Comments (6)
Your suspicion was 100% correct -- I had neglected to pass environment variables on the command-line. Once I did that, it connects to the right project and uses the correct policy. Thanks!!
from semgrep-action.
Hi @msorens,
It looks like this functionality went in in https://github.com/returntocorp/semgrep-action/pull/120.
I suspect a few things could be going on here, but I'll need a bit more information to confirm:
- Are you running the latest version of
returntocorp/semgrep-action
? It looks like thev1
tag is updated on every commit: https://github.com/returntocorp/semgrep-action/tags, but you may need adocker pull returntocorp/semgrep-action:v1
. - Can you copy your environment information here? E.g. it should look something like this during a
semgrep-action
run:- It should mention
SEMGREP_REPO_NAME
if the env variable is correctly set.
- It should mention
=== detecting environment
| versions - semgrep 0.31.1 on Python 3.7.0
| environment - running in environment git, triggering event is 'unknown'
| manage - logged in as deployment returntocorp/semgrep#1
| policy - using default
| SEMGREP_REPO_NAME - test_name
- Are you correctly passing the
SEMGREP_REPO_NAME
env variable to the Docker environment?- I.e. I wouldn't expect your
docker run
command to work as expected without something like the following:-e 'SEMGREP_REPO_NAME=test_name'
- I'm not familiar with BuildKite, but I see you're specifying
propogate-environment: true
. IsSEMGREP_REPO_NAME
included in theenvironment
key of your included image?
- I.e. I wouldn't expect your
I suspect if we get the repo_name
right it will use the correct policy.
from semgrep-action.
Thanks all! Transferring this issue to semgrep-action for discoverability in the future.
from semgrep-action.
Afterthought: probably should fail the run immediately if SEMGREP_REPO_NAME
is not provided to give a clear indication of this easy-to-fall-into trap.
from semgrep-action.
@chmccreery @underyx Any thoughts on Michael's above suggestion?
from semgrep-action.
We intentionally do not require this environment variable, to make it possible to run semgrep-action in a very basic setup, without having to configure a bunch of environment variables. I would like to preserve that simplicity for users who only care about the 80% solution, and just want to run their default policy or get their rules from a local yaml file.
We could certainly print out the environment variables that are not set, as well as those that are, but this might get a bit verbose.
from semgrep-action.
Related Issues (20)
- Failed with exit code 7 when running semgrep_app_rules.yaml with Type Script. HOT 5
- Unexpected input(s) 'publishDeployment', valid inputs are ['entryPoint', 'args', 'config', 'publishToken', 'generateSarif', 'auditOn'] HOT 1
- Semgrep Action failed with exit code 2 when no issues are found HOT 7
- Relative paths not working HOT 3
- UnknownLanguageError - This is an internal error, please file an issue HOT 1
- Output as json file? HOT 3
- Cannot run `semgrep ci` while logged in and with explicit config. Use semgrep.dev to configure rules to run. HOT 4
- semgrep --debug options makes the scan --strict and fail the whole scan HOT 7
- Python pip dependency conflict with semgrep version 0.86.0 and 0.87.0 HOT 6
- Passing verbose flag to semgrep-action HOT 3
- Semgrep-action no longer works with multiple configs HOT 1
- 0.89 fails with git error on CI HOT 7
- Warning: Unexpected input(s) 'generateSarif', valid inputs are ['entryPoint', 'args', 'config', 'publishToken'] HOT 10
- SARIF Error: instance additionalProperty "fixes" exists in instance when not allowed HOT 6
- 0.98.0 fails with git error on GHA HOT 1
- Semgrep command failing with exit code 7 internal error HOT 1
- Add exclude option in the Semgrep action yml file HOT 2
- semgrep-action@v1 fails with false success status when semgrep token is missing
- Add versioning for Semgrep rules as well
- Semgrep actions is full deprecated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from semgrep-action.