-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix failing OSSAR static analysis reporting #5681
Comments
Hello @sosnovsky, I believe I have already found the root cause of this issue. The GitHub action OSSAR is still using 'node 16', from which ESLint's requirements doesn't support. OSSAR action file: |
Hello @martgil, thanks for your investigation, hope they'll get it merged soon! |
I noticed that there's something wrong going on only for push event's where checking out the repo doesn't seems so well and marked as not finished if we take a look at the GitHub action overview. Consider the following example: https://github.com/FlowCrypt/flowcrypt-browser/actions/runs/9095908805/job/25036158252 - its from the master branch. But in general most PRs should experience such issue, where OSSAR with "push" event tags does have the same issues where tags "OSSAR / OSSAR-Scan (pull_request)" finishes correctly. There's no way we can review the logs for that step. |
I think the GitHub security tab considers a "skipped" job/tasks as an error so it fails -- I'll check that case too. On top of this, a push event OSSAR shouldn't be running on pull_request event. |
* Update ossar-analysis.yml * Checkout github.sha on push * Add condition for push event * Fix typo * Make checkout repository failsafe * Update ossar-analysis.yml based on the update template from GitHub * Limit OSSAR push check on master branch * Enforce latest updates * Update OSSAR to run on pull_requests * Use ubuntu-latest * Specify master branch --------- Co-authored-by: martgil <[email protected]>
Hello @sosnovsky I had to re-open this GitHub issue since the error on the I have invited you the test organization that i made to cross check this - https://github.com/An-Example-Org/sample-ossar/security. |
Another option to try could be re-initializing the OSSAR Github Action - since it works very well with against my test repo under the test organization. |
It seems Maybe it happens because OSSAR Action uses outdated |
Thanks @sosnovsky, I understand. I'll be more efficient by using ESLint action instead of OSSAR for a well-defined project like ours. I'll check it out. |
* Update ossar-analysis.yml * Checkout github.sha on push * Add condition for push event * Fix typo * Make checkout repository failsafe * Update ossar-analysis.yml based on the update template from GitHub * Limit OSSAR push check on master branch * Enforce latest updates * Update OSSAR to run on pull_requests * Use ubuntu-latest * Specify master branch --------- Co-authored-by: martgil <[email protected]>
* Delete ossary-analysis.yml * Add ESLint GitHub workflow * Install ESLint version 8.57.0 * Install eslint-formatter-sarif version 3.1.0 * Fix syntax error * Use upload-sarif version 3 * Use existing npm script "test_eslint" * Update "Run ESLint" commands * Temporary hotfix: add eslint-sarif-formatter.js * Temporary hotfix: use modified version of @microsoft/eslint-formatter-sarif * Add debug code * Add write permission on actions tab * Add write permissions to contents * Add debug code: check file writing capability * Add debug code: add continue-on-error * Fix typo * Add debug code: add alternative output writing method * Add debug code: read eslint-results.sarif * Add debug code: try other file writing method * Add debug code: add more debug code * Install utf8 module * Add reported missing node module * cleanup * Specify pull requests on master branch * cleanup * Add write permissions on contents * cleanup * cleanup * Replace reduce() with for...of * PR review: add SARIF_ESLINT_IGNORE_SUPPRESSED parameter for eslint sarif formatter * PR review: Add test_eslint_ci for ESLint test * Cleanup * Install eslint-formatter-sarif --------- Co-authored-by: martgil <[email protected]>
From Roma:
Reference: https://github.com/FlowCrypt/flowcrypt-security/issues/277
The text was updated successfully, but these errors were encountered: