How to Setup Scan Action for Private Repository Dependency

Question

How to Setup Scan Action for Private Repository Dependency

quentinlesceller opened this issue 2 years ago · comments

Quentin Le Sceller commented 2 years ago

Hi everyone,

I'm trying to use Saulus on my repository. However since the go repo rely on another private repository I'm getting error such as:

{
[187](https://github.com/PRIVATEREPO/runs/6010499370?check_suite_focus=true#step:5:187)
  				"line": 12,
[188](https://github.com/REPO/runs/6010499370?check_suite_focus=true#step:5:188)
  				"column": 2,
[189](https://github.com/PRIVATEREPO/runs/6010499370?check_suite_focus=true#step:5:189)
  				"error": "could not import github.com/PRIVATEREPO/server (invalid package name: \"\
[190](https://github.com/PRIVATEREPO/runs/6010499370?check_suite_focus=true#step:5:190)
  ")"

Is there a way to set up setup that such that Gosec passes? Something like:

      - name: Configure git for private modules
        env:
          TOKEN: ${{ secrets.GH_TOKEN }}
        run: git config --global url."https://USER:${TOKEN}@github.com".insteadOf "https://github.com"

Thank you.

Quentin Le Sceller · Answer 1 · Fri Feb 10 2023 05:59:51 GMT+0800 (China Standard Time)

For people curious about this. Add this step before salus:

      - name: Configure git for private modules
        env:
          TOKEN: ${{ secrets.GH_TOKEN }}
        run: git config --global url."https://quentinlesceller:${TOKEN}@github.com".insteadOf "https://github.com"