prabhu
commented
1 year ago Found the issue. bom file generated by dep-scan is breaking scan.
[01:58:10] WARNING Unable to parse sarif file /__w/1/a/CodeAnalysisLogs/depscan-bom-report-github.json
WARNING Unable to parse sarif file /__w/1/a/CodeAnalysisLogs/depscan-bom-report-java.xml
WARNING Unable to parse sarif file /__w/1/a/CodeAnalysisLogs/depscan-bom-report-github.xml
WARNING Unable to parse sarif file /__w/1/a/CodeAnalysisLogs/depscan-bom-report-java.json
Traceback (most recent call last):
File "/usr/local/src/scan", line 786, in <module>
main()
File "/usr/local/src/scan", line 748, in main
report_summary, build_status = analysis.summary(
File "/usr/local/src/lib/analysis.py", line 121, in summary
dep_data = get_depscan_data(drep_file)
File "/usr/local/src/lib/analysis.py", line 45, in get_depscan_data
dataList.append(json.loads(depline))
File "/usr/lib64/python3.8/json/__init__.py", line 357, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python3.8/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python3.8/json/decoder.py", line 353, in raw_decode
obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 2 column 1 (char 2)
hyeongguen-song
https://github.com/ShiftLeftSecurity/scan-action/issues/32 Seems since docker image change https://hub.docker.com/layers/shiftleft/scan/latest/images/sha256-b77a1973d201b39a67a24487415bc900cafd5a4bd94f474f5b524b982e547eb9?context=explore