Fluid Attacks Machine Standalone scan #74464

prrvchr · 2023-11-07T18:29:04Z

prrvchr
Nov 7, 2023

Select Topic Area

Question

Body

Hi,
I use this Skims configuration file in YAML syntax: _fascan.yml

Locally on my computer if I go to the repository directory (where the _fascan.yml file is located) and run the command:
docker run -v /home/prrvchr/github/eMailerOOo:/working-dir ghcr.io/fluidattacks/makes/amd64 m gitlab:fluidattacks/universe@trunk /skims scan ./_fascan.yml

At the end of the scan I can find the Fluid-Attacks-Results.csv file in the root of the repository as requested in the _fascan.yml file (ie: /home/prrvchr/github/eMailerOOo/Fluid-Attacks-Results.csv).

If I use a Machine Standalone GitHub action like .github/workflows/fascan.yml the scan is carried out at each push, but the file Fluid-Attacks-Results.csv is never updated...

Ideas?
Thanks.

Answered by prrvchr

Aug 3, 2024

If you want the scan result file to be updated then you need to add the following commands in the github action declaration file:

# .github/workflows/fascan.yml
name: Fluid Attacks Scan
on: [push, pull_request]
jobs:
  machineStandalone:
    name: machineStandalone job
    runs-on: ubuntu-latest

    permissions:
      # Give the default GITHUB_TOKEN write permission to commit and push the
      # added or changed files to the repository.
      contents: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: ${{ github.head_ref }}

      - name: Fluid-Attacks scan
        id: scan
        continue-on-error: true
        uses: doc…

View full answer

2024-05-09T03:28:50Z

github-actions[bot]
bot May 9, 2024

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

0 replies

prrvchr · 2024-08-03T10:57:04Z

prrvchr
Aug 3, 2024
Author

If you want the scan result file to be updated then you need to add the following commands in the github action declaration file:

# .github/workflows/fascan.yml
name: Fluid Attacks Scan
on: [push, pull_request]
jobs:
  machineStandalone:
    name: machineStandalone job
    runs-on: ubuntu-latest

    permissions:
      # Give the default GITHUB_TOKEN write permission to commit and push the
      # added or changed files to the repository.
      contents: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: ${{ github.head_ref }}

      - name: Fluid-Attacks scan
        id: scan
        continue-on-error: true
        uses: docker://ghcr.io/fluidattacks/makes/amd64
        with:
          args: m gitlab:fluidattacks/universe@trunk /skims scan ./_fascan.yml

      - name: Commit and push changes
        run: |
          git config user.name github-actions
          git config user.email [email protected]
          git commit -am "Fluid-Attacks-Results.csv commit" || exit 0
          git push origin HEAD:master

      - name: Check on failures
        if: steps.scan.outcome != 'success'
        run: exit 1

As I have not found any information regarding this problem, I am recalling the solution here.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Fluid Attacks Machine Standalone scan #74464

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

GitHub Community

Fluid Attacks Machine Standalone scan #74464

prrvchr Nov 7, 2023

Select Topic Area

Body

Replies: 2 comments

github-actions[bot] bot May 9, 2024

prrvchr Aug 3, 2024 Author

prrvchr
Nov 7, 2023

github-actions[bot]
bot May 9, 2024

prrvchr
Aug 3, 2024
Author