search

advanced-security / component-detection-dependency-submission-action

MIT License
10 stars 5 forks source link

Error creating a snapshot: Failed to submit snapshot: TypeError: Cannot read properties of null (reading 'toString') #75

Open nihalraghuraj-assent opened 4 weeks ago

nihalraghuraj-assent commented 4 weeks ago

I tried implementing the action against the latest version v0.0.3 on GHES 3.13 Still no dice, fails to create a snapshot for some reason. Could you please help me diagnose this issue??

Following the release of the new version, v0.0.3 and the conversion here: Fixed-issue, I tried to implement the following on my end:

name: Dependency Submission

on:
  push:
    branches: [ master, develop ]
  pull_request:
    branches: [ develop ]
  workflow_dispatch:

jobs:
  Component-Detection-Dependency:
    runs-on: windows-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Execute restore
        run: dotnet restore ./Assent.Party.Api.sln      

      - name: Download component-detection.exe
        run: |
          $output = "${env:GITHUB_WORKSPACE}\component-detection.exe"
          if (Test-Path $output) {
            Write-Output "Component Detection file already exists at $output"
          } else {
            $url = "https://github.com/microsoft/component-detection/releases/download/v5.1.5/component-detection-win-x64.exe"
            Invoke-WebRequest -Uri $url -OutFile $output
            Write-Output "Component Detection file downloaded to $output"
          }

      - name: List files in the current directory and check if component-detection.exe exists
        run: |
          Get-ChildItem -Path "${env:GITHUB_WORKSPACE}" | Format-Table Name, Length, LastWriteTime
          $filePath = "${env:GITHUB_WORKSPACE}\component-detection.exe"
          if (Test-Path -Path $filePath) {
              Write-Output "Component Detection file exists"
          } else {
              Write-Output "Component Detection file does not exist"
              exit 1
          }

      - name: Component Detection dependency submission action
        uses: advanced-security/component-detection-dependency-submission-action@v0.0.3

But still end up with the same error as below:

Run advanced-security/component-detection-dependency-submission-action@v0.0.3

Running component-detection
C:\actions-runner-3\_work\usvc-party\usvc-party\component-detection.exe scan --SourceDirectory . --ManifestFile ./output.json
[[1](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:1)6:28:47 INF] Finding components...
[16:28:47 INF] Starting enumeration of C:\actions-runner-3\_work\usvc-party\usvc-party
[16:28:47 INF] No instructions received to scan docker images.
[16:28:47 INF] Enumerated 471 files and 63 directories in 00:00:00.0287646
[16:28:49 INF] No python found on system. Python detection will not run.
                               Detection Summary                                
┌───────────────────┬───────────────────┬───────────────────┬──────────────────┐
│ Component         │ Detection Time    │ # Components      │ # Explicitly     │
│ Detector Id       │                   │ Found             │ Referenced       │
├───────────────────┼───────────────────┼───────────────────┼──────────────────┤
│ CocoaPods         │ 0.1[5](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:5) seconds      │ 0                 │ 0                │
│ Go                │ 0.14 seconds      │ 0                 │ 0                │
│ Gradle            │ 0.14 seconds      │ 0                 │ 0                │
│ Ivy (Beta)        │ 0.16 seconds      │ 0                 │ 0                │
│ Linux             │ 0.043 seconds     │ 0                 │ 0                │
│ MvnCli            │ 0.16 seconds      │ 0                 │ 0                │
│ Npm               │ 0.14 seconds      │ 0                 │ 0                │
│ NpmLockfile3      │ 0.14 seconds      │ 0                 │ 0                │
│ NpmWithRoots      │ 0.14 seconds      │ 0                 │ 0                │
│ NuGet             │ 0.14 seconds      │ 0                 │ 0                │
│ NuGetPackagesConf │ 0.14 seconds      │ 0                 │ 0                │
│ ig                │                   │                   │                  │
│ NuGetProjectCentr │ 0.22 seconds      │ 192               │ 36               │
│ ic                │                   │                   │                  │
│ PipReport         │ 1.[5](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:6) seconds       │ 0                 │ 0                │
│ Pnpm              │ 0.15 seconds      │ 0                 │ 0                │
│ Poetry (Beta)     │ 0.1[6](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:7) seconds      │ 0                 │ 0                │
│ Ruby              │ 0.16 seconds      │ 0                 │ 0                │
│ RustCli           │ 0.16 seconds      │ 0                 │ 0                │
│ RustCrateDetector │ 0.16 seconds      │ 0                 │ 0                │
│ Vcpkg             │ 0.16 seconds      │ 0                 │ 0                │
│ Yarn              │ 0.16 seconds      │ 0                 │ 0                │
│ ───────────────── │ ───────────────── │ ───────────────── │ ──────────────── │
│ Total             │ 1.[7](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:8) seconds       │ 192               │ 36               │
└───────────────────┴───────────────────┴───────────────────┴──────────────────┘
[16:2[8](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:9):49 INF] 
[16:28:49 INF] 
[16:28:49 INF] Detection time: 1.6739984 seconds.
[16:28:4[9](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:10) INF] Scan Manifest file: C:\actions-runner-3\_work\usvc-party\usvc-party\output.json
Getting manifests from results
Notice: Submitting snapshot...
Notice: {
    "detector": {
        "name": "Component Detection",
        "version": "0.0.1",
        "url": "https://github.com/advanced-security/component-detection-dependency-submission-action"
    },
    "version": 0,
    "job": {
        "correlator": "Component-Detection-Dependency",
        "id": "12803"
    },
    "sha": "418ca47180282f31120390027abafb31bee9793a",
    "ref": "refs/pull/478/merge",
    "scanned": "2024-[10](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:11)-31T16:28:49.819Z",
    "manifests": {
        "/test/Assent.Party.Api.UnitTests/Assent.Party.Api.UnitTests.csproj": {
            "resolved": {
                "pkg:nuget/System.Diagnostics.EventLog@6.0.0": {
                    "package_url": "pkg:nuget/System.Diagnostics.EventLog@6.0.0",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Microsoft.Extensions.Logging.EventLog@6.0.0": {
                    "package_url": "pkg:nuget/Microsoft.Extensions.Logging.EventLog@6.0.0",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Microsoft.TestPlatform.ObjectModel@[17](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:18).1.0": {
                    "package_url": "pkg:nuget/Microsoft.TestPlatform.ObjectModel@17.1.0",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Polly.Core@8.3.1": {
                    "package_url": "pkg:nuget/Polly.Core@8.3.1",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Castle.Core@5.0.0": {
                    "package_url": "pkg:nuget/Castle.Core@5.0.0",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Microsoft.Extensions.Configuration.CommandLine@6.0.0": {
                    "package_url": "pkg:nuget/Microsoft.Extensions.Configuration.CommandLine@6.0.0",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Microsoft.Extensions.Caching.Abstractions@6.0.0": {
                    "package_url": "pkg:nuget/Microsoft.Extensions.Caching.Abstractions@6.0.0",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Microsoft.Extensions.Logging.Debug@6.0.0": {
                    "package_url": "pkg:nuget/Microsoft.Extensions.Logging.Debug@6.0.0",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Moq@4.[18](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:19).1": {
                    "package_url": "pkg:nuget/Moq@4.18.1",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": [
                        "pkg:nuget/System.Diagnostics.EventLog@6.0.0",
                        "pkg:nuget/Castle.Core@5.0.0",
                        "pkg:nuget/Moq@4.18.1"
                    ]
                },
                "pkg:nuget/Microsoft.Extensions.Logging.Abstractions@6.0.1": {
                    "package_url": "pkg:nuget/Microsoft.Extensions.Logging.Abstractions@6.0.1",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuget/Microsoft.Extensions.DependencyInjection.Abstractions@6.0.0": {
                    "package_url": "pkg:nuget/Microsoft.Extensions.DependencyInjection.Abstractions@6.0.0",
                    "relationship": "indirect",
                    "scope": "runtime",
                    "dependencies": []
                },
                "pkg:nuge
Error: Cannot read properties of null (reading 'toString')
Error: TypeError: Cannot read properties of null (reading 'toString')
    at C:\actions-runner-3\_work\_actions\advanced-security\component-detection-dependency-submission-action\v0.0.3\webpack:\component-detection-action\node_modules\@github\dependency-submission-toolkit\dist\index.js:506:1
    at Generator.next (<anonymous>)
    at fulfilled (C:\actions-runner-3\_work\_actions\advanced-security\component-detection-dependency-submission-action\v0.0.3\webpack:\component-detection-action\node_modules\@github\dependency-submission-toolkit\dist\index.js:395:1)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

C:\actions-runner-3\_work\_actions\advanced-security\component-detection-dependency-submission-action\v0.0.3\webpack:\component-detection-action\node_modules\@github\dependency-submission-toolkit\dist\index.js:395
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
^
Error: Failed to submit snapshot: TypeError: Cannot read properties of null (reading 'toString')
    at C:\actions-runner-3\_work\_actions\advanced-security\component-detection-dependency-submission-action\v0.0.3\webpack:\component-detection-action\node_modules\@github\dependency-submission-toolkit\dist\index.js:5[20](https://git.assentcompliance.com/assent-compliance/usvc-party/actions/runs/12803/job/41047?pr=478#step:6:21):1
    at Generator.next (<anonymous>)
    at fulfilled (C:\actions-runner-3\_work\_actions\advanced-security\component-detection-dependency-submission-action\v0.0.3\webpack:\component-detection-action\node_modules\@github\dependency-submission-toolkit\dist\index.js:395:1)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Could you please help me understand, what I might be missing here?
pascjnes commented 3 weeks ago

I am currently having the same issue.

nihalraghuraj-assent commented 2 weeks ago

Hi, any updates on this issue??