Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Command exited with non-zero status 1 #358

Open
farrukhnajmi opened this issue Jan 15, 2022 · 1 comment
Open

Command exited with non-zero status 1 #358

farrukhnajmi opened this issue Jan 15, 2022 · 1 comment

Comments

@farrukhnajmi
Copy link

farrukhnajmi commented Jan 15, 2022

Thanks for a great OSS SAST tool.

I am using slscan using the following command on gradle multi-module project with most ly kotlin code and soem terraform code:

env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)

On running above command on earlier versions of my code I was getting OSS Risk audit results. After I fixed several issues including fixing OSS Risk audit issues I am now getting slscan to crash probably while doing the OSS Risk audit scan.

Note: I run slscan after building entire gradle project.

The following is output from the slscan (see last 3 lines):

`
env ENABLE_OSS_RISK=true time sh <(curl https://slscan.sh)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 299 100 299 0 0 126 0 0:00:02 0:00:02 --:--:-- 126

███████╗ ██████╗ █████╗ ███╗ ██╗
██╔════╝██╔════╝██╔══██╗████╗ ██║
███████╗██║ ███████║██╔██╗ ██║
╚════██║██║ ██╔══██║██║╚██╗██║
███████║╚██████╗██║ ██║██║ ╚████║
╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝

[18:02:28] INFO Scanning /app using plugins ['credscan', 'kotlin', 'nodejs', 'terraform', 'yaml', 'depscan']

Build failed with 18 weighted issues.

[18:05:42] INFO Suppressed 7 issues
╭──────────────────────── New Feature ────────────────────────╮
│ Depscan supports OSS Risk audit for this project. │
│ To enable set the environment variable ENABLE_OSS_RISK=true │
╰─────────────────────────────────────────────────────────────╯

[18:08:27] INFO Baseline file written to /app/reports/.sastscan.baseline
Security Scan Summary
╔═══════════════════════════════════╤══════════╤══════╤════════╤═════╤════════╗
║ Tool │ Critical │ High │ Medium │ Low │ Status ║
╟───────────────────────────────────┼──────────┼──────┼────────┼─────┼────────╢
║ Kotlin Static Analysis │ 0 │ 0 │ 16 │ 0 │ ❌ ║
║ Security Audit for Infrastructure │ 0 │ 0 │ 0 │ 0 │ ✅ ║
║ Secrets Audit │ 0 │ 1 │ 0 │ 0 │ ❌ ║
║ Kotlin Security Audit │ 0 │ 0 │ 0 │ 0 │ ✅ ║
╚═══════════════════════════════════╧══════════╧══════╧════════╧═════╧════════╝
Command exited with non-zero status 1
0.07user 0.05system 6:08.01elapsed 0%CPU (0avgtext+0avgdata 61708maxresident)k
8inputs+0outputs (0major+7531minor)pagefaults 0swaps
`

Is this a known issue? If so, is there a workaround so I can get the OSS Risk audit report?

@prabhu
Copy link
Contributor

prabhu commented May 5, 2022

@farrukhnajmi The oss risk audit is powered by dep-scan

https://github.com/AppThreat/dep-scan

Can you try running dep-scan directly to see what is going on?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants