Comments (12)
@LiorVais Can you please tale a look in that pls?
from chain-bench.
Got the same panic when authentication token was not provided.
The repository function return nil
object to repo
which isn't validated and tried to be accessed via *repo.Owner.Type
➜ ~ docker run aquasec/chain-bench scan --repository-url https://github.com/aquasecurity/chain-bench -v
2022-09-14 13:31:33 INF 🚩 Fetch Starting
2022-09-14 13:31:33 ERR error in authenticated user data
2022-09-14 13:31:33 DBG error in authenticated user data error="GET https://api.github.com/user: 401 Bad credentials []"
2022-09-14 13:31:34 ERR error in fetching repository data
2022-09-14 13:31:34 DBG error in fetching repository data error="GET https://api.github.com/repos/aquasecurity/chain-bench: 401 Bad credentials []"
2022-09-14 13:31:34 INF 🛢️ Fetching Repository Settings Finished
2022-09-14 13:31:34 ERR error in fetching branch protection
2022-09-14 13:31:34 DBG error in fetching branch protection error="GET https://api.github.com/repos/aquasecurity/chain-bench/branches//protection: 401 Bad credentials []"
2022-09-14 13:31:34 INF 🌱 Fetching Branch Protection Settings Finished
2022-09-14 13:31:34 ERR error in fetching workflows
2022-09-14 13:31:34 DBG error in fetching workflows error="GET https://api.github.com/repos/aquasecurity/chain-bench/actions/workflows: 401 Bad credentials []"
2022-09-14 13:31:34 INF 🔧 Fetching Pipelines Finished
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0xb3f265]
goroutine 1 [running]:
github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x0, 0x0}, {0x7ffeb8378f4b?, 0x1?})
/home/runner/work/chain-bench/chain-bench/internal/scm-clients/clients/clients.go:48 +0x3c5
github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc000250280?, {0xcfc484?, 0x3?, 0x3?})
/home/runner/work/chain-bench/chain-bench/internal/commands/scan.go:22 +0xac
github.com/spf13/cobra.(*Command).execute(0xc000250280, {0xc0001fdf20, 0x3, 0x3})
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:872 +0x694
github.com/spf13/cobra.(*Command).ExecuteC(0xc000250000)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:990 +0x3b4
github.com/spf13/cobra.(*Command).Execute(...)
/home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:918
github.com/aquasecurity/chain-bench/internal/commands.Execute({0xe4c9a8?, 0xc0000021a0?})
/home/runner/work/chain-bench/chain-bench/internal/commands/root.go:21 +0x32
main.main()
/home/runner/work/chain-bench/chain-bench/cmd/chain-bench/main.go:12 +0x27
from chain-bench.
Same Issue for me also. I don't see any issue on token permission or the repository. Looking forward if someone fix this similar issue.
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x1741885]
goroutine 1 [running]:
github.com/aquasecurity/chain-bench/internal/scm-clients/clients.FetchClientData({0x7ffeefbffafb, 0x28}, {0x7ffeefbffaba?, 0x1?})
github.com/aquasecurity/chain-bench/internal/scm-clients/clients/clients.go:48 +0x3c5
github.com/aquasecurity/chain-bench/internal/commands.NewScanCommand.func1(0xc000264280?, {0x1900f9c?, 0x4?, 0x4?})
Regards,
Venkat
from chain-bench.
The scan seems to work fine though:
$ docker run aquasec/chain-bench scan --repository-url https://github.com/buildsec/frsca --access-token $GITHUB_TOKEN
Unable to find image 'aquasec/chain-bench:latest' locally
latest: Pulling from aquasec/chain-bench
b3c136eddcbf: Pull complete
d55ff444f396: Pull complete
508144a78229: Pull complete
Digest: sha256:a5940490930d6fc45a00dc65090a92c7514a5a9451ba435523bcb711b93ce87a
Status: Downloaded newer image for aquasec/chain-bench:latest
2022-08-02 12:15:49 INF 🚩 Fetch Starting
2022-08-02 12:15:55 WRN failed to fetch hooks data
2022-08-02 12:15:55 INF 🛢️ Fetching Repository Settings Finished
2022-08-02 12:15:55 ERR error in fetching branch protection
2022-08-02 12:15:55 INF 🌱 Fetching Branch Protection Settings Finished
2022-08-02 12:15:56 WRN file .github/workflows/ci.yaml not found
2022-08-02 12:15:56 WRN file dynamic/pages/pages-build-deployment not found
2022-08-02 12:15:56 INF 🔧 Fetching Pipelines Finished
2022-08-02 12:15:57 WRN failed to fetch organization hooks
2022-08-02 12:15:57 INF 🏢 Fetching Organization Settings Finished
2022-08-02 12:15:58 INF 👫 Fetching Members Finished
2022-08-02 12:15:58 INF 🏁 Fetch succeeded
ID Name Result Reason
-------- ----------------------------------------------------------------------------------------------- --------- ------------------------------------------------------------------------
from chain-bench.
@rgreinho it works now in my end as well
from chain-bench.
I have seen the same error, it happened to me when my repository is not having any GitHub workflows.
from chain-bench.
Thank you for the issue!
The latest version seems to work just fine with and without docker.
@LalitTurbot I tried it on a repository without workflows, should work as well.
If you are running it on docker please make sure you use the latest image
Closing the issue, please reopen if anyone has this problem again 🥇
from chain-bench.
Bumping this issue as I also cannot run the tool from cli, valid repo url and PAT. Same with a friend I know trying it on his repo.
from chain-bench.
Bumping this issue as I also cannot run the tool from cli, valid repo url and PAT. Same with a friend I know trying it on his repo.
@Shan-KulK Thanks for reporting this!
I couldn't reproduce the issue. Can you please provide more information on how you ran the scan?
If you are using docker, what image are you using?
Also, what type of repository is it? Under a user or organization?
from chain-bench.
Hi @Shan-KulK,
can you help us please reproduce this issue?
from chain-bench.
Sorry for the late reply, it seems to have fixed itself upon reinstall
from chain-bench.
Hello, Same Issue for me also.
Does the issue may appear when we have a dash symbol "-" in the repository-url value or token content ?
from chain-bench.
Related Issues (20)
- GitLab CI/CD failed HOT 5
- How many checks are in GitLab scan HOT 1
- Self-hosted SCM support
- link to compliance rules missing trailing slash HOT 1
- Sarif report for chain-bench
- chain-bench with gitlab
- Support Bitbucket server SCM
- Remove the needs for write permissions, and/or use fine grained permission tokens
- 1.1.16 and 1.1.17 producing false positives
- chain-bench does not work with gitlab if user id 1 does not exist
- Not implemented: "3.2.3: Ensure packages are automatically scanned for license implications" HOT 1
- Show showing all columns in the CLI table HOT 1
- False positives in control `1.2.3` and control `1.2.4` HOT 1
- Does not work with corporative repository HOT 1
- scan locally a repository HOT 1
- New release? HOT 1
- Improve the output - help message HOT 2
- overview Risk HOT 1
- Using the json output is missing information about the repository HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chain-bench.