search

synopsys-sig / synopsys-action

Synopsys Action consuming Synopsys scanning tools
Apache License 2.0
24 stars 18 forks source link

[GitHub Commenter] WARNING: Empty table records of issue BlackDuckHubResults from BlackDuck #222

Open harsharora001 opened 6 months ago

harsharora001 commented 6 months ago

While running the GitHub action for Blackduck, I can see the results properly, but the comments are not coming as PR comments

Action:

name: Perform Blackduck checkout id: bd-scan uses: synopsys-sig/synopsys-action@v1.9.0 env: DETECT_PROJECT_NAME: '${{ env.blackduckProjectName }}' DETECT_PROJECT_VERSION_NAME: master DETECT_PARENT_PROJECT_NAME: master-project DETECT_PARENT_PROJECT_VERSION_NAME: master DETECT_PROJECT_DESCRIPTION: '${{ env.blackduckProjectName }}' DETECT_TOOLS_EXCLUDED: SIGNATURE_SCAN DETECT_WAIT_FOR_RESULTS: TRUE DETECT_RISK_REPORT_PDF: TRUE DETECT_POLICY_CHECK_FAIL_ON_SEVERITIES: BLOCKER,CRITICAL,MAJOR,MINOR DETECT_TIMEOUT: 3600 LOGGING_LEVEL_COM_SYNOPSYS_INTEGRATION: DEBUG DETECT_RISK_REPORT_PDF_PATH: ./bd-scan DETECT_OUTPUT_PATH: ./bd-scan DETECT_PROJECT_CODELOCATION_UNMAP: true

DETECT_BLACKDUCK_RAPID_COMPARE_MODE: ALL

with: blackduck_token: ${{ env.blackduckAuth }} blackduck_url: ${{ secrets.DS_BLACKDUCK_URL }} github_token: ${{ secrets.GITHUB_TOKEN }} blackduck_scan_full: false blackduck_automation_fixpr: false blackduck_prComment_enabled: true blackduck_scan_failure_severities: 'BLOCKER,CRITICAL,MAJOR,MINOR' include_diagnostics: true

Github action logs

202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- ======== Detect Result ======== 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Rapid Scan Result: (for more detail look in the log for Rapid Scan Result Details) 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: ---
202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Critical and blocking policy violations for 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- * Components: 0 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- * Security: 0 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- * License: 0 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: ---
202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Other policy violations 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- * Components: 3 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- * Security: 11 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- * License: 0 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: ---
202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Policies Violated: 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- High Security Vulnerability 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Medium Security Vulnerability 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: ---
202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Components with Policy Violations: 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: ---
202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Components with Policy Violation s: 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Lodash .6.0 (npmjs:lodash.omitby/.6.0) 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- follow-redirects 1.15.5 (npmjs:follow-redirects/1.15.5) 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- ===== Transitive Guidance ===== 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: ---
202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Transitive upgrade guidance: 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Upgrade component axios/1.6.0 to version 1.6.8 in order to upgrade transitive component follow-redirects/1.15.5 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- ======== Detect Stat ======== 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- GIT: SUCCESS 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- NPM: SUCCESS 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Overall Stat: SUCCESS - Detect exited successfully. 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- =============================== 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- 202-05-25 :30:31.0000 UTC [Blackduck Execution] [main] INFO: --- Detect duration: 00h 01m 26s 268ms 202-05-25 :30:31.1515 UTC [Blackduck Execution] INFO: Provided value for resource 'blackduck.completed' 202-05-25 :30:31.1515 UTC [Blackduck Execution] DEBUG: Provided value '' for resource 'blackduck.completed' 202-05-25 :30:31.1522 UTC [Blackduck Execution] INFO: Provided value for resource 'blackduck.results.path' 202-05-25 :30:31.1523 UTC [Blackduck Execution] DEBUG: Provided value '/home/runner/work//.bridge/Blackduck Execution/detect' for resource 'blackduck.results.path' 202-05-25 :30:31.1527 UTC [Blackduck Execution] INFO: Adapter finished 202-05-25 :30:31.2980 UTC [Synopsys Bridge] INFO: Starting adapters for stage githubprcomment 202-05-25 :30:31.2898 UTC [Blackduck Results] DEBUG: reading report file "/home/runner/work//.bridge/Blackduck Execution/detect/runs/202-05-25--29-07-186/scan/_master_BlackDuck_DeveloperMode_Result.json" 202-05-25 :30:31.738 UTC [Blackduck Results] INFO: retrieved successfully 202-05-25 :30:31.2981 UTC [SCM Checker] INFO: Adapter finished 202-05-25 :30:31.2981 UTC [Synopsys Bridge] INFO: Starting Adapter: GitHub Commenter 202-05-25 :30:31.5502 UTC [Blackduck Results] INFO: Added entry to resource 'commenter.issues' 202-05-25 :30:31.5502 UTC [Blackduck Results] DEBUG: Added entry 'BlackDuckHubResults' to resource 'commenter.issues.[0].uid' 202-05-25 :30:31.5502 UTC [Blackduck Results] DEBUG: Added entry ' x Found dependencies violating policy! ' to resource 'commenter.issues.[0].commentTable.description' 202-05-25 :30:31.5502 UTC [Blackduck Results] DEBUG: Added entry '[Policies Violated Dependency License(s) Vulnerabilities Short Term Recommended Upgrade Long Term Recommended Upgrade]' to resource 'commenter.issues.[0].commentTable.heads' 202-05-25 :30:31.5502 UTC [Blackduck Results] DEBUG: Added entry 'table' to resource 'commenter.issues.[0].commentType' 202-05-25 :30:31.5502 UTC [Blackduck Results] DEBUG: Added entry 'BlackDuck' to resource 'commenter.issues.[0].from' 202-05-25 :30:31.550 UTC [Blackduck Results] INFO: Adapter finished 202-05-25 :30:31.595 UTC [Blackduck Component Locator] INFO: skipping fix pull requests creation as "blackduck.automation.fixpr" or "blackduck.fixpr.enabled" is configured to 202-05-25 :30:31.6067 UTC [Blackduck Component Locator] INFO: Adapter finished 202-05-25 :30:31.6539 UTC [GitHub Commenter] INFO: will e default GitHub API URL "https://api.github.com/", as "github.api.url" and "github.host.url" is not configured 202-05-25 :30:32.6915 UTC [GitHub Commenter] WARNING: Empty table records of issue BlackDuckHubResults from BlackDuck 202-05-25 :30:32.70 UTC [GitHub Commenter] INFO: Adapter finished

anitakrueger commented 4 days ago

Did you get this working @harsharora001 ? I'd like to get PR comments working for our blackduck scans for visibility, but am getting the same warning despite there being security warnings in the detect rapid scan results.