Horusec analysis report an "error" on pipelines

Question

Horusec analysis report an "error" on pipelines

adrianovieira opened this issue 3 years ago · 2 comments

What happened:

Horusec reports "error" in pipeline analysis, but we didn't found one.

What you expected to happen:

Horusec report "error" only if it exists.

How to reproduce it (as minimally and precisely as possible):
I'm not sure how to reproduce it, but you can check it on https://github.com/ZupIT/beagle-docs/runs/5422976461 (or see Logging below)

Anything else we need to know?:
Please, check out the logging on https://github.com/ZupIT/beagle-docs/runs/5422976461 (or see Logging below)

Environment:

Horusec version (use horusec version): v2.7.1
Operating System: github action, Ubuntu 20.04 LTS
Network plugin / Tool and version (if this is a network-related / tool bug):
Others:

Logging

==================================================================================

HORUSEC ENDED THE ANALYSIS WITH STATUS OF "error" AND WITH THE FOLLOWING RESULTS:

==================================================================================

Analysis StartedAt: [202](https://github.com/ZupIT/beagle-docs/runs/5422976461?check_suite_focus=true#step:4:202)2-03-04 13:38:36
Analysis FinishedAt: 2022-03-04 13:38:52

==================================================================================


time="2022-03-04T13:38:52Z" level=warning msg="{HORUSEC_CLI} No authorization token was found, your code it is not going to be sent to horusec. Please enter a token with the -a flag to configure and save your analysis"

time="2022-03-04T13:38:52Z" level=warning msg="YOUR ANALYSIS HAD FINISHED WITHOUT ANY VULNERABILITY!"

time="2022-03-04T13:38:52Z" level=warning msg="{HORUSEC_CLI} Horusec not show info vulnerabilities in this analysis, to see info vulnerabilities add option \"--information-severity=true\". For more details use (horusec start --help) command."

==================================================================================

time="2022-03-04T13:38:52Z" level=warning msg="{HORUSEC_CLI} During execution we found some problems:"

time="2022-03-04T13:38:52Z" level=warning msg="Error while running tool NpmAudit: {HORUSEC_CLI} Error It looks like your project doesn't have a package-lock.json file. If you use NPM to handle your dependencies, it would be a good idea to commit it so horusec can check for vulnerabilities"
time="2022-03-04T13:38:52Z" level=warning msg=" Error while running tool YarnAudit: {HORUSEC_CLI} Error It looks like your project doesn't have a yarn.lock file. If you use Yarn to handle your dependencies, it would be a good idea to commit it so horusec can check for vulnerabilities"

Answer 1 · 2022-03-04T14:40:50.000Z

Hi, @adrianovieira.

The pull request #1013 fixes the problem.

Thanks for the feedback!!

Answer 2 · 2022-03-04T19:22:39.000Z

Pull request merged, it will be available on the next release, watch out for the updates.

I will be closing this issue. Thank you very much for the contribution!