Giters

ShiftLeftSecurity / sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

Home Page:https://discord.gg/DCNxzaeUpd

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Fail scan-action

hyeongguen-song opened this issue · comments

commented

Found the issue. bom file generated by dep-scan is breaking scan.

[01:58:10] WARNING  Unable to parse sarif file /__w/1/a/CodeAnalysisLogs/depscan-bom-report-github.json                                     
           WARNING  Unable to parse sarif file /__w/1/a/CodeAnalysisLogs/depscan-bom-report-java.xml                                        
           WARNING  Unable to parse sarif file /__w/1/a/CodeAnalysisLogs/depscan-bom-report-github.xml                                      
           WARNING  Unable to parse sarif file /__w/1/a/CodeAnalysisLogs/depscan-bom-report-java.json                                       
Traceback (most recent call last):
  File "/usr/local/src/scan", line 786, in <module>
    main()
  File "/usr/local/src/scan", line 748, in main
    report_summary, build_status = analysis.summary(
  File "/usr/local/src/lib/analysis.py", line 121, in summary
    dep_data = get_depscan_data(drep_file)
  File "/usr/local/src/lib/analysis.py", line 45, in get_depscan_data
    dataList.append(json.loads(depline))
  File "/usr/lib64/python3.8/json/__init__.py", line 357, in loads
    return _default_decoder.decode(s)
  File "/usr/lib64/python3.8/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib64/python3.8/json/decoder.py", line 353, in raw_decode
    obj, end = self.scan_once(s, idx)
json.decoder.JSONDecodeError: Expecting property name enclosed in double quotes: line 2 column 1 (char 2)