-
-
Save brandon-pangilinan/00799f32d8fe1809998126653b15be20 to your computer and use it in GitHub Desktop.
OWASP 8.0.2 Log for CLI failure on node application finding pyproject.toml inside a node module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Run myorg/owasp-action@master | |
with: | |
repository: my_repo | |
db_pass: *** | |
path: artifacts/source | |
cyber_suppressions_path: owasp-path/my_repo | |
output: reports | |
args: --enableExperimental --disableOssIndex --disableYarnAudit --nodeAuditSkipDevDependencies | |
format: ALL | |
env: | |
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt | |
GITHUB_REPO_NAME: | |
GIT_TOKEN: *** | |
NEXUS_USERNAME: *** | |
NEXUS_PASSWORD: *** | |
NEXUS_TOKEN: *** | |
HARBOR_URL: my.harbor.url | |
PROJECT_NAME: my_project | |
GIT_SOURCE_BRANCH: master | |
ORGANIZATION: my_org | |
GITHUB_API_URL: *** | |
SONAR_URL: *** | |
repository: *** | |
source path: artifacts/source | |
cyber suppressions path: *** | |
report format: ALL | |
output path: reports | |
--enableExperimental --disableOssIndex --disableYarnAudit --nodeAuditSkipDevDependencies | |
args: undefined | |
found files [ '***-owasp-suppressions.xml' ] | |
/bin/mkdir -p reports | |
/usr/share/dependency-check/bin/dependency-check.sh -s artifacts/source -f ALL -o reports --enableExperimental --disableOssIndex --disableYarnAudit --nodeAuditSkipDevDependencies --suppression /github/workspace/***-owasp-suppressions.xml --disableAssembly --disableCentral | |
[INFO] Checking for updates | |
[INFO] Skipping NVD check since last check was within 4 hours. | |
[INFO] Skipping RetireJS update since last update was within 24 hours. | |
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours. | |
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. | |
[INFO] Check for updates complete (31 ms) | |
[INFO] | |
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. | |
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html | |
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html | |
💖 Sponsor: https://github.com/sponsors/jeremylong | |
[INFO] Analysis Started | |
[INFO] Finished Archive Analyzer (0 seconds) | |
[INFO] Finished File Name Analyzer (0 seconds) | |
[INFO] Finished Python Package Analyzer (0 seconds) | |
[WARN] An error occurred while analyzing '/github/workspace/artifacts/source/node_modules/node-gyp/gyp/pyproject.toml' (Poetry Analyzer). | |
[INFO] Finished Poetry Analyzer (0 seconds) | |
[INFO] Finished Autoconf Analyzer (0 seconds) | |
[WARN] Unable to find node module: /github/workspace/artifacts/source/node_modules/@angular-eslint/eslint-plugin-template/node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils/package.json | |
[WARN] Unable to find node module: /github/workspace/artifacts/source/node_modules/@angular-eslint/eslint-plugin/node_modules/@angular-eslint/utils/node_modules/@typescript-eslint/utils/package.json | |
[WARN] dependency skipped: node module @esbuild/android-arm seems optional and not installed | |
[WARN] dependency skipped: node module @esbuild/linux-loong64 seems optional and not installed | |
[WARN] Unable to find node module: /github/workspace/artifacts/source/node_modules/@graphql-codegen/cli/node_modules/graphql-config/node_modules/@graphql-tools/graphql-file-loader/package.json | |
[WARN] Unable to find node module: /github/workspace/artifacts/source/node_modules/@graphql-codegen/cli/node_modules/graphql-config/node_modules/@graphql-tools/json-file-loader/package.json | |
[WARN] Unable to find node module: /github/workspace/artifacts/source/node_modules/@graphql-codegen/cli/node_modules/graphql-config/node_modules/@graphql-tools/load/package.json | |
[WARN] Unable to find node module: /github/workspace/artifacts/source/node_modules/@graphql-codegen/cli/node_modules/graphql-config/node_modules/cosmiconfig-typescript-loader/package.json | |
[WARN] Unable to find node module: /github/workspace/artifacts/source/node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils/package.json | |
[WARN] dependency skipped: node module esbuild-android-64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-android-arm64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-darwin-64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-darwin-arm64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-freebsd-64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-freebsd-arm64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-linux-32 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-linux-arm seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-linux-arm64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-linux-mips64le seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-linux-ppc64le seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-linux-riscv64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-linux-s390x seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-netbsd-64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-openbsd-64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-sunos-64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-windows-32 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-windows-64 seems optional and not installed | |
[WARN] dependency skipped: node module esbuild-windows-arm64 seems optional and not installed | |
[WARN] dependency skipped: node module fsevents seems optional and not installed | |
[INFO] Finished Node.js Package Analyzer (53 seconds) | |
[INFO] Finished Dependency Merging Analyzer (16 seconds) | |
[INFO] Finished Version Filter Analyzer (0 seconds) | |
[INFO] Finished Hint Analyzer (1 seconds) | |
[INFO] Created CPE Index (1 seconds) | |
[INFO] Finished NPM CPE Analyzer (2 seconds) | |
[INFO] Created CPE Index (1 seconds) | |
[INFO] Finished CPE Analyzer (9 seconds) | |
[INFO] Finished False Positive Analyzer (0 seconds) | |
[INFO] Finished NVD CVE Analyzer (0 seconds) | |
[INFO] Finished Node Audit Analyzer (0 seconds) | |
[INFO] Finished RetireJS Analyzer (103 seconds) | |
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds) | |
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) | |
[INFO] Finished Dependency Bundling Analyzer (433 seconds) | |
[INFO] Suppression Rule had zero matches: SuppressionRule{sha1=646dc756ff16c464fcb63e17b2cd5ee4ad4f8b66,cve={CVE-2022-2900,}} | |
[INFO] Suppression Rule had zero matches: SuppressionRule{sha1=646dc756ff16c464fcb63e17b2cd5ee4ad4f8b66,cve={CVE-2022-2217,}} | |
[INFO] Suppression Rule had zero matches: SuppressionRule{sha1=646dc756ff16c464fcb63e17b2cd5ee4ad4f8b66,cve={CVE-2022-2218,}} | |
[INFO] Suppression Rule had zero matches: SuppressionRule{sha1=646dc756ff16c464fcb63e17b2cd5ee4ad4f8b66,cve={CVE-2022-3224,}} | |
[INFO] Suppression Rule had zero matches: SuppressionRule{sha1=646dc756ff16c464fcb63e17b2cd5ee4ad4f8b66,cve={CVE-2022-0722,}} | |
[INFO] Suppression Rule had zero matches: SuppressionRule{sha1=646dc756ff16c464fcb63e17b2cd5ee4ad4f8b66,cve={CVE-2022-2216,}} | |
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds) | |
[INFO] Analysis Complete (622 seconds) | |
[INFO] Writing report to: /github/workspace/reports/dependency-check-report.xml | |
[INFO] Writing report to: /github/workspace/reports/dependency-check-report.html | |
[INFO] Writing report to: /github/workspace/reports/dependency-check-report.json | |
[INFO] Writing report to: /github/workspace/reports/dependency-check-report.csv | |
[INFO] Writing report to: /github/workspace/reports/dependency-check-report.sarif | |
[INFO] Writing report to: /github/workspace/reports/dependency-check-jenkins.html | |
[INFO] Writing report to: /github/workspace/reports/dependency-check-junit.xml | |
Error: Python `pyproject.toml` found and there is not a `poetry.lock` or `requirements.txt` - analysis will be incomplete | |
Error: The process '/usr/share/dependency-check/bin/dependency-check.sh' failed with exit code 14 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment