Skip to content

[Bug]: Got exception when dependabot alerts were found in repo during action execution #182

@yogininemade1

Description

@yogininemade1

What happened?

Hi Team, Can someone help me, if they have faced similar issue before for this action?
Steps-

  1. Used basic policy as a example from this example https://github.com/advanced-security/policy-as-code/blob/main/examples/policies/basic.yml but changed depedabot alerts to critical level
  2. used action like below
  • name: Run GHAS Policy Check
    id: policy-check
    uses: advanced-security/policy-as-code@2.11.1
    with:
    severity: ${{ inputs.severity }}
    repository: ${{ github.repository }}
    policy-path: /tmp/policy-repo/github-policies/${{ inputs.policy-name }}.yaml
    token: ${{ steps.github-app-token.outputs.token }}
    action: ${{ inputs.action-on-failure }}
    argvs: " --display --disable-secret-scanning"
  1. Github app has all required permissions but when executing above action on main branch which has 4 critical dependabot alerts which I want to be shown in state report.

Expected result- 5-6 critical alerts should be found by action and reported in status report at the end of action execution
Actual result-
Not getting report summary but getting below exceptions. Can someone help to guide in this.

GitHub Instance :: https://github.com/
GitHub Reference (branch/pr) :: refs/heads/main
Policy as Code
Code Scanning Results
Dependabot Results
  Error: Unknown Exception was hit, please report this to https://github.com/advanced-security/policy-as-code
  Error: Bad Request (status code: 400)
  ERROR:root:Unknown Exception was hit, please report this to https://github.com/advanced-security/policy-as-code
  ERROR:root:Bad Request (status code: 400)
  INFO:root:Total Dependency Graph :: 3867
  INFO:root:Dependency Graph violations :: 0
  ERROR:ghastoolkit.octokit:Error code from server :: 500
Dependency Graph
  Total Dependency Graph :: 3867
  Dependency Graph violations :: 0
Dependency Graph Results - Licensing
  Error: Unknown Exception was hit, please report this to https://github.com/advanced-security/policy-as-code
  ERROR:root:Unknown Exception was hit, please report this to https://github.com/advanced-security/policy-as-code
  ERROR:root:GitHub Server Error (status code: 500)
  INFO:root:Total unacceptable alerts :: 3
  INFO:root:Skipping threshold break check...
  Error: GitHub Server Error (status code: 500)

Version

v2 (current major version)

Where are you experiencing the issue?

No response

Relevant log output

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions