Octokit problem about action-baseline HOT 29 CLOSED

For the record, the new version is now available.

from action-baseline.

When will come a new update?

There's no ETA for the update/release.

What's the issue you're trying to report?

I think the warning, despite everything working as expected better to update.

from action-baseline.

The Octokit warning is not the cause why the build fails but the warnings/alerts ZAP found WARN-NEW: 8.

from action-baseline.

The update would address the warning (actions/toolkit#333), not sure if it's as simple as, it's a major update (from 1.x to 2.x).

from action-baseline.

Having the same problem and tried the various workarounds but didn't have any luck. Is there an ETA for v0.4.0 currently? Would love to start using the action in production, but at the moment it fails our builds.

from action-baseline.

Thanks.

You mentioned your use exited with code 3, that's not related to Alerts, you seem to have some other failure.
Ref: https://github.com/zaproxy/zaproxy/blob/efb404d38280dc9ecf8f88c9b0c658385861bdcf/docker/zap-baseline.py#L31-L35

from action-baseline.

Hi @kingthorin , I will test this scenario in the coming weekend and will send a PR.

from action-baseline.

The warning is caused by a dependency (@actions/github) not this action, we'll have to update it.

from action-baseline.

Thanks for your fast response. When will come a new update?

from action-baseline.

It seems to be behaving as expected. It exited code 2 because you have new warnings.

What's the issue you're trying to report?

from action-baseline.

I can't share repository and log because it's private and has copyright. But the workflow is:

1. Create a deployment package for AWS EBS
2. Upload package to AWS S3 Budget
3. Trigger application update from AWS S3 Bucket
4. Perform ZAP scan (basic configuration - using the only target in with property)

On 4. step I got a warning/issue which forces action to fail but it will create a report file.

Thanks

from action-baseline.

To be clear why would it fail if there is a warning. Is this just a hacky way of giving alerts? How do you change the verbosity so that it fails on actual issues only?

from action-baseline.

If with "it" you are referring to the action itself, that's #31.

from action-baseline.

If with "it" you are referring to the action itself, that's #31.

@thc202 that issue perfectly covers my concern. Is there a way to stop this just failing if it finds any warnings but instead configure it? Or is that to be built?

from action-baseline.

You can just specify a rules file with the relevant rules to IGNORE instead of WARN.

from action-baseline.

Hi guys,

Just tried the new release v0.3.0 and got:

1. Basic configuration - The ZAP Baseline scan has failed, starting to analyze the alerts. err: Error: The process '/usr/bin/docker' failed with exit code 2 .After that, I saw there is a new parameter fail_action.
2. Tried in with parameter the fail_action with the value true or false which will produce an error Unexpected input(s) 'fail_action', valid inputs are ['token', 'target', 'rules_file_name', 'docker_name', 'cmd_options', 'issue_title']

By default ZAP Docker container will fail that is alright, but can we add and set fail_action to false if we want to ignore warnings which will produce action to pass?

Thanks

from action-baseline.

@njox the fail_action handling hasn't been released yet. You'd have to use the action based on commit id or wait for v0.4.0

from action-baseline.

Currently, I can't check the new version, but someone can test it, and if everything seems to be ok then the issue can be closed.

Thanks

from action-baseline.

Currently, I can't check the new version, but someone can test it, and if everything seems to be ok then the issue can be closed.

Thanks

I'll be online in about an hour and can test it to close the issue.

from action-baseline.

The issue should be kept open as the deprecation was not yet addressed.

from action-baseline.

Issue still seems to be reproducing on v0.4.0, albeit with an exit code 3 instead of 2.

Error: failed to scan the target: Error: The process '/usr/bin/docker' failed with exit code 3

from action-baseline.

@samrobinson123 please provide a link to your config/use.

from action-baseline.

@kingthorin Workflow is part of a private repository and so i'll put it here.

Please note, i've removed the target website in this example.

on: [push]

jobs:
      zap_scan:
           runs-on: ubuntu-latest
           name: Scan the web application
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          ref: main
      - name: ZAP Scan
        uses: zaproxy/[email protected]
        with:
         target: ‘My target'

from action-baseline.

The issue should be kept open as the deprecation was not yet addressed.

@sshniro is addressing the deprecation warning as simple as updating our dependencies?

from action-baseline.

I am getting a similar error: https://github.com/jasikpark/jasik-xyz/runs/1521221382?check_suite_focus=true

from action-baseline.

Was this issue resolved? Do we have configurable fail_action to pass the workflow even if we observe the findings?

from action-baseline.

The issue #31 was resolved and released in the latest version.

from action-baseline.

Hey, did anyone find a fix for the Otokit dependancy issue? I'm running zaproxy/[email protected]. Thanks

from action-baseline.

This no longer happens with the latest version (v0.8.0).

from action-baseline.