devsecopsmaturitymodel/DevSecOps-MaturityModel

Cannot reuse exported default generated.yaml file

cosad3s opened this issue · 3 comments

cosad3s commented

I encounter a problem with this feature.

Steps to reproduce:

  1. Run the docker image: docker run -p 8080:8080 wurstbrot/dsomm
  2. Export the generated yaml file from heatmap (http://localhost:8080/circular-heatmap)
  3. Mount the file: docker run -v $(pwd)/generated.yaml:/srv/assets/YAML/generated/generated.yaml -p 8080:8080 wurstbrot/dsomm
  4. Get an error on heatmap (http://localhost:8080/circular-heatmap):

error

The exported file is in attachment
generated.zip

Extract:

      description: >
        ### GitHub Authentication and Commit Signing  
          To perform a
        push to a GitHub repository, you must be authenticated. It's important
        to

        note that GitHub does not verify if the authenticated user's email
        address

        matches the one in the commit.
          To clearly identify the author of a commit
        for reviewers, commit signing is recommended.

          GitHub actions such as
        [semantic-release-action](https://github.com/cycjimmy/semantic-release-action)

        do not automatically sign commits and may encounter issues as a
        result.          


         To address this, you can refer to a working configuration example in the
        [workflow
        folder](https://github.com/devsecopsmaturitymodel/DevSecOps-MaturityModel/blob/master/.github/workflows/main.yml)

        of DSOMM, which demonstrates how to use semantic release action in
        conjunction

        with
        [planetscale/ghcommit-action](https://github.com/planetscale/ghcommit-action).

         For added security, consider using [Fine-grained personal access tokens](https://github.blog/2022-10-18-introducing-fine-grained-personal-access-tokens-for-github/)
        provided by your organization for a specific repository. Store the
        Personal

        Access Token (PAT) as a secret in your project.

I have identify that the deletion of comments ### GitHub Authentication and Commit Signing does not create the error. I do not know why for the moment.

wurstbrot commented

Thank you for pointing out.
Did you try a browser in which you didn't use DSOMM beforehand?

wurstbrot commented

Could reproduce. I think the "###" broke it. Fixed in latest version.

wurstbrot commented

do not hesitate to reopen if problem persists for you.