Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Action example configuration fails because cargo-audit not found #828

Open
tarkatronic opened this issue Mar 28, 2023 · 1 comment
Open

GitHub Action example configuration fails because cargo-audit not found #828

tarkatronic opened this issue Mar 28, 2023 · 1 comment

Comments

@tarkatronic
Copy link

I set up a basic GitHub Action attempting to run the Salus scanner, via this PR: underdog-tech/vulnbot#13

The action file is copied/pasted directly from the examples, with the exception of the actions/checkout version and what triggers cause it to run.

This action is failing with the following:

reports:
  - uri: file://salus-report.json
    format: json
    verbose: true
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
[INFORMATIONAL: 2023-03-28 15:52:15 +0000]: Salus is running.
#<Thread:0x00007f67b9e18d18 /home/lib/salus/processor.rb:105 run> terminated with exception (report_on_exception is true):
/usr/local/lib/ruby/3.2.0/open3.rb:222:in `spawn': No such file or directory - cargo-audit (Errno::ENOENT)
	from /usr/local/lib/ruby/3.2.0/open3.rb:222:in `popen_run'
	from /usr/local/lib/ruby/3.2.0/open3.rb:103:in `popen3'
	from /usr/local/lib/ruby/3.2.0/open3.rb:290:in `capture3'
	from /home/lib/salus/scanners/base.rb:149:in `run_shell'
	from /home/lib/salus/scanners/cargo_audit.rb:65:in `version'
	from /home/lib/salus/scanners/base.rb:[34](https://github.com/underdog-tech/dependabot-alert-bot/actions/runs/4544749565/jobs/8011940142#step:4:35):in `initialize'
	from /home/lib/salus/processor.rb:106:in `new'
	from /home/lib/salus/processor.rb:106:in `block (2 levels) in run_scanner'
bundler: failed to load command: /home/bin/salus (/home/bin/salus)
/usr/local/lib/ruby/3.2.0/open3.rb:222:in `spawn': No such file or directory - cargo-audit (Errno::ENOENT)
	from /usr/local/lib/ruby/3.2.0/open3.rb:222:in `popen_run'
	from /usr/local/lib/ruby/3.2.0/open3.rb:103:in `popen3'
	from /usr/local/lib/ruby/3.2.0/open3.rb:290:in `capture3'
	from /home/lib/salus/scanners/base.rb:149:in `run_shell'
	from /home/lib/salus/scanners/cargo_audit.rb:65:in `version'
	from /home/lib/salus/scanners/base.rb:34:in `initialize'
	from /home/lib/salus/processor.rb:106:in `new'
	from /home/lib/salus/processor.rb:106:in `block (2 levels) in run_scanner'

It appears that this is expecting the cargo-audit command to always be present on the system, which is not the case for a default ubuntu-latest image, and certainly not the case for a Go-based project.
@tarkatronic tarkatronic mentioned this issue Mar 28, 2023
Closed
@Piccirello
Copy link

We're using https://github.com/federacy/scan-action for running Salus and are also seeing failures due to cargo-audit.

[INFORMATIONAL: 2023-03-31 23:25:18 +0000]: Salus is running.
GoOSV is scanning...
#<Thread:0x00007f636f4f4fa0 /home/lib/salus/processor.rb:105 run> terminated with exception (report_on_exception is true):
/usr/local/lib/ruby/3.2.0/open3.rb:222:in `spawn': No such file or directory - cargo-audit (Errno::ENOENT)
	from /usr/local/lib/ruby/3.2.0/open3.rb:222:in `popen_run'
	from /usr/local/lib/ruby/3.2.0/open3.rb:103:in `popen3'
	from /usr/local/lib/ruby/3.2.0/open3.rb:290:in `capture3'
	from /home/lib/salus/scanners/base.rb:149:in `run_shell'
	from /home/lib/salus/scanners/cargo_audit.rb:65:in `version'
	from /home/lib/salus/scanners/base.rb:34:in `initialize'
	from /home/lib/salus/processor.rb:106:in `new'
	from /home/lib/salus/processor.rb:106:in `block (2 levels) in run_scanner'
GoVersionScanner is scanning...
GoPackageScanner is scanning...
GoPackageScanner has finished
RepoNotEmpty is scanning...
RepoNotEmpty has finished
ReportGoDep is scanning...
bundler: failed to load command: /home/bin/salus (/home/bin/salus)
ReportGoDep has finished
/usr/local/lib/ruby/3.2.0/open3.rb:222:in `spawn': No such file or directory - cargo-audit (Errno::ENOENT)
	from /usr/local/lib/ruby/3.2.0/open3.rb:222:in `popen_run'
	from /usr/local/lib/ruby/3.2.0/open3.rb:103:in `popen3'
	from /usr/local/lib/ruby/3.2.0/open3.rb:290:in `capture3'
	from /home/lib/salus/scanners/base.rb:149:in `run_shell'
	from /home/lib/salus/scanners/cargo_audit.rb:65:in `version'
	from /home/lib/salus/scanners/base.rb:34:in `initialize'
	from /home/lib/salus/processor.rb:106:in `new'
	from /home/lib/salus/processor.rb:106:in `block (2 levels) in run_scanner'

This was referenced Apr 3, 2023
Merged
Closed
@Piccirello Piccirello mentioned this issue Apr 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Rescue when there is an error calling cargo-audit tarkatronic/salus
3 participants
@tarkatronic @Piccirello and others