search

SAP / credential-digger

A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock:
Apache License 2.0
317 stars 49 forks source link

Unable to run credentialdiggerScan in Azure Pipelines #309

Closed I521822 closed 4 months ago

I521822 commented 4 months ago

I have configured a pipeline in Azure to run the credentialdigger, this is the config provided in pipeline for the same,

credentialdiggerScan:
    repository: "https://github.tools.sap/acra/cmm-market-curves-srv"
    models: ['PathModel', 'PasswordModel']
    githubVaultSecretName: 'GROUP-SECRETS/github-acra-serviceuser'
    snapshot: 'hyperpaceTest'
    debug: true

Logs show some findings are found but there is an error in the 'get_discoveries' and the findings.csv file is created with no data. Attaching the full console logs here.

info credentialdiggerScan - running command: credentialdigger get_discoveries https://github.tools.sap/acra/cmm-market-curves-srv --sqlite piper_step_db.db --save findings.csv --state new info credentialdiggerScan - 2024-06-21 09:34:51.756043: W tensorflow/stream_executor/platform/default/dso_loader.cc:64] Could not load dynamic library 'libcudart.so.11.0'; dlerror: libcudart.so.11.0: cannot open shared object file: No such file or directory info credentialdiggerScan - 2024-06-21 09:34:51.756088: I tensorflow/stream_executor/cuda/cudart_stub.cc:29] Ignore above cudart dlerror if you do not have a GPU set up on your machine. info credentialdiggerScan - INFO:dotenv.main:Python-dotenv could not find configuration file .env. info credentialdiggerScan - INFO:credentialdigger.cli.cli:Database in use: Sqlite error credentialdiggerScan - ERROR:credentialdigger.cli.get_discoveries:list index out of range

Could you kindly suggest what could be the reason of this failure?

I521822 commented 4 months ago

credentialdiggerScan.txt

marcorosa commented 4 months ago

Hi @I521822, this issue is generated in sap/jenkins-library and not here so you should open it in the relevant project.

As a side note, we had already provided a fix that was not reviewed for a long time and was closed after going stale.

I521822 commented 4 months ago

thanks for the reference, does this mean the action is on piper teams end to apply the fix? Is there any central issue or any other reference open with the piper team?

Is there a PR created in the internal github as well? https://github.wdf.sap.corp/ContinuousDelivery/piper-library

marcorosa commented 4 months ago

Please try to open an issue in sap/jenkins-library (and feel free to tag me), and we see if we can reopen that PR and have it reviewed.

credentialdiggerScan is a step of piper-os so it's development is only in the public github repo

I521822 commented 4 months ago

sure thanks let me open it, although I am not sure of any response in the public git repo as have seen in my past experiences. Will also anyway reference the same issue in the internal git project as well.