AppScan code sweep action doesn't run scanning on code about appscan-codesweep-action HOT 12 CLOSED

I'm hoping to add the action code to the GitHub repo soon, but for now, I'm not able to do so.

from appscan-codesweep-action.

Hi,

What event(s) did you set your workflow to run on? You'll want to use the pull_request event. If you've already done that, can you show the yaml file you're using?

from appscan-codesweep-action.

Hi,
Thanks for swift response. I have used for push event and below config.
on:
push:
branches: [ appscan* ]

Does it work only on pull request?

from appscan-codesweep-action.

Hi,
Right now it only works for the pull_request event.

from appscan-codesweep-action.

Ah Ok ! I will try with pull request then,

Out of curiosity to understand where is the config or control to make this action work only on PR. From the repo it has only action.yml which launches a docker container. Does that container has kind of control to make it work only for PR?

from appscan-codesweep-action.

That's correct. Until we support other events, I'll look to make the message more clear. Right now it shows:
"Not interested in this event: null."
That should show the event you used (i.e. "push") but it's showing null for some reason.

from appscan-codesweep-action.

Great ! Can we have read access to your action to understand the event based action setup?

from appscan-codesweep-action.

I have used the pull request event as you suggested and the workflow is successful. and log here.
Checking for added files...
Checking for modified files...
Connecting to ASoC...
Running Codesweep security scan on updated files...

Few queries out of this execution as below.

1. Does the scan runs only for change set of files part of the pull request or it has possibility to run scan all the source code files part of the repo?
2. After the workflow run have been to the Dashboard (https://cloud.appscan.com/main/scans), But didn't see any scan run here. Is it due to no change in source code as per the event trigger?
3. How do i run the full scan and see the results back in the dashboard?
   Please advise us.

from appscan-codesweep-action.

@1633605-Phaneendra

1. The GitHub Action only scans new/changed code. It does not scan other files.
2. Currently there is no direct integration between GitHub & ASoC. It is planned, but not yet available. Results will only be in GitHub.
3. Depending on which toolset you use we recommend using the CLI, AppScan Go, maven/Gradle or one of the other CI/CD plugins like Jenkins, Azure DevOps ,etc. You can find a list of plugins here (https://cloud.appscan.com/plugins)

from appscan-codesweep-action.

@coadaflorin Thanks for the feedback.

As you mentioned that results are only available within github, does it in log or any other format or report available with in github?

from appscan-codesweep-action.

At the moment only the results you see in the actions/pull request are available.

from appscan-codesweep-action.

In version 2 we've added the option to publish issues found to AppScan on Cloud when the PR is merged. See the ReadMe for additional details.

from appscan-codesweep-action.