (comment on each file that have an issue).

Have you ever faced something like that?

When trialing this action on an existing repo, I receive the following error when running in a pull request. Am I doing something wrong, or is this a bug?

Checking for added files...
fatal: Invalid symmetric difference expression 2be45770d5c3e76fcd5303d51dea78879d533382...29d299fa6a0d799d8be798713f4cea7d074d2772

Excerpt from workflow:

name: CodeSweep
on:
  push:
    branches: [ master ]
    paths:
    - 'src/**'
  pull_request:
    branches: [ master ]
jobs:
  scan:
    runs-on: ...
    timeout-minutes: 2
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
    - uses: actions/checkout@v2
    - uses: HCL-TECH-SOFTWARE/appscan-codesweep-action@v1
      with:
        asoc_key: ${{secrets.ASOC_KEY}}
        asoc_secret: ${{secrets.ASOC_SECRET}}