search

projectdiscovery / nuclei-action

Vulnerability Scan with Nuclei
https://projectdiscovery.io/nuclei
MIT License
242 stars 70 forks source link

No Sarif output #75

Closed tibbon closed 9 months ago

tibbon commented 9 months ago

Trying to run this action, and getting no sarif output. Other file debug outputs seem to produce something minimal at least. Ideas?

Partial Github action file:

      - name: Nuclei - Vulnerability Scan
        uses: projectdiscovery/nuclei-action@main
        with:
          target: https://example.com
          workflows: security-assertions/foo-bar/00-foobar--workflow.yaml
          flags: -var EMAIL=${{ matrix.username }} -var PASSWORD=${{ secrets[matrix.password_secret] }}
          sarif-export: nuclei.sarif

      - name: Print nuclei.sarif File Content
        run: cat nuclei.sarif
/home/runner/work/_temp/51b80b73-65d9-4ebf-add6-d816bd351d6f/nuclei -target=https://example.com/ -w=security-assertions/foo-bar/00-foobar--workflow.yaml -se=nuclei.sarif -o=nuclei.log -irr -var=EMAIL=user@example.com -var=***

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.10

        projectdiscovery.io

[INF] nuclei-templates are not installed, installing...
[INF] Successfully installed nuclei-templates at /home/runner/nuclei-templates
[INF] Current nuclei version: v3.1.10 (latest)
[INF] Current nuclei-templates version: v9.7.6 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] Workflows loaded for current scan: 1
[WRN] Executing 3 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] No results found. Better luck next time!
cat nuclei.sarif
  shell: /usr/bin/bash -e {0}
cat: nuclei.sarif: No such file or directory
olearycrew commented 9 months ago

[INF] No results found. Better luck next time!

Because there were no results, there would be no file created.