github-security-report-action icon indicating copy to clipboard operation
github-security-report-action copied to clipboard
verified publisher icon peter-murray

GitHub Enterprise support

Open mrjeffwagner opened this issue 4 years ago • 4 comments

Attempting to use this with my GitHub Enterprise api but receive bad credentials error:

/tmp/github-security-report-linux-x64 --github-api-url https://<GH_ENTERPRISE_URL>/api/v3 -r <ORG>/<REPO> -t $GH_TOKEN -s codeql-runner/codeql-sarif/python-builtin.sarif

Generating Security report for <ORG>/<REPO>... SARIF File Finder, processing: codeql-runner/codeql-sarif/python-builtin.sarif HttpError: Bad credentials at /tmp/runtime/index.js:3901:23 at processTicksAndRejections (internal/process/task_queues.js:97:5) Bad credentials

mrjeffwagner avatar Mar 19 '21 19:03 mrjeffwagner

The Bad credentials response would be in relation to the PAT token either not being provided, is not correct, or incorrectly scoped for access to the repository or security API access on the repository.

In the example details above you have the repository being specified as / is that correct? It needs to be full name of the GitHub repository, as detailed in the parameters here; https://github.com/peter-murray/github-security-report-action#running

peter-murray avatar Mar 22 '21 15:03 peter-murray

Sorry I removed the names of our Github Enterprise orgs, it should just show org/repo...

I have rest api access to get secrets/code scanning data using my PAT token which has full repo level access including secrets.

Using the same url and token with the github-security-report-linux-x64 tool receive above error. We have an ssl certificate on our github enterprise server that has caused some issues with these type of things in the past.

mrjeffwagner avatar Mar 31 '21 16:03 mrjeffwagner

@peter-murray I'm also seeing Bad credentials when attempting to utilize the CLI with GHES 3.1:

~/Downloads/github-security-report-bundle/github-security-report-mac-x64 --github-api-url https://$GHES_URL/api/v3 --repository $GHE_REPO --token $GHE_TOKEN -s .

Generating Security report for $GHE_REPO...
SARIF File Finder, processing: /path/to/repo
  is a directory, looking for files
  SARIF files detected: ["/path/to/repo/results.sarif"]
HttpError: Bad credentials
    at ~/Downloads/github-security-report-bundle/runtime/index.js:3901:23
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
Bad credentials

I've confirmed the credentials are valid by utilizing the following curl command:

$ curl -H "Authorization: Bearer $GHE_TOKEN" https://$GHE_URL/api/v3/repos/$GHE_REPO/code-scanning/alerts
[
 <results>..
]

JordanSussman avatar Aug 10 '21 19:08 JordanSussman

I have identified the issue with GHES and have a fix for that, but now managed to hit a difference in the GraphQL APIs between GHEC and GHES that I am now looking further into.

peter-murray avatar Aug 11 '21 10:08 peter-murray