search

actions / dependency-review-action

A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs
MIT License
589 stars 99 forks source link

[BUG] Error "fetch failed" when using proxy #814

Open lindeberg opened 3 weeks ago

lindeberg commented 3 weeks ago

Describe the bug Error "fetch failed" when using proxy on a self-hosted runner with a proxy with least privelege network access, and these domains are allowed:

2024-08-16T06:36:11.3271510Z Dependency review did not detect any denied packages
2024-08-16T06:36:31.3476555Z ##[error]fetch failed

To Reproduce Steps to reproduce the behavior:

  1. Set up a self-hosted runner with least privelege network access

      - name: Dependency Review
    uses: actions/dependency-review-action@v4
    with:
      fail-on-severity: low
      license-check: false

  2. Allow the domains above

  3. Run dependency-review such that it triggers calls to these domains

  4. See the error

Expected behavior It should be all good!

Screenshots image

Action version v4.3.4

bteng22 commented 3 weeks ago

Hey @lindeberg thanks for reporting this. If you disable the OpenSSF scorecards does the fetch still fail? show-openssf-scorecard: false Trying to narrow down the causes here

lindeberg commented 3 weeks ago

Failing still with show-openssf-scorecard: false: image