Command exited with non-zero status 1 #358
Comments
|
@farrukhnajmi The oss risk audit is powered by dep-scan https://github.com/AppThreat/dep-scan Can you try running dep-scan directly to see what is going on? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for a great OSS SAST tool.
I am using slscan using the following command on gradle multi-module project with most ly kotlin code and soem terraform code:
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)On running above command on earlier versions of my code I was getting OSS Risk audit results. After I fixed several issues including fixing OSS Risk audit issues I am now getting slscan to crash probably while doing the OSS Risk audit scan.
Note: I run slscan after building entire gradle project.
The following is output from the slscan (see last 3 lines):
`
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 299 100 299 0 0 126 0 0:00:02 0:00:02 --:--:-- 126
███████╗ ██████╗ █████╗ ███╗ ██╗
██╔════╝██╔════╝██╔══██╗████╗ ██║
███████╗██║ ███████║██╔██╗ ██║
╚════██║██║ ██╔══██║██║╚██╗██║
███████║╚██████╗██║ ██║██║ ╚████║
╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
[18:02:28] INFO Scanning /app using plugins ['credscan', 'kotlin', 'nodejs', 'terraform', 'yaml', 'depscan']
Build failed with 18 weighted issues.
[18:05:42] INFO Suppressed 7 issues
╭──────────────────────── New Feature ────────────────────────╮
│ Depscan supports OSS Risk audit for this project. │
│ To enable set the environment variable ENABLE_OSS_RISK=true │
╰─────────────────────────────────────────────────────────────╯
[18:08:27] INFO Baseline file written to /app/reports/.sastscan.baseline
Security Scan Summary
╔═══════════════════════════════════╤══════════╤══════╤════════╤═════╤════════╗
║ Tool │ Critical │ High │ Medium │ Low │ Status ║
╟───────────────────────────────────┼──────────┼──────┼────────┼─────┼────────╢
║ Kotlin Static Analysis │ 0 │ 0 │ 16 │ 0 │ ❌ ║
║ Security Audit for Infrastructure │ 0 │ 0 │ 0 │ 0 │ ✅ ║
║ Secrets Audit │ 0 │ 1 │ 0 │ 0 │ ❌ ║
║ Kotlin Security Audit │ 0 │ 0 │ 0 │ 0 │ ✅ ║
╚═══════════════════════════════════╧══════════╧══════╧════════╧═════╧════════╝
Command exited with non-zero status 1
0.07user 0.05system 6:08.01elapsed 0%CPU (0avgtext 0avgdata 61708maxresident)k
8inputs 0outputs (0major 7531minor)pagefaults 0swaps
`
Is this a known issue? If so, is there a workaround so I can get the OSS Risk audit report?
The text was updated successfully, but these errors were encountered: