Checking for updates...
go: downloading google.golang.org/protobuf v1.28.1
Error: Failed to query the GitHub API for updates.
This is most likely due to GitHub rate-limiting on unauthenticated requests.
To make authenticated requests please:
1. Generate a token at https://github.com/settings/tokens
2. Set the token by either adding it to your ~/.gitconfig or
setting the GITHUB_TOKEN environment variable.
Instructions for generating a token can be found at:
https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/
We call the GitHub releases API to look for new releases.
More information about that API can be found here: https://developer.github.com/v3/repos/releases/
: GET https://api.github.com/repos/sonatype-nexus-community/nancy/releases: 403 API rate limit exceeded for 40.122.242.98. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) [rate reset in 13m07s]
For more information, check the log file at /root/.ossindex/nancy.combined.log
nancy version: 1.0.42
Usage:
nancy sleuth [flags]
Examples:
go list -json -deps ./... | nancy sleuth --username your_user --token your_token
nancy sleuth -p Gopkg.lock --username your_user --token your_token
Flags:
-a, --additional-exclude-vulnerability-files strings Path to additional files containing newline separated CVEs or OSS Index IDs to be excluded
-e, --exclude-vulnerability CveListFlag Comma separated list of CVEs or OSS Index IDs to exclude (default [])
-x, --exclude-vulnerability-file string Path to a file containing newline separated CVEs or OSS Index IDs to be excluded (default "./.nancy-ignore")
-h, --help help for sleuth
-n, --no-color indicate output should not be colorized
-o, --output string Styling for output format. json, json-pretty, text, csv (default "text")
Global Flags:
-v, -- count Set log level, multiple v's is more verbose
-d, --db-cache-path string Specify an alternate path for caching responses from OSS Inde, example: /tmp
--loud indicate output should include non-vulnerable packages
-p, --path string Specify a path to a dep Gopkg.lock file for scanning
-q, --quiet indicate output should contain only packages with vulnerabilities (default true)
--skip-update-check Skip the check for updates.
-t, --token string Specify OSS Index API token for request
-u, --username string Specify OSS Index username for request
-V, --version Get the version
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading golang.org/x/sys v0.1.0
go: downloading github.com/KyleBanks/depth v1.2.1
go: downloading github.com/go-openapi/jsonreference v0.20.0
go: downloading github.com/go-openapi/spec v0.20.7
go: downloading golang.org/x/tools v0.2.0
go: downloading github.com/tidwall/match v1.1.1
go: downloading github.com/tidwall/pretty v1.2.1
go: downloading github.com/go-playground/universal-translator v0.18.0
go: downloading github.com/leodido/go-urn v1.2.1
go: downloading golang.org/x/crypto v0.1.0
go: downloading golang.org/x/text v0.4.0
go: downloading github.com/go-openapi/jsonpointer v0.19.5
go: downloading github.com/go-openapi/swag v0.22.3
go: downloading github.com/go-playground/locales v0.14.0
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading github.com/josharian/intern v1.0.0
pkg/exasol-rest-api/application_runner.go:4:2: package main/doc/swagger is not in GOROOT (/opt/hostedtoolcache/go/1.18.10/x64/src/main/doc/swagger)
Error: Process completed with exit code 1.
kaklakariada
commented
1 year ago
Security scanner github actions fails currently: https://github.com/exasol/exasol-rest-api/actions/runs/4001179395/jobs/6867156944