Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nightly OWASP scan is broken #24

Closed
turing85 opened this issue Feb 25, 2023 · 3 comments · Fixed by #25
Closed

Nightly OWASP scan is broken #24

turing85 opened this issue Feb 25, 2023 · 3 comments · Fixed by #25
Assignees
@turing85
Labels
maintenance Maintenance jobs that have no user-facing consequences

Comments

@turing85
Copy link
Collaborator

See, e.g. this pipleine run.
@turing85 turing85 added the maintenance Maintenance jobs that have no user-facing consequences label Feb 25, 2023
@turing85 turing85 self-assigned this Feb 25, 2023
turing85 added a commit that referenced this issue Feb 25, 2023
@turing85
#24: switched to publish-report for nightly build.
6a39c68 
While at it, upgraded version from v1.0.1 to v1.0.2
@turing85 turing85 linked a pull request Feb 25, 2023 that will close this issue
#24: switched to publish-report for nightly build. #25
Merged
@turing85
Copy link
Collaborator Author

It is not only the nightly scan, but the regular scan as well, see here. What is curious is the fact that the pipeline triggered there worked flawlessly before. So it is unlikely that it is something on our end. Let's wait and see if it fixes itself.

@turing85
Copy link
Collaborator Author

Looking closer at the output of the OWAS check, we see that an OWASP violation was found. It seems like the report plugin is unable to generate a report in this case.

turing85 added a commit that referenced this issue Feb 25, 2023
@turing85
#24: switched to publish-report for nightly build.
f4f66bc 
While at it, upgraded version from v1.0.1 to v1.0.2
@turing85
Copy link
Collaborator Author

Raised turing85/publish-report#13 to resolve the issue.

turing85 added a commit that referenced this issue Feb 28, 2023
@turing85
#24: switched to publish-report for nightly build, using feature bran…
26a239d 
…ch to test fix
turing85 added a commit that referenced this issue Feb 28, 2023
@turing85
#24: switched to publish-report for nightly build, using feature bran…
45dc903 
…ch to test fix
turing85 added a commit that referenced this issue Feb 28, 2023
@turing85
#24: switched to publish-report for nightly build, using feature bran…
64c85b4 
…ch to test fix
turing85 added a commit that referenced this issue Feb 28, 2023
@turing85
#24:
6843420 
- switched to publish-report for nightly build, using feature branch to test fix. Also updated turing85/publish-report from v1.0.2 to v1.0.3
- updated owasp-dependency-check.xml to:
  - remove outdated suppressions, and
  - added suppresion for jackson vulnerability; we acknowledge the vulnerability, but cannot do anything about this right now.
turing85 added a commit that referenced this issue Feb 28, 2023
@turing85
#24:
a12bd02 
- switched to publish-report for nightly build, using feature branch to test fix. Also updated turing85/publish-report from v1.0.2 to v1.0.3
- updated owasp-dependency-check.xml to:
  - remove outdated suppressions, and
  - added suppresion for jackson vulnerability; we acknowledge the vulnerability, but cannot do anything about this right now.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@turing85 turing85

Labels
maintenance Maintenance jobs that have no user-facing consequences
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#24: switched to publish-report for nightly build. chehl/chameleon
1 participant
@turing85