-
-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Server mode - Scanning a GitHub repo not working #233
Labels
bug
Something isn't working
Comments
Merged
prabhu
added a commit
that referenced
this issue
Feb 29, 2024
* Clarify bounty targets in insights (#220) * Clarify bounty targets in insights Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Update pyproject.toml Signed-off-by: prabhu <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> Signed-off-by: prabhu <prabhu@appthreat.com> * Do not cancel action runs (#228) * Do not cancel action runs Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Reduce duplicate runs Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Update java version (#229) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Fix oras-py version Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Publish release images Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Fixes #233 in v6 (#235) * Fixes #233 in v6 Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Let's drop support for > 3.10 Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Check sponsorship for github actions, update workflows (#237) * Update workflow actions. Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Check for sponsorship when using the depscan action on GitHub. Signed-off-by: Caroline Russell <caroline@appthreat.dev> --------- Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Fix AttributeError raised when env variable not present. Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Switch to tar xz version for v6 (#240) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Expand the scope of npm alias to search for vendor with the name npm (#243) * Expand the scope of npm alias to search for vendor with the name npm Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Lint fixes Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Improves sub-tree display (#244) * Improves sub-tree display Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Try using the default vdb home Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Trim CI. Fixes a CSAF error (#251) * Fixes #248 in v6 Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Fixes #248 in v6 Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Support for gem with platform name in the version number (#253) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Corrects scenario where no src_dir is set - 6.x (#246) * Corrects scenario where no src_dir is set. Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Bugfix for NoneType. Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Bugfix in process_suggestions. Signed-off-by: Caroline Russell <caroline@appthreat.dev> --------- Signed-off-by: Caroline Russell <caroline@appthreat.dev> * Use nodejs 20 LTS (#255) * Use nodejs 20 LTS Signed-off-by: prabhu <prabhu@appthreat.com> * Print node version Signed-off-by: prabhu <prabhu@appthreat.com> --------- Signed-off-by: prabhu <prabhu@appthreat.com> * fix KeyError in purl and version (#261) ignore components without purl and version * PR# 263 for v6 (#264) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> * Added more alias for js audit (#268) Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> --------- Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com> Signed-off-by: prabhu <prabhu@appthreat.com> Signed-off-by: Caroline Russell <caroline@appthreat.dev> Co-authored-by: Caroline Russell <caroline@appthreat.dev> Co-authored-by: almaz045 <63047433+almaz045@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
Documented here: https://github.com/owasp-dep-scan/dep-scan?tab=readme-ov-file#server-mode
curl --json '{"url": "https://github.com/HooliCorp/vulnerable-aws-koa-app", "type": "js"}' http://0.0.0.0:7070/scan -i
should return 200 and report.
Actual Behavior
curl --json '{"url": "https://github.com/HooliCorp/vulnerable-aws-koa-app", "type": "js"}' http://0.0.0.0:7070/scan -i
returns
with error:
Steps to Reproduce
Checkout: https://github.com/owasp-dep-scan/dep-scan/releases/tag/v5.2.4
Adjust:
https://github.com/owasp-dep-scan/dep-scan/blob/release/6.x/docker-compose.yml#L9-L10
https://github.com/owasp-dep-scan/dep-scan/blob/release/6.x/docker-compose.yml#L18-L19
Eg
Ramp up:
docker compose up
Execute as documented:
curl http://0.0.0.0:7070/cache
curl` --json '{"url": "https://github.com/HooliCorp/vulnerable-aws-koa-app", "type": "js"}' http://0.0.0.0:7070/scan -i
Additional Information
From docker https://github.com/owasp-dep-scan/dep-scan?tab=readme-ov-file#scanning-projects-locally-docker-container
docker run --rm -v $PWD:/app ghcr.io/owasp-dep-scan/dep-scan --purl https://github.com/HooliCorp/vulnerable-aws-koa-app --reports-dir /app/reports
Is also not working, but iam not sure if i use it correctly.
The text was updated successfully, but these errors were encountered: