From f437e5bd0ef10807c1bb0623fe71cb6934e7874b Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Thu, 29 Sep 2022 17:46:26 +0530 Subject: [PATCH 1/8] PR --- .github/workflows/prpipeline.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/prpipeline.yml b/.github/workflows/prpipeline.yml index f613d17..4bff639 100644 --- a/.github/workflows/prpipeline.yml +++ b/.github/workflows/prpipeline.yml @@ -18,6 +18,7 @@ jobs: arguments: -p ./--config-file-path=horusec-config.json + - name: output run: |- From 7b1e86b71c2c46469f4e824cb32bd17a841dc5ad Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Thu, 29 Sep 2022 17:48:00 +0530 Subject: [PATCH 2/8] PR fix --- .github/workflows/prpipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prpipeline.yml b/.github/workflows/prpipeline.yml index 4bff639..ebf8ff6 100644 --- a/.github/workflows/prpipeline.yml +++ b/.github/workflows/prpipeline.yml @@ -15,7 +15,7 @@ jobs: id: run_horusec uses: fike/horusec-action@v0.2.2 with: - arguments: -p ./--config-file-path=horusec-config.json + arguments: -p ./ --config-file-path=horusec-config.json From 63b6e506f275c0767ca425ad7f6b455107dbee1e Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Thu, 29 Sep 2022 17:50:12 +0530 Subject: [PATCH 3/8] scasc --- .github/workflows/prpipeline.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/prpipeline.yml b/.github/workflows/prpipeline.yml index ebf8ff6..81ca559 100644 --- a/.github/workflows/prpipeline.yml +++ b/.github/workflows/prpipeline.yml @@ -15,8 +15,7 @@ jobs: id: run_horusec uses: fike/horusec-action@v0.2.2 with: - arguments: -p ./ --config-file-path=horusec-config.json - + arguments: -p ./$WORKING_DIR --config-file-path=$WORKING_DIR/horusec-config.json -O $WORKING_DIR/sonarqube.json --return-error=false From bed0c20f5dba3bd214697bcfd86bd5a55f4a24cd Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Thu, 29 Sep 2022 17:51:33 +0530 Subject: [PATCH 4/8] txt --- .github/workflows/prpipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prpipeline.yml b/.github/workflows/prpipeline.yml index 81ca559..cd592fd 100644 --- a/.github/workflows/prpipeline.yml +++ b/.github/workflows/prpipeline.yml @@ -15,7 +15,7 @@ jobs: id: run_horusec uses: fike/horusec-action@v0.2.2 with: - arguments: -p ./$WORKING_DIR --config-file-path=$WORKING_DIR/horusec-config.json -O $WORKING_DIR/sonarqube.json --return-error=false + arguments: -p ./$WORKING_DIR --config-file-path=$WORKING_DIR/horusec-config.json -O $WORKING_DIR/report.txt --return-error=false From f01cb67691f10b2000ee2a317b370c31d4650600 Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Thu, 29 Sep 2022 18:00:16 +0530 Subject: [PATCH 5/8] result --- .github/workflows/prpipeline.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/prpipeline.yml b/.github/workflows/prpipeline.yml index cd592fd..2de3a69 100644 --- a/.github/workflows/prpipeline.yml +++ b/.github/workflows/prpipeline.yml @@ -20,13 +20,15 @@ jobs: - name: output + id: comment run: |- export MESSAGE=$(cat report.txt | grep "Total of Vul") + echo "::set-output name=result::$MESSAGE" - name: Comment PR uses: thollander/actions-comment-pull-request@v1 with: message: | - $MESSAGE + ${{ steps.comment.outputs.result }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 9c810447f303b63bc6cabf293c463c3d8baf8e46 Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Thu, 29 Sep 2022 18:01:58 +0530 Subject: [PATCH 6/8] repott --- .github/workflows/prpipeline.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/prpipeline.yml b/.github/workflows/prpipeline.yml index 2de3a69..be1eeea 100644 --- a/.github/workflows/prpipeline.yml +++ b/.github/workflows/prpipeline.yml @@ -9,13 +9,12 @@ jobs: - name: Run Horusec env: - WORKING_DIR: ./ AUTHOR: rahul.soni@knoldus.com HORUSEC_CLI_RETURN_ERROR_IF_FOUND_VULNERABILITY: "false" id: run_horusec uses: fike/horusec-action@v0.2.2 with: - arguments: -p ./$WORKING_DIR --config-file-path=$WORKING_DIR/horusec-config.json -O $WORKING_DIR/report.txt --return-error=false + arguments: -p ./ --config-file-path=horusec-config.json -O report.txt --return-error=false From 3e6b49cb426048e4d571cf816988852bcba78de4 Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Thu, 29 Sep 2022 19:39:17 +0530 Subject: [PATCH 7/8] added PR check --- .github/workflows/prpipeline.yml | 22 +++++++++++----------- report.txt | 8 ++++---- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/prpipeline.yml b/.github/workflows/prpipeline.yml index be1eeea..b2ba689 100644 --- a/.github/workflows/prpipeline.yml +++ b/.github/workflows/prpipeline.yml @@ -18,16 +18,16 @@ jobs: - - name: output - id: comment - run: |- - export MESSAGE=$(cat report.txt | grep "Total of Vul") - echo "::set-output name=result::$MESSAGE" + # - name: output + # id: comment + # run: |- + # export MESSAGE=$(cat report.txt | grep "Total of Vul") + # echo "::set-output name=result::$MESSAGE" - - name: Comment PR - uses: thollander/actions-comment-pull-request@v1 - with: - message: | - ${{ steps.comment.outputs.result }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Comment PR + # uses: thollander/actions-comment-pull-request@v1 + # with: + # message: | + # ${{ steps.comment.outputs.result }} + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/report.txt b/report.txt index 74e3f88..c560a61 100644 --- a/report.txt +++ b/report.txt @@ -5,8 +5,8 @@ HORUSEC ENDED THE ANALYSIS WITH STATUS OF "success" AND WITH THE FOLLOWING RESUL ================================================================================== -Analysis StartedAt: 2022-09-29 17:38:44 -Analysis FinishedAt: 2022-09-29 17:39:05 +Analysis StartedAt: 2022-09-29 19:29:34 +Analysis FinishedAt: 2022-09-29 19:30:52 ================================================================================== @@ -954,7 +954,7 @@ Details: (1/2) * Possible vulnerability detected: MissConfiguration ================================================================================== In this analysis, a total of 49 possible vulnerabilities were found and we classified them into: -Total of Vulnerability HIGH is: 7 -Total of Vulnerability MEDIUM is: 17 Total of Vulnerability LOW is: 20 Total of Vulnerability CRITICAL is: 5 +Total of Vulnerability HIGH is: 7 +Total of Vulnerability MEDIUM is: 17 From 27c5bd137b105034d02c73ca83c7bc30e1c4da8c Mon Sep 17 00:00:00 2001 From: Rahul Soni Date: Thu, 29 Sep 2022 19:41:08 +0530 Subject: [PATCH 8/8] return true --- .github/workflows/prpipeline.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/prpipeline.yml b/.github/workflows/prpipeline.yml index b2ba689..2b5757c 100644 --- a/.github/workflows/prpipeline.yml +++ b/.github/workflows/prpipeline.yml @@ -10,11 +10,11 @@ jobs: - name: Run Horusec env: AUTHOR: rahul.soni@knoldus.com - HORUSEC_CLI_RETURN_ERROR_IF_FOUND_VULNERABILITY: "false" + HORUSEC_CLI_RETURN_ERROR_IF_FOUND_VULNERABILITY: "true" id: run_horusec uses: fike/horusec-action@v0.2.2 with: - arguments: -p ./ --config-file-path=horusec-config.json -O report.txt --return-error=false + arguments: -p ./ --config-file-path=horusec-config.json -O report.txt --return-error=true