search

Legit-Labs / legitify

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
https://legitify.dev
Apache License 2.0
771 stars 63 forks source link

Running the GitHub action with ` scorecard: verbose` fails with error `failed to enrich scorecard: expecting []ScorecardCheck` #260

Closed rajbos closed 12 months ago

rajbos commented 1 year ago

TL;DR

Running the action with scorecard: verbose throws an error. Running with scorecard: yes works.

   steps:
      - name: Legitify Action
        uses: Legit-Labs/legitify@main
        with:
          github_token: ${{ secrets.GH_PAT }}
          analyze_self_only: true
          scorecard: verbose

Expected behavior

A working scan

Observed behavior

The error seems that to be the issue: failed to enrich scorecard: expecting []ScorecardCheck

Version

main

On which operating system are you using legitify?

Linux

Relevant log output

execute legitify analyze: [
  'analyze',
  '--scorecard',
  'verbose',
  '--repo',
  '<org>/<repo>',
  '--ignore-policies-file',
  './ignored-policies',
  '--output-format',
  'json',
  '--output-file',
  'legitify-output.json'
]
execute legitify convert sarif: [
  'convert',
  '--input-file',
  'legitify-output.json',
  '--output-format',
  'sarif',
  '--output-file',
  'legitify-output.sarif'
]
Error: The process '/home/runner/work/_actions/Legit-Labs/legitify/main/legitify' failed with exit code 1 | stderr: Error: failed to parse flattened scheme: failed to parse aux for violation: failed to enrich scorecard: expecting []ScorecardCheck

Error: Error: The process '/home/runner/work/_actions/Legit-Labs/legitify/main/legitify' failed with exit code 1

Additional information

No response

noamd-legit commented 12 months ago

Fixed in v1.0.4 - https://github.com/Legit-Labs/legitify/releases/tag/v1.0.4