You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Passing a null value to the config_file makes the checkov action freeze
I was trying to add a toggle switch to a workflow using this action, to allow users to specify if they want to provide a config file or not, but if I set the value to null , the command line arguments in the log indicate that no config has been passed, and the action starts to run, but it freezes a few seconds later, and causes the workflow to never complete.
I know this isn't necessarily a bug, as I'm trying to use the config file input in a way that's not intended, but it would be a good feature if it could handle a null gracefully, so that the config file, and other inputs, could be optional inside a composite action.
Passing a null value to the config_file makes the checkov action freeze
I was trying to add a toggle switch to a workflow using this action, to allow users to specify if they want to provide a config file or not, but if I set the value to
null
, the command line arguments in the log indicate that no config has been passed, and the action starts to run, but it freezes a few seconds later, and causes the workflow to never complete.I know this isn't necessarily a bug, as I'm trying to use the config file input in a way that's not intended, but it would be a good feature if it could handle a null gracefully, so that the config file, and other inputs, could be optional inside a composite action.
example step:
log entry:
debug log entry:
Docker run command
/usr/bin/docker run --name ghcriobridgecrewiocheckov3274_f6859b --label 116ecf --workdir /github/workspace --rm -e "SSH_AUTH_SOCK" -e "SSH_AGENT_PID" -e "TERRAFORM_CLI_PATH" -e "AWS_DEFAULT_REGION" -e "AWS_REGION" -e "AWS_ACCESS_KEY_ID" -e "AWS_SECRET_ACCESS_KEY" -e "AWS_SESSION_TOKEN" -e "TF_VAR_deployment_role_name" -e "GITHUB_OVERRIDE_URL" -e "INPUT_DIRECTORY" -e "INPUT_OUTPUT_FORMAT" -e "INPUT_OUTPUT_FILE_PATH" -e "INPUT_DOWNLOAD_EXTERNAL_MODULES" -e "INPUT_GITHUB_PAT" -e "INPUT_LOG_LEVEL" -e "INPUT_CONFIG_FILE" -e "INPUT_FILE" -e "INPUT_CHECK" -e "INPUT_SKIP_CHECK" -e "INPUT_COMPACT" -e "INPUT_QUIET" -e "INPUT_API-KEY" -e "INPUT_OUTPUT_BC_IDS" -e "INPUT_USE_ENFORCEMENT_RULES" -e "INPUT_SKIP_RESULTS_UPLOAD" -e "INPUT_SOFT_FAIL" -e "INPUT_FRAMEWORK" -e "INPUT_SKIP_FRAMEWORK" -e "INPUT_EXTERNAL_CHECKS_DIRS" -e "INPUT_EXTERNAL_CHECKS_REPOS" -e "INPUT_ENABLE_SECRETS_SCAN_ALL_FILES" -e "INPUT_BASELINE" -e "INPUT_SOFT_FAIL_ON" -e "INPUT_HARD_FAIL_ON" -e "INPUT_CONTAINER_USER" -e "INPUT_DOCKER_IMAGE" -e "INPUT_DOCKERFILE_PATH" -e "INPUT_VAR_FILE" -e "INPUT_TFC_TOKEN" -e "INPUT_TF_REGISTRY_TOKEN" -e "INPUT_CKV_VALIDATE_SECRETS" -e "INPUT_VCS_BASE_URL" -e "INPUT_VCS_USERNAME" -e "INPUT_VCS_TOKEN" -e "INPUT_BITBUCKET_TOKEN" -e "INPUT_BITBUCKET_APP_PASSWORD" -e "INPUT_BITBUCKET_USERNAME" -e "INPUT_REPO_ROOT_FOR_PLAN_ENRICHMENT" -e "INPUT_POLICY_METADATA_FILTER" -e "INPUT_SKIP_PATH" -e "INPUT_SKIP_CVE_PACKAGE" -e "INPUT_SKIP_DOWNLOAD" -e "INPUT_PRISMA-API-URL" -e "API_KEY_VARIABLE" -e "GITHUB_PAT" -e "TFC_TOKEN" -e "TF_REGISTRY_TOKEN" -e "VCS_USERNAME" -e "VCS_BASE_URL" -e "VCS_TOKEN" -e "BITBUCKET_TOKEN" -e "BITBUCKET_USERNAME" -e "BITBUCKET_APP_PASSWORD" -e "PRISMA_API_URL" -e "CKV_VALIDATE_SECRETS" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "GITHUB_ACTION_PATH" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_ID_TOKEN_REQUEST_URL" -e "ACTIONS_ID_TOKEN_REQUEST_TOKEN" -e "ACTIONS_RESULTS_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/xxxx/xxxx":"/github/workspace" ghcr.io/bridgecrewio/checkov:3.2.74 "" "xxxx" "" "" "" "" "" "" "" "" "" "" "" "" "cli,sarif" "console,results.sarif" "false" "" "DEBUG" "" "" "" "" "" "" "" "" "" "" "" "" "--user 0"
The whole log entry is several thousand lines, so I won't paste it all here, but the final logs are:
Details
2024-04-26 13:06:02,409 [ThreadPoolEx] [INFO ] cant parse policy str to object, Expecting value: line 1 column 1 (char 0)
2024-04-26 13:06:02,410 [ThreadPoolEx] [INFO ] cant parse policy str to object, Expecting value: line 1 column 1 (char 0)
2024-04-26 13:06:02,410 [ThreadPoolEx] [INFO ] cant parse policy str to object, Expecting value: line 1 column 1 (char 0)
2024-04-26 13:06:02,410 [ThreadPoolEx] [INFO ] cant parse policy str to object, Expecting value: line 1 column 1 (char 0)
2024-04-26 13:06:02,411 [ThreadPoolEx] [INFO ] cant parse policy str to object, Expecting value: line 1 column 1 (char 0)
2024-04-26 13:06:02,411 [ThreadPoolEx] [INFO ] cant parse policy str to object, Expecting value: line 1 column 1 (char 0)
2024-04-26 13:06:02,412 [ThreadPoolEx] [INFO ] cant parse policy str to object, Expecting value: line 1 column 1 (char 0)
2024-04-26 13:06:02,412 [ThreadPoolEx] [INFO ] cant parse policy str to object, Expecting value: line 1 column 1 (char 0)
2024-04-26 13:06:02,417 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,417 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_75, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,417 [MainThread ] [DEBUG] should_run_check CKV2_AWS_56: True
2024-04-26 13:06:02,417 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,417 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_75, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,417 [MainThread ] [DEBUG] should_run_check CKV2_AWS_56: True
2024-04-26 13:06:02,417 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_75, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_56: True
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_75, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_56: True
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_LOGGING_29, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_4: True
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_GENERAL_190, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_53: True
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_NETWORKING_59, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_29: True
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_GENERAL_189, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_51: True
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,418 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] bc_check_id = BC_AWS_IAM_73, include_all_checkov_policies = True, is_external = False, explicit_run: []
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] should_run_check CKV2_AWS_40: True
2024-04-26 13:06:02,419 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_56, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_56, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_56, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_56, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_4, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_53, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_29, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_51, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,420 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,421 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,421 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,421 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,421 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,421 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,421 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,421 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
2024-04-26 13:06:02,421 [MainThread ] [DEBUG] Secret was not saved in CKV2_AWS_40, can't omit
It stalled on that last line for a long time, and I had to cancel the workflow in the end
The text was updated successfully, but these errors were encountered: