search

coinbase / salus

We would like to request that all contributors please clone a *fresh copy* of this repository since the September 21st maintenance.
22 stars 1 forks source link

GitHub Action example configuration fails because `cargo-audit` not found #828

Open tarkatronic opened 1 year ago

tarkatronic commented 1 year ago

I set up a basic GitHub Action attempting to run the Salus scanner, via this PR: https://github.com/underdog-tech/dependabot-alert-bot/pull/13

The action file is copied/pasted directly from the examples, with the exception of the actions/checkout version and what triggers cause it to run.

This action is failing with the following:

reports:
  - uri: file://salus-report.json
    format: json
    verbose: true
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
[INFORMATIONAL: 2023-03-28 15:52:15 +0000]: Salus is running.
#<Thread:0x00007f67b9e18d18 /home/lib/salus/processor.rb:105 run> terminated with exception (report_on_exception is true):
/usr/local/lib/ruby/3.2.0/open3.rb:222:in `spawn': No such file or directory - cargo-audit (Errno::ENOENT)
    from /usr/local/lib/ruby/3.2.0/open3.rb:222:in `popen_run'
    from /usr/local/lib/ruby/3.2.0/open3.rb:103:in `popen3'
    from /usr/local/lib/ruby/3.2.0/open3.rb:290:in `capture3'
    from /home/lib/salus/scanners/base.rb:149:in `run_shell'
    from /home/lib/salus/scanners/cargo_audit.rb:65:in `version'
    from /home/lib/salus/scanners/base.rb:[34](https://github.com/underdog-tech/dependabot-alert-bot/actions/runs/4544749565/jobs/8011940142#step:4:35):in `initialize'
    from /home/lib/salus/processor.rb:106:in `new'
    from /home/lib/salus/processor.rb:106:in `block (2 levels) in run_scanner'
bundler: failed to load command: /home/bin/salus (/home/bin/salus)
/usr/local/lib/ruby/3.2.0/open3.rb:222:in `spawn': No such file or directory - cargo-audit (Errno::ENOENT)
    from /usr/local/lib/ruby/3.2.0/open3.rb:222:in `popen_run'
    from /usr/local/lib/ruby/3.2.0/open3.rb:103:in `popen3'
    from /usr/local/lib/ruby/3.2.0/open3.rb:290:in `capture3'
    from /home/lib/salus/scanners/base.rb:149:in `run_shell'
    from /home/lib/salus/scanners/cargo_audit.rb:65:in `version'
    from /home/lib/salus/scanners/base.rb:34:in `initialize'
    from /home/lib/salus/processor.rb:106:in `new'
    from /home/lib/salus/processor.rb:106:in `block (2 levels) in run_scanner'

It appears that this is expecting the cargo-audit command to always be present on the system, which is not the case for a default ubuntu-latest image, and certainly not the case for a Go-based project.

Piccirello commented 1 year ago

We're using https://github.com/federacy/scan-action for running Salus and are also seeing failures due to cargo-audit.

[INFORMATIONAL: 2023-03-31 23:25:18 +0000]: Salus is running.
GoOSV is scanning...
#<Thread:0x00007f636f4f4fa0 /home/lib/salus/processor.rb:105 run> terminated with exception (report_on_exception is true):
/usr/local/lib/ruby/3.2.0/open3.rb:222:in `spawn': No such file or directory - cargo-audit (Errno::ENOENT)
    from /usr/local/lib/ruby/3.2.0/open3.rb:222:in `popen_run'
    from /usr/local/lib/ruby/3.2.0/open3.rb:103:in `popen3'
    from /usr/local/lib/ruby/3.2.0/open3.rb:290:in `capture3'
    from /home/lib/salus/scanners/base.rb:149:in `run_shell'
    from /home/lib/salus/scanners/cargo_audit.rb:65:in `version'
    from /home/lib/salus/scanners/base.rb:34:in `initialize'
    from /home/lib/salus/processor.rb:106:in `new'
    from /home/lib/salus/processor.rb:106:in `block (2 levels) in run_scanner'
GoVersionScanner is scanning...
GoPackageScanner is scanning...
GoPackageScanner has finished
RepoNotEmpty is scanning...
RepoNotEmpty has finished
ReportGoDep is scanning...
bundler: failed to load command: /home/bin/salus (/home/bin/salus)
ReportGoDep has finished
/usr/local/lib/ruby/3.2.0/open3.rb:222:in `spawn': No such file or directory - cargo-audit (Errno::ENOENT)
    from /usr/local/lib/ruby/3.2.0/open3.rb:222:in `popen_run'
    from /usr/local/lib/ruby/3.2.0/open3.rb:103:in `popen3'
    from /usr/local/lib/ruby/3.2.0/open3.rb:290:in `capture3'
    from /home/lib/salus/scanners/base.rb:149:in `run_shell'
    from /home/lib/salus/scanners/cargo_audit.rb:65:in `version'
    from /home/lib/salus/scanners/base.rb:34:in `initialize'
    from /home/lib/salus/processor.rb:106:in `new'
    from /home/lib/salus/processor.rb:106:in `block (2 levels) in run_scanner'