Comments (29)
For the record, the new version is now available.
from action-baseline.
When will come a new update?
There's no ETA for the update/release.
What's the issue you're trying to report?
I think the warning, despite everything working as expected better to update.
from action-baseline.
The Octokit warning is not the cause why the build fails but the warnings/alerts ZAP found WARN-NEW: 8
.
from action-baseline.
The update would address the warning (actions/toolkit#333), not sure if it's as simple as, it's a major update (from 1.x to 2.x).
from action-baseline.
Having the same problem and tried the various workarounds but didn't have any luck. Is there an ETA for v0.4.0 currently? Would love to start using the action in production, but at the moment it fails our builds.
from action-baseline.
Thanks.
You mentioned your use exited with code 3, that's not related to Alerts, you seem to have some other failure.
Ref: https://github.com/zaproxy/zaproxy/blob/efb404d38280dc9ecf8f88c9b0c658385861bdcf/docker/zap-baseline.py#L31-L35
from action-baseline.
Hi @kingthorin , I will test this scenario in the coming weekend and will send a PR.
from action-baseline.
The warning is caused by a dependency (@actions/github
) not this action, we'll have to update it.
from action-baseline.
Thanks for your fast response. When will come a new update?
from action-baseline.
It seems to be behaving as expected. It exited code 2 because you have new warnings.
What's the issue you're trying to report?
from action-baseline.
I can't share repository and log because it's private and has copyright. But the workflow is:
- Create a deployment package for AWS EBS
- Upload package to AWS S3 Budget
- Trigger application update from AWS S3 Bucket
- Perform ZAP scan (basic configuration - using the only target in with property)
On 4. step I got a warning/issue which forces action to fail but it will create a report file.
Thanks
from action-baseline.
To be clear why would it fail if there is a warning. Is this just a hacky way of giving alerts? How do you change the verbosity so that it fails on actual issues only?
from action-baseline.
If with "it" you are referring to the action itself, that's #31.
from action-baseline.
If with "it" you are referring to the action itself, that's #31.
@thc202 that issue perfectly covers my concern. Is there a way to stop this just failing if it finds any warnings but instead configure it? Or is that to be built?
from action-baseline.
You can just specify a rules file with the relevant rules to IGNORE instead of WARN.
from action-baseline.
Hi guys,
Just tried the new release v0.3.0 and got:
- Basic configuration -
The ZAP Baseline scan has failed, starting to analyze the alerts. err: Error: The process '/usr/bin/docker' failed with exit code 2
.After that, I saw there is a new parameterfail_action
. - Tried in
with
parameter thefail_action
with the value true or false which will produce an errorUnexpected input(s) 'fail_action', valid inputs are ['token', 'target', 'rules_file_name', 'docker_name', 'cmd_options', 'issue_title']
By default ZAP Docker container will fail that is alright, but can we add and set fail_action
to false if we want to ignore warnings which will produce action to pass?
Thanks
from action-baseline.
@njox the fail_action
handling hasn't been released yet. You'd have to use the action based on commit id or wait for v0.4.0
from action-baseline.
Currently, I can't check the new version, but someone can test it, and if everything seems to be ok then the issue can be closed.
Thanks
from action-baseline.
Currently, I can't check the new version, but someone can test it, and if everything seems to be ok then the issue can be closed.
Thanks
I'll be online in about an hour and can test it to close the issue.
from action-baseline.
The issue should be kept open as the deprecation was not yet addressed.
from action-baseline.
Issue still seems to be reproducing on v0.4.0, albeit with an exit code 3 instead of 2.
Error: failed to scan the target: Error: The process '/usr/bin/docker' failed with exit code 3
from action-baseline.
@samrobinson123 please provide a link to your config/use.
from action-baseline.
@kingthorin Workflow is part of a private repository and so i'll put it here.
Please note, i've removed the target website in this example.
on: [push]
jobs:
zap_scan:
runs-on: ubuntu-latest
name: Scan the web application
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: main
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: ‘My target'
from action-baseline.
The issue should be kept open as the deprecation was not yet addressed.
@sshniro is addressing the deprecation warning as simple as updating our dependencies?
from action-baseline.
I am getting a similar error: https://github.com/jasikpark/jasik-xyz/runs/1521221382?check_suite_focus=true
from action-baseline.
Was this issue resolved? Do we have configurable fail_action to pass the workflow even if we observe the findings?
from action-baseline.
The issue #31 was resolved and released in the latest version.
from action-baseline.
Hey, did anyone find a fix for the Otokit dependancy issue? I'm running zaproxy/[email protected]. Thanks
from action-baseline.
This no longer happens with the latest version (v0.8.0).
from action-baseline.
Related Issues (20)
- xml placeholder file not created as part of execution causing -x flag HOT 1
- Support User access token to create the issue HOT 2
- Hide the Docker clone logs
- Show error if rule file not found HOT 2
- Put ignored alerts in a details tag HOT 1
- Option to fail or pass the action based on alerts HOT 4
- Permission issue while Ajax scanning with root user HOT 2
- Error on fail_action HOT 1
- Capturing the ZAP scan run results and publish into Slack HOT 2
- OUTOFSCOPE doesn't seem to be working HOT 7
- Feature Request: Allow specifying artifact name HOT 6
- `Cannot listen on port 0.0.0.0:60926` error HOT 5
- Cannot turn off GitHub issue filing HOT 7
- GitHub Code Scanning Integration HOT 12
- Automation Framework - compatible with config file / basic auth? HOT 1
- Can't run with Ajax spider HOT 4
- Feature: Allows the use of Docker Volume Mount for /zap/wrk/
- Upgrade to node 16
- Nodejs 12 deprecated, upgrade to Nodejs 16. HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from action-baseline.