-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Command exited with non-zero status 1 #358
Comments
@farrukhnajmi The oss risk audit is powered by dep-scan https://github.com/AppThreat/dep-scan Can you try running dep-scan directly to see what is going on? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for a great OSS SAST tool.
I am using slscan using the following command on gradle multi-module project with most ly kotlin code and soem terraform code:
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
On running above command on earlier versions of my code I was getting OSS Risk audit results. After I fixed several issues including fixing OSS Risk audit issues I am now getting slscan to crash probably while doing the OSS Risk audit scan.
Note: I run slscan after building entire gradle project.
The following is output from the slscan (see last 3 lines):
`
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 299 100 299 0 0 126 0 0:00:02 0:00:02 --:--:-- 126
███████╗ ██████╗ █████╗ ███╗ ██╗
██╔════╝██╔════╝██╔══██╗████╗ ██║
███████╗██║ ███████║██╔██╗ ██║
╚════██║██║ ██╔══██║██║╚██╗██║
███████║╚██████╗██║ ██║██║ ╚████║
╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
[18:02:28] INFO Scanning /app using plugins ['credscan', 'kotlin', 'nodejs', 'terraform', 'yaml', 'depscan']
Build failed with 18 weighted issues.
[18:05:42] INFO Suppressed 7 issues
╭──────────────────────── New Feature ────────────────────────╮
│ Depscan supports OSS Risk audit for this project. │
│ To enable set the environment variable ENABLE_OSS_RISK=true │
╰─────────────────────────────────────────────────────────────╯
[18:08:27] INFO Baseline file written to /app/reports/.sastscan.baseline
Security Scan Summary
╔═══════════════════════════════════╤══════════╤══════╤════════╤═════╤════════╗
║ Tool │ Critical │ High │ Medium │ Low │ Status ║
╟───────────────────────────────────┼──────────┼──────┼────────┼─────┼────────╢
║ Kotlin Static Analysis │ 0 │ 0 │ 16 │ 0 │ ❌ ║
║ Security Audit for Infrastructure │ 0 │ 0 │ 0 │ 0 │ ✅ ║
║ Secrets Audit │ 0 │ 1 │ 0 │ 0 │ ❌ ║
║ Kotlin Security Audit │ 0 │ 0 │ 0 │ 0 │ ✅ ║
╚═══════════════════════════════════╧══════════╧══════╧════════╧═════╧════════╝
Command exited with non-zero status 1
0.07user 0.05system 6:08.01elapsed 0%CPU (0avgtext+0avgdata 61708maxresident)k
8inputs+0outputs (0major+7531minor)pagefaults 0swaps
`
Is this a known issue? If so, is there a workaround so I can get the OSS Risk audit report?
The text was updated successfully, but these errors were encountered: