security-code-scan / security-code-scan-results-action Goto Github PK
View Code? Open in Web Editor NEWGitHub Action to integrate https://github.com/security-code-scan/security-code-scan into CI/CD process.
GitHub Action to integrate https://github.com/security-code-scan/security-code-scan into CI/CD process.
I'm getting this error on "Set up projects for analysis"
InvalidOperation: D:\a\_temp\238bcc4a-d7dd-49be-9a75-f51f8f0d60ab.ps1:94
Line |
94 | $propertyGroups[0].AppendChild($errorLog)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| You cannot call a method on a null-valued expression.
Error: Process completed with exit code 1.
Repo is this: https://github.com/paulomorgado/Microsoft.Extensions.AspNet
securitycodescan-analysis.yml file:
# This workflow integrates SecurityCodeScan with GitHub's Code Scanning feature
# SecurityCodeScan is a vulnerability patterns detector for C# and VB.NET
name: SecurityCodeScan
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '31 23 * * 6'
jobs:
SCS:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
- uses: nuget/[email protected]
- uses: microsoft/[email protected]
- name: Set up projects for analysis
uses: security-code-scan/security-code-scan-add-action@main
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore
- name: Convert sarif for uploading to GitHub
uses: security-code-scan/security-code-scan-results-action@main
- name: Upload sarif
uses: github/codeql-action/upload-sarif@v1
How can I diagnose this?
I'm getting this error:
2021-07-08T07:40:28.5323142Z ##[group]Run security-code-scan/security-code-scan-results-action@main
2021-07-08T07:40:28.5323987Z with:
2021-07-08T07:40:28.5324433Z sarif_directory: ../results
2021-07-08T07:40:28.5324804Z env:
2021-07-08T07:40:28.5325356Z NUGET: C:\hostedtoolcache\windows\nuget.exe\5.10.0\x64/nuget.exe
2021-07-08T07:40:28.5326087Z ##[endgroup]
2021-07-08T07:40:33.7776972Z You can invoke the tool using the following command: sarif
2021-07-08T07:40:33.7778165Z Tool 'sarif.multitool' (version '2.3.10') was successfully installed.
2021-07-08T07:40:43.2192577Z D:\a\Microsoft.Extensions.AspNet\Microsoft.Extensions.AspNet\convert.js:12
2021-07-08T07:40:43.2194554Z run.tool.driver.rules = run.tool.driver.rules.filter((e => e.id.startsWith("SCS")));
2021-07-08T07:40:43.2195578Z ^
2021-07-08T07:40:43.2195957Z
2021-07-08T07:40:43.2196729Z TypeError: Cannot read property 'filter' of undefined
2021-07-08T07:40:43.2199700Z at Object.<anonymous> (D:\a\Microsoft.Extensions.AspNet\Microsoft.Extensions.AspNet\convert.js:12:51)
2021-07-08T07:40:43.2201166Z at Module._compile (internal/modules/cjs/loader.js:1085:14)
2021-07-08T07:40:43.2202090Z at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
2021-07-08T07:40:43.2202947Z at Module.load (internal/modules/cjs/loader.js:950:32)
2021-07-08T07:40:43.2203976Z at Function.Module._load (internal/modules/cjs/loader.js:790:14)
2021-07-08T07:40:43.2205158Z at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)
2021-07-08T07:40:43.2206709Z at internal/main/run_main_module.js:17:47
2021-07-08T07:40:43.2312568Z ##[error]Process completed with exit code 1.
Getting the following Error at the Convert sarif for uploading to GitHub
step
I have tried Tag v1.2, v1.3 and main
Run security-code-scan/security-code-scan-results-action@main
Run dotnet tool install --global Sarif.Multitool --version 2.3.10
Welcome to .NET 7.0!
---------------------
SDK Version: 7.0.202
Telemetry
---------
The .NET tools collect usage data in order to help us improve your experience. It is collected by Microsoft and shared with the community. You can opt-out of telemetry by setting the DOTNET_CLI_TELEMETRY_OPTOUT environment variable to '1' or 'true' using your favorite shell.
Read more about .NET CLI Tools telemetry: https://aka.ms/dotnet-cli-telemetry
----------------
Installed an ASP.NET Core HTTPS development certificate.
To trust the certificate run 'dotnet dev-certs https --trust' (Windows and macOS only).
Learn about HTTPS: https://aka.ms/dotnet-https
----------------
Write your first app: https://aka.ms/dotnet-hello-world
Find out what's new: https://aka.ms/dotnet-whats-new
Explore documentation: https://aka.ms/dotnet-docs
Report issues and find source on GitHub: https://github.com/dotnet/core
Use 'dotnet --help' to see available commands or visit: https://aka.ms/dotnet-cli
--------------------------------------------------------------------------------------
You can invoke the tool using the following command: sarif
Tool 'sarif.multitool' (version '2.3.10') was successfully installed.
D:\a\ViVeTool-GUI\ViVeTool-GUI\convert.js:12
run.tool.driver.rules = run.tool.driver.rules.filter((e => e.id.startsWith("SCS")));
^
TypeError: Cannot read properties of undefined (reading 'filter')
at Object.<anonymous> (D:\a\ViVeTool-GUI\ViVeTool-GUI\convert.js:12:51)
at Module._compile (node:internal/modules/cjs/loader:1254:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1308:10)
at Module.load (node:internal/modules/cjs/loader:1117:32)
at Module._load (node:internal/modules/cjs/loader:958:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:[81](https://github.com/PeterStrick/ViVeTool-GUI/actions/runs/4616456594/jobs/8161487714#step:8:83):12)
at node:internal/main/run_main_module:23:47
Node.js v18.15.0
Error: Process completed with exit code 1.
Workflow File:
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow integrates SecurityCodeScan with GitHub's Code Scanning feature
# SecurityCodeScan is a vulnerability patterns detector for C# and VB.NET
name: SecurityCodeScan
on:
push:
pull_request:
schedule:
- cron: '30 6 * * 3'
jobs:
SCS:
if: ${{ github.actor != 'dependabot[bot]' }}
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- uses: nuget/setup-nuget@fd9fffd6ca4541cf4152a9565835ca1a88a6eb37
- uses: microsoft/[email protected]
- name: Set up projects for analysis
uses: security-code-scan/[email protected]
- name: Restore dependencies
run: nuget restore
- name: Build
run: msbuild
- name: Convert sarif for uploading to GitHub
uses: security-code-scan/security-code-scan-results-action@main
- name: Display Sarif Files in the results Folder
run: cat D:\a\ViVeTool-GUI\results\*.sarif
- name: Upload sarif
uses: github/codeql-action/upload-sarif@v2
Link to failed Workflow: https://github.com/PeterStrick/ViVeTool-GUI/actions/runs/4616456594
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.