Unclear "bad credentials" error

[18swenskiq]

I am currently trying to run this in my Azure DevOps pipeline using a private nuget repository, I'm getting a message that looks like this:

🌍 --> GET https://dev.azure.com/{organization}/_apis/connectionData
🌍 <-- 200 https://dev.azure.com/{organization}/_apis/connectionData
🌍 --> GET https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{project}
🌍 <-- 200 https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{project}
🌍 --> GET https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{project}/pullrequests?api-version=6.0&searchCriteria.status=active&searchCriteria.creatorId={guid}&searchCriteria.targetRefName=refs/heads/master
🌍 <-- 200 https://dev.azure.com/{organization}/{project}/_apis/git/repositories/{project}/pullrequests?api-version=6.0&searchCriteria.status=active&searchCriteria.creatorId={guid}&searchCriteria.targetRefName=refs/heads/master
Checking if Autofac.Extensions.DependencyInjection 8.0.0 needs updating
/home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/octokit-6.0.1/lib/octokit/response/raise_error.rb:14:in `on_complete': POST https://api.github.com/graphql: 401 - Bad credentials // See: https://docs.github.com/graphql (Octokit::Unauthorized)
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/faraday-2.7.4/lib/faraday/middleware.rb:18:in `block in call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/faraday-2.7.4/lib/faraday/response.rb:42:in `on_complete'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/faraday-2.7.4/lib/faraday/middleware.rb:17:in `call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/octokit-6.0.1/lib/octokit/middleware/follow_redirects.rb:73:in `perform_with_redirection'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/octokit-6.0.1/lib/octokit/middleware/follow_redirects.rb:61:in `call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/faraday-retry-2.0.0/lib/faraday/retry/middleware.rb:148:in `call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/faraday-2.7.4/lib/faraday/rack_builder.rb:153:in `build_response'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/faraday-2.7.4/lib/faraday/connection.rb:444:in `run_request'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/faraday-2.7.4/lib/faraday/connection.rb:280:in `post'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sawyer-0.9.2/lib/sawyer/agent.rb:99:in `call'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/octokit-6.0.1/lib/octokit/connection.rb:156:in `request'
    from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/octokit-6.0.1/lib/octokit/connection.rb:28:in `post'
    from /home/dependabot/dependabot-updater/bin/vulnerabilities.rb:46:in `fetch'
    from bin/update-script.rb:301:in `security_advisories_for'
    from bin/update-script.rb:546:in `block in <main>'
    from bin/update-script.rb:533:in `each'
    from bin/update-script.rb:533:in `<main>'
##[error]The process '/usr/bin/docker' failed with exit code 1

Now my question is, obviously it is throwing a 401 Bad Credentials issue, but it makes it this far. So what is actually throwing the "bad credentials" error? If it is Azure Devops, that is not clear at all, but it doesn't read that way in the error message to me.

(some information redacted from error)

[18swenskiq]

And to confirm, I can make a successful HTTP call using the feed URL and my PAT, tested using Postman

[mburumaxwell]

@18swenskiq there's nothing wrong with the private NuGet feed, from what I can see in the logs. However, it appears you supplied invalid credentials for GitHub hence the failure when checking for vulnerabilities. The ruby script only checks for vulnerabilities when credentials for GitHub are provided in the task. This is then passed on to Docker via GITHUB_ACCESS_TOKEN.

To solve this, remove any setting for github in the inputs to your task or provide the correct credentials.

[18swenskiq]

Yep, you were correct. There was a rogue Github parameter I didn't see from the last person who worked on this. Thanks for the pointer, solved!

[ManubalaSai]

Hi @18swenskiq and @mburumaxwell , Same Issue I am also facing, Which git hub token do we need to provide? We are using azure repos.