Skip to content

Pipeline succeeds but job fails to produce output #2157

Description

@timbastin

https://github.com/l3montree-dev/devguard/actions/runs/27692582374/job/81907226243

Run docker://ghcr.io/l3montree-dev/devguard/scanner:main
/usr/bin/docker run --name ghcriol3montreedevdevguardscannermain_f3d384 --label 9402f4 --workdir /github/workspace --rm -e "INPUT_ARGS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_RESULTS_URL" -e "ACTIONS_ORCHESTRATION_ID" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp":"/github/runner_temp" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/devguard/devguard":"/github/workspace" ghcr.io/l3montree-dev/devguard/scanner:main devguard-scanner sast --assetName=l3montree-cybersecurity/projects/devguard/assets/devguard --apiUrl=https://api.main.devguard.org/ --token="***" --path=/github/workspace --defaultRef=main --isTag=false --ref=main --webUI=https://main.devguard.org/
1:30PM WRN commands/sarif.go:355 could not get config file, using default semgrep config file=.semgrep.yaml err="could not get config file: 404 Not Found"
1:30PM INF commands/sast.go:44 Starting sast scanning path=/github/workspace result-path=/tmp/sast/result.sarif
1:30PM WRN commands/sast.go:53 Vulnerabilities found, but continuing execution.
Error: could not open file: could not open file: open /tmp/sast/result.sarif: no such file or directory

While on it, it would be great to double check, that our custom .semgrep.yaml is actually respected. I added some new rules there.

Metadata

Metadata

Assignees

Labels

component/devguard-ci-componentsGitHub Action & GitLab CI/CD Component. https://github.com/l3montree-dev/devguard-ci-components

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions