search

aws-actions / vulnerability-scan-github-action-for-amazon-inspector

Scan artifacts with Amazon Inspector from GitHub Actions workflows.
https://docs.aws.amazon.com/inspector/
MIT License
25 stars 6 forks source link

Bug: Zero findings causes action to fail due to missing CSV file #85

Closed Schwartz-Matthew-bah closed 1 month ago

Schwartz-Matthew-bah commented 1 month ago

Description

If the scanner finds no vulnerabilities the actions will fail because the results CSV file is not generated. The JSON and Markdown results are still generated so this is inconsistent behavior.

Expected Behavior

CSV file with column headers should be produced even if there are no findings.

Actual Behavior

CSV file generation is skipped. This causes the cat command to fail and therefore the action to fail.

cat ${{ steps.inspector.outputs.inspector_scan_results_csv }}
cat: inspector_scan_10621029013.csv: No such file or directory

https://github.com/aws-actions/vulnerability-scan-github-action-for-amazon-inspector/blob/51b74849864257707482446461b6636628da9754/entrypoint/entrypoint/orchestrator.py#L348

Steps to Reproduce

Use the example workflow file from the README and run the action on a repository with zero vulnerabilities.

bluesentinelsec commented 1 month ago

Hello, thank you for raising this issue. We are investigating and will report back when we have additional information.

bluesentinelsec commented 1 month ago

I understand your workflow is failing because it expects the CSV to be present, but it is not, resulting in exit code 1 and failing your workflow. I can reproduce this issue as well. We are presently working on a fix. In the mean time, you may consider commenting out the cat line that is breaking your workflow. I will report back when I have an ETA for the fix.

Schwartz-Matthew-bah commented 1 month ago

Thank you!

bluesentinelsec commented 1 month ago

We have implemented a fix to resolve your issue. The fix is presently being tested to validate that the fix works as intended. If we are confident in the solution we may cut a new release as soon as next week, at which point, you can pull in the updates. Thank you for your continued patience and have a great weekend.

bluesentinelsec commented 1 month ago

@Schwartz-Matthew-bah Our fix is now available for your use. Please update your workflows to point to this release: https://github.com/aws-actions/vulnerability-scan-github-action-for-amazon-inspector/releases/tag/v1

I'll also add that we are now tagging the latest release with v1, meaning, you can automatically consume minor and hotfix releases if you choose (see issue #87 ).

bluesentinelsec commented 1 month ago

Marking this issue as resolved. Please re-open the issue if there are subsequent problems.