search

terraform-ibm-modules / stack-retrieval-augmented-generation

A deployable architecture that automates the deployment of a sample gen AI Pattern on IBM Cloud, including all underlying IBM Cloud and WatsonX infrastructure.
Apache License 2.0
1 stars 11 forks source link

address failing scan issues with roks sample app #201

Closed ocofaigh closed 1 month ago

ocofaigh commented 1 month ago

From dynamic scan log:

Checking status
{"scan_status":"COMPLETED","message":"All scans are complete","scans_completed":["passive_scan","active_scan"],"scan_inprogress":"","scan_id":"fd8ac84a-2fba-48fe-949f-043b815c7414"}
SCAN COMPLETE. STATUS MESSAGE: COMPLETED
filter options {"alertsSeverityFilter" : "Informational"}
Getting evidence status from ZAP results...
Found 19 alerts

Collect evidence based on the following data:

Asset key: app-image
Asset type: artifact
Evidence type: com.ibm.dynamic_scan
Tool type: owasp-zap-ui
Status: failure
Attachments: 
 owasp-zap-ui-owasp-zap_result-0
/opt/commons/owasp-zap/policies/default.policy
Additional Comment:  

Process results as incident issues
warning: 
One or more issues were found with no exemption or due date set.
Hence the evidence created will be marked as failed.
To unblock the pipeline, perform one of the actions below. Run the pipeline again after performing the action.
- Fix the issue causing the failure.
- Run the CC pipeline to see if the same issues are found in prod, so that a due date is set.
- Mark the issue with exempt label

If new issues found were introduced with the current build, the build should not be deployed.
For further information, check the documentation on Managing incident issues - https://cloud.ibm.com/docs/devsecops?topic=devsecops-incident-issues.

Found the following new issues:

https://us-south.git.cloud.ibm.com/GoldenEye.Development/stack-re-07d6-issues-repo/-/issues/2
https://us-south.git.cloud.ibm.com/GoldenEye.Development/stack-re-07d6-issues-repo/-/issues/3
https://us-south.git.cloud.ibm.com/GoldenEye.Development/stack-re-07d6-issues-repo/-/issues/4
https://us-south.git.cloud.ibm.com/GoldenEye.Development/stack-re-07d6-issues-repo/-/issues/5
https://us-south.git.cloud.ibm.com/GoldenEye.Development/stack-re-07d6-issues-repo/-/issues/6
https://us-south.git.cloud.ibm.com/GoldenEye.Development/stack-re-07d6-issues-repo/-/issues/7
https://us-south.git.cloud.ibm.com/GoldenEye.Development/stack-re-07d6-issues-repo/-/issues/8
https://us-south.git.cloud.ibm.com/GoldenEye.Development/stack-re-07d6-issues-repo/-/issues/9
Evaluated evidence status: failure
ocofaigh commented 1 month ago

https://github.com/IBM/gen-ai-rag-watsonx-sample-application/pull/27/files