You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In order to scan an INTERNAL package (to our self hosted GitLab instance) I have upgraded our binary to version 5.0.0 and pass GL_HOST = "git.foo.bar.com/" I have also tried GL_HOST = "https://git.foo.bar.com/api/v4" and also GL_HOST = "git.foo.bar.com". Each time, when I run an internal package I get the following error.
This is the command that is being run ['./bin/scorecard.bin', '--format', 'json', '--pypi', 'my-internal-package'] where it is trying to install my package, and then perform the scan from there.
I have logged GL_HOST within my lambda and it is being set the way I have posted above, with the different examples.
If I scan an EXTERNAL package, one residing in github, it works correctly and I get the resulting scores etc. So I know the binary CAN run correctly with my current setup.
I am finding this error difficult to debug with as it doesn't seem immediately like it's pointing to a bad GL_HOST var, nor it is it pointing to any broader process as far as I can tell. I also know that the token is correct as we use it for most of our team's processes. I also would have expected an auth error if it wasn't using a token or if the token wasn't working for some reason.
I am running Python 3.9
Has this error been seen before? I would love help figuring out next steps.
Expected behavior
A clear and concise description of what you expected to happen.
I expect to pass a correct value to GL_HOST (if thats the issue) and be able to run scans on internal packages on scorecard version 5.0.0.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
andrew-lovato
changed the title
Internal error when scanning a package internal to my own gitlab instance
Internal Go error when scanning a package internal to my own gitlab instance
Aug 16, 2024
Describe the bug
A clear and concise description of what the bug is.
My company hosts their own gitlab instance. To ping the API we use - https://git.foo.bar.com/api/v4
If I want to navigate to a repo - https://git.foo.bar.com/repo-name
In order to scan an INTERNAL package (to our self hosted GitLab instance) I have upgraded our binary to version 5.0.0 and pass
GL_HOST = "git.foo.bar.com/"
I have also triedGL_HOST = "https://git.foo.bar.com/api/v4"
and alsoGL_HOST = "git.foo.bar.com"
. Each time, when I run an internal package I get the following error.Response: CompletedProcess(args=['./bin/scorecard.bin', '--format', 'json', '--pypi', 'my-internal-package'], returncode=2, stdout=b'', stderr=b'panic: assignment to entry in nil map\n\ngoroutine 1 [running]:\ngithub.com/ossf/scorecard/v5/cmd.findGitRepositoryInPYPIResponse({0x7ffe4088a10d, 0x8}, {0x7f3647592080, 0xc00058a180})\n\tgithub.com/ossf/scorecard/v5@v5.0.0/cmd/package_managers.go:156 +0xe5\ngithub.com/ossf/scorecard/v5/cmd.fetchGitRepositoryFromPYPI({0x7ffe4088a10d, 0x8}, {0x19f7d68?, 0x260b560?})\n\tgithub.com/ossf/scorecard/v5@v5.0.0/cmd/package_managers.go:190 +0x17f\ngithub.com/ossf/scorecard/v5/cmd.fetchGitRepositoryFromPackageManagers({0x0?, 0xc000468c80?}, {0x7ffe4088a10d?, 0x74749b?}, {0x0?, 0x752c2c?}, {0x0?, 0x411abb?}, {0x19f7d68, 0x260b560})\n\tgithub.com/ossf/scorecard/v5@v5.0.0/cmd/package_managers.go:85 +0xfc\ngithub.com/ossf/scorecard/v5/cmd.rootCmd(0xc0002697a0)\n\tgithub.com/ossf/scorecard/v5@v5.0.0/cmd/root.go:85 +0x98\ngithub.com/ossf/scorecard/v5/cmd.New.func2(0xc0001c0008?, {0x17c18e8?, 0x4?, 0x17c1870?})\n\tgithub.com/ossf/scorecard/v5@v5.0.0/cmd/root.go:66 +0x17\ngithub.com/spf13/cobra.(*Command).execute(0xc0001c0008, {0xc0000a2060, 0x4, 0x4})\n\tgithub.com/spf13/cobra@v1.8.1/command.go:985 +0xaca\ngithub.com/spf13/cobra.(*Command).ExecuteC(0xc0001c0008)\n\tgithub.com/spf13/cobra@v1.8.1/command.go:1117 +0x3ff\ngithub.com/spf13/cobra.(*Command).Execute(0xc0002697a0?)\n\tgithub.com/spf13/cobra@v1.8.1/command.go:1041 +0x13\nmain.main()\n\tgithub.com/ossf/scorecard/v5@v5.0.0/main.go:27 +0x1d\n')
This is the command that is being run
['./bin/scorecard.bin', '--format', 'json', '--pypi', 'my-internal-package']
where it is trying to install my package, and then perform the scan from there.I have logged
GL_HOST
within my lambda and it is being set the way I have posted above, with the different examples.If I scan an EXTERNAL package, one residing in github, it works correctly and I get the resulting scores etc. So I know the binary CAN run correctly with my current setup.
I am finding this error difficult to debug with as it doesn't seem immediately like it's pointing to a bad GL_HOST var, nor it is it pointing to any broader process as far as I can tell. I also know that the token is correct as we use it for most of our team's processes. I also would have expected an auth error if it wasn't using a token or if the token wasn't working for some reason.
I am running Python 3.9
Has this error been seen before? I would love help figuring out next steps.
Expected behavior
A clear and concise description of what you expected to happen.
I expect to pass a correct value to GL_HOST (if thats the issue) and be able to run scans on internal packages on scorecard version 5.0.0.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: