Command exited with non-zero status 1

[farrukhnajmi]

Thanks for a great OSS SAST tool.

I am using slscan using the following command on gradle multi-module project with most ly kotlin code and soem terraform code:

env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)

On running above command on earlier versions of my code I was getting OSS Risk audit results. After I fixed several issues including fixing OSS Risk audit issues I am now getting slscan to crash probably while doing the OSS Risk audit scan.

Note: I run slscan after building entire gradle project.

The following is output from the slscan (see last 3 lines):

`
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 299 100 299 0 0 126 0 0:00:02 0:00:02 --:--:-- 126

███████╗ ██████╗ █████╗ ███╗ ██╗
██╔════╝██╔════╝██╔══██╗████╗ ██║
███████╗██║ ███████║██╔██╗ ██║
╚════██║██║ ██╔══██║██║╚██╗██║
███████║╚██████╗██║ ██║██║ ╚████║
╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝

[18:02:28] INFO Scanning /app using plugins ['credscan', 'kotlin', 'nodejs', 'terraform', 'yaml', 'depscan']

Build failed with 18 weighted issues.

[18:05:42] INFO Suppressed 7 issues
╭──────────────────────── New Feature ────────────────────────╮
│ Depscan supports OSS Risk audit for this project. │
│ To enable set the environment variable ENABLE_OSS_RISK=true │
╰─────────────────────────────────────────────────────────────╯

[18:08:27] INFO Baseline file written to /app/reports/.sastscan.baseline
Security Scan Summary
╔═══════════════════════════════════╤══════════╤══════╤════════╤═════╤════════╗
║ Tool │ Critical │ High │ Medium │ Low │ Status ║
╟───────────────────────────────────┼──────────┼──────┼────────┼─────┼────────╢
║ Kotlin Static Analysis │ 0 │ 0 │ 16 │ 0 │ ❌ ║
║ Security Audit for Infrastructure │ 0 │ 0 │ 0 │ 0 │ ✅ ║
║ Secrets Audit │ 0 │ 1 │ 0 │ 0 │ ❌ ║
║ Kotlin Security Audit │ 0 │ 0 │ 0 │ 0 │ ✅ ║
╚═══════════════════════════════════╧══════════╧══════╧════════╧═════╧════════╝
Command exited with non-zero status 1
0.07user 0.05system 6:08.01elapsed 0%CPU (0avgtext+0avgdata 61708maxresident)k
8inputs+0outputs (0major+7531minor)pagefaults 0swaps
`

Is this a known issue? If so, is there a workaround so I can get the OSS Risk audit report?

[prabhu]

@farrukhnajmi The oss risk audit is powered by dep-scan

https://github.com/AppThreat/dep-scan

Can you try running dep-scan directly to see what is going on?