Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Github action don't output to file #1189

Closed
prrvchr opened this issue Oct 27, 2023 · 3 comments
Closed

Github action don't output to file #1189

prrvchr opened this issue Oct 27, 2023 · 3 comments

Comments

@prrvchr
Copy link

prrvchr commented Oct 27, 2023
edited
Loading

Hi,

I have a Github action who scan my code with FluidAttacks but the output file is not updated at the end of the scan.

If I run the same job locally (without Github action but with this bash script) the output file is updated locally...

Any idea?
@LuisPatino92
Copy link

Hello, your configuration seems fine. I cloned the current state of the repo and executed the scanner using your configuration file. All logs indicate that the scan targeted the specified files, and no vulnerabilities were detected.

I recommend checking the following:

  • Ensure that the configuration used locally [_fascan.yml] is identical.
  • Confirm that all changes made during the local scan are included in the commit.

If the problem persists, I encourage you to open an issue on Fluid Attacks' GitLab, providing evidence of the output obtained locally and any other relevant information.

I'm closing this issue as it appears to be more related to Skims (the scanner) or GitHub Actions than to 'makes.'

@prrvchr
Copy link
Author

prrvchr commented Nov 3, 2023

Hi,
It seems to me that this must be linked to github actions since it works fine locally.
Maybe it's a permission issue on the repository and fluid attacks can't update the Fluid-Attacks-Results.csv file?

@prrvchr
Copy link
Author

prrvchr commented Aug 2, 2024
edited
Loading

Ok I finally found the right syntax for the .github/workflows/fascan.yml file so that it is able to log the scan result in the file: Fluid-Attacks Results.csv

# .github/workflows/fascan.yml
name: Fluid Attacks Scan
on: [push, pull_request]
jobs:
  machineStandalone:
    name: machineStandalone job
    runs-on: ubuntu-latest

    permissions:
      # Give the default GITHUB_TOKEN write permission to commit and push the
      # added or changed files to the repository.
      contents: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: ${{ github.head_ref }}

      - name: Fluid-Attacks scan
        uses: docker://ghcr.io/fluidattacks/makes/amd64
        with:
          args: m gitlab:fluidattacks/universe@trunk /skims scan ./_fascan.yml

      - name: Commit and push changes
        run: |
          git config user.name github-actions
          git config user.email [email protected]
          git commit -am "Fluid-Attacks Results.csv commit" || exit 0
          git push

@LuisPatino92 I think it would be good to put this info in your documentation because if we want to use Fluid Attacks with GitHub actions, updating the Fluid-Attacks Results.csv file cannot be done without this info.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@prrvchr @dsalaza4 @LuisPatino92