Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

action fails when trying to scan an empty repo #35

Open
nirw opened this issue Nov 11, 2021 · 1 comment
Open

action fails when trying to scan an empty repo #35

nirw opened this issue Nov 11, 2021 · 1 comment

Comments

@nirw
Copy link
Contributor

nirw commented Nov 11, 2021

We just created a new repository for testing the cx-flow in GitHub Action.
The repository is empty if no considering .github files or readme. However, the scan will fail as follows
2021-11-08T07:46:58.2857831Z 2021-11-08 07:46:58.281 ERROR 9 --- [ main] c.c.f.s.AbstractVulnerabilityScanner [76KsFmXR] : Error occurred 2021-11-08T07:46:58.2859128Z 2021-11-08T07:46:58.2860845Z com.checkmarx.sdk.exception.CheckmarxException: Scan was cancelled or failed 2021-11-08T07:46:58.2863938Z at com.checkmarx.sdk.service.CxService.waitForScanCompletion(CxService.java:2346) 2021-11-08T07:46:58.2868607Z at com.checkmarx.flow.service.AbstractVulnerabilityScanner.getScanResults(AbstractVulnerabilityScanner.java:143) 2021-11-08T07:46:58.2874143Z at com.checkmarx.flow.service.AbstractVulnerabilityScanner.scanLocalPath(AbstractVulnerabilityScanner.java:285) 2021-11-08T07:46:58.2879338Z at com.checkmarx.flow.service.AbstractVulnerabilityScanner.scanCli(AbstractVulnerabilityScanner.java:195) 2021-11-08T07:46:58.2882944Z at com.checkmarx.flow.CxFlowRunner.lambda$scanLocalPath$1(CxFlowRunner.java:558) 2021-11-08T07:46:58.2885152Z at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) 2021-11-08T07:46:58.2887224Z at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) 2021-11-08T07:46:58.2889482Z at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1384) 2021-11-08T07:46:58.2891660Z at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482) 2021-11-08T07:46:58.2894045Z at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472) 2021-11-08T07:46:58.2896541Z at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:546) 2021-11-08T07:46:58.2899180Z at java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260) 2021-11-08T07:46:58.2901777Z at java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:505) 2021-11-08T07:46:58.2904461Z at com.checkmarx.flow.CxFlowRunner.runOnActiveScanners(CxFlowRunner.java:617) 2021-11-08T07:46:58.2906998Z at com.checkmarx.flow.CxFlowRunner.scanLocalPath(CxFlowRunner.java:558) 2021-11-08T07:46:58.2909596Z at com.checkmarx.flow.CxFlowRunner.commandLineRunner(CxFlowRunner.java:435) 2021-11-08T07:46:58.2912188Z at com.checkmarx.flow.CxFlowRunner.run(CxFlowRunner.java:89) 2021-11-08T07:46:58.2914777Z at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:786) 2021-11-08T07:46:58.2918333Z at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:776) 2021-11-08T07:46:58.2921517Z at org.springframework.boot.SpringApplication.run(SpringApplication.java:322) 2021-11-08T07:46:58.2924260Z at com.checkmarx.flow.CxFlowApplication.main(CxFlowApplication.java:21) 2021-11-08T07:46:58.2926840Z at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 2021-11-08T07:46:58.2929607Z at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 2021-11-08T07:46:58.2932806Z at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 2021-11-08T07:46:58.2935436Z at java.lang.reflect.Method.invoke(Method.java:498) 2021-11-08T07:46:58.2937996Z at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) 2021-11-08T07:46:58.2941032Z at org.springframework.boot.loader.Launcher.launch(Launcher.java:107) 2021-11-08T07:46:58.2979353Z at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) 2021-11-08T07:46:58.2982386Z at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88) 2021-11-08T07:46:58.2983887Z 2021-11-08T07:46:58.2985178Z 2021-11-08 07:46:58.282 INFO 9 --- [ main] c.c.f.CxFlowRunner [76KsFmXR] : Finished with exit code: 3 2021-11-08T07:46:58.2986717Z 2021-11-08 07:46:58.295 INFO 9 --- [extShutdownHook] o.s.s.c.ThreadPoolTaskExecutor [] : Shutting down ExecutorService 'webHook' 2021-11-08T07:46:58.2988274Z 2021-11-08 07:46:58.295 INFO 9 --- [extShutdownHook] o.s.s.c.ThreadPoolTaskExecutor [] : Shutting down ExecutorService 'scanRequest'
When the repo is added with a python or Java file for testing purpose, the same workflow can just pass under the same Checkmarx project.

Preffered behaviour for this fringe case would be to not fail the action but succeed without really doing anything

@schmidtw
Copy link

This would be nice to have as it fails for a non-empty repo with files it ignores, too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants