You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using slscan using the following command on gradle multi-module project with most ly kotlin code and soem terraform code:
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
On running above command on earlier versions of my code I was getting OSS Risk audit results. After I fixed several issues including fixing OSS Risk audit issues I am now getting slscan to crash probably while doing the OSS Risk audit scan.
Note: I run slscan after building entire gradle project.
The following is output from the slscan (see last 3 lines):
`
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 299 100 299 0 0 126 0 0:00:02 0:00:02 --:--:-- 126
[18:02:28] INFO Scanning /app using plugins ['credscan', 'kotlin', 'nodejs', 'terraform', 'yaml', 'depscan']
Build failed with 18 weighted issues.
[18:05:42] INFO Suppressed 7 issues
╭──────────────────────── New Feature ────────────────────────╮
│ Depscan supports OSS Risk audit for this project. │
│ To enable set the environment variable ENABLE_OSS_RISK=true │
╰─────────────────────────────────────────────────────────────╯
Thanks for a great OSS SAST tool.
I am using slscan using the following command on gradle multi-module project with most ly kotlin code and soem terraform code:
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
On running above command on earlier versions of my code I was getting OSS Risk audit results. After I fixed several issues including fixing OSS Risk audit issues I am now getting slscan to crash probably while doing the OSS Risk audit scan.
Note: I run slscan after building entire gradle project.
The following is output from the slscan (see last 3 lines):
`
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 299 100 299 0 0 126 0 0:00:02 0:00:02 --:--:-- 126
███████╗ ██████╗ █████╗ ███╗ ██╗
██╔════╝██╔════╝██╔══██╗████╗ ██║
███████╗██║ ███████║██╔██╗ ██║
╚════██║██║ ██╔══██║██║╚██╗██║
███████║╚██████╗██║ ██║██║ ╚████║
╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝
[18:02:28] INFO Scanning /app using plugins ['credscan', 'kotlin', 'nodejs', 'terraform', 'yaml', 'depscan']
Build failed with 18 weighted issues.
[18:05:42] INFO Suppressed 7 issues
╭──────────────────────── New Feature ────────────────────────╮
│ Depscan supports OSS Risk audit for this project. │
│ To enable set the environment variable ENABLE_OSS_RISK=true │
╰─────────────────────────────────────────────────────────────╯
[18:08:27] INFO Baseline file written to /app/reports/.sastscan.baseline
Security Scan Summary
╔═══════════════════════════════════╤══════════╤══════╤════════╤═════╤════════╗
║ Tool │ Critical │ High │ Medium │ Low │ Status ║
╟───────────────────────────────────┼──────────┼──────┼────────┼─────┼────────╢
║ Kotlin Static Analysis │ 0 │ 0 │ 16 │ 0 │ ❌ ║
║ Security Audit for Infrastructure │ 0 │ 0 │ 0 │ 0 │ ✅ ║
║ Secrets Audit │ 0 │ 1 │ 0 │ 0 │ ❌ ║
║ Kotlin Security Audit │ 0 │ 0 │ 0 │ 0 │ ✅ ║
╚═══════════════════════════════════╧══════════╧══════╧════════╧═════╧════════╝
Command exited with non-zero status 1
0.07user 0.05system 6:08.01elapsed 0%CPU (0avgtext+0avgdata 61708maxresident)k
8inputs+0outputs (0major+7531minor)pagefaults 0swaps
`
Is this a known issue? If so, is there a workaround so I can get the OSS Risk audit report?
The text was updated successfully, but these errors were encountered: