Skip to content
CI Pull Request on Main Branch

Merge pull request #114 from inspec/nm/trufflehog-restrict-merge #10

Sign in to view logs

Merge pull request #114 from inspec/nm/trufflehog-restrict-merge

Merge pull request #114 from inspec/nm/trufflehog-restrict-merge #10

Triggered via push April 8, 2026 16:07
@Nik08Nik08
pushed 79138a4
main
Status Failure
Total duration 2m 27s
Artifacts 6

ci-main-pull-request-stub.yml

on: push
Detect custom properties
6s
Detect custom properties
Echo stub version
3s
Echo stub version
call-ci-main-pr-check-pipeline  /  Checkout repository
4s
call-ci-main-pr-check-pipeline / Checkout repository
call-ci-main-pr-check-pipeline  /  Pre-compilation checks
4s
call-ci-main-pr-check-pipeline / Pre-compilation checks
call-ci-main-pr-check-pipeline  /  Build/compilation and unit tests (CI)
43s
call-ci-main-pr-check-pipeline / Build/compilation and unit tests (CI)
call-ci-main-pr-check-pipeline  /  ...  /  Export SBOM from GitHub Dependency Graph API
9s
call-ci-main-pr-check-pipeline / Generating SBOM / Export SBOM from GitHub Dependency Graph API
call-ci-main-pr-check-pipeline  /  ...  /  Blackduck SCA Scan (PURPLE)
2m 4s
call-ci-main-pr-check-pipeline / Generating SBOM / Blackduck SCA Scan (PURPLE)
call-ci-main-pr-check-pipeline  /  ...  /  Generate MSFT SBOM
0s
call-ci-main-pr-check-pipeline / Generating SBOM / Generate MSFT SBOM
call-ci-main-pr-check-pipeline  /  ...  /  license_scout
0s
call-ci-main-pr-check-pipeline / Generating SBOM / license_scout
call-ci-main-pr-check-pipeline  /  ...  /  Complexity and SLOC generation
21s
call-ci-main-pr-check-pipeline / Source code complexity checks / Complexity and SLOC generation
call-ci-main-pr-check-pipeline  /  Language-specific pre-compilation steps and linting
5s
call-ci-main-pr-check-pipeline / Language-specific pre-compilation steps and linting
call-ci-main-pr-check-pipeline  /  Language-agnostic pre-compilation steps
3s
call-ci-main-pr-check-pipeline / Language-agnostic pre-compilation steps
call-ci-main-pr-check-pipeline  /  ...  /  Trufflehog
19s
call-ci-main-pr-check-pipeline / Trufflehog scan / Trufflehog
call-ci-main-pr-check-pipeline  /  Grype scan
0s
call-ci-main-pr-check-pipeline / Grype scan
call-ci-main-pr-check-pipeline  /  ...  /  BlackDuck Polaris SAST scan
1m 24s
call-ci-main-pr-check-pipeline / BlackDuck Polaris SAST scan / BlackDuck Polaris SAST scan
call-ci-main-pr-check-pipeline  /  ...  /  Grype vulnerability scan
call-ci-main-pr-check-pipeline / Grype Docker image scan / Grype vulnerability scan
call-ci-main-pr-check-pipeline  /  ...  /  Grype scan (Linux)
call-ci-main-pr-check-pipeline / Grype scan Habitat packages from bldr.habitat.sh / Grype scan (Linux)
call-ci-main-pr-check-pipeline  /  ...  /  Grype scan (MacOS)
call-ci-main-pr-check-pipeline / Grype scan Habitat packages from bldr.habitat.sh / Grype scan (MacOS)
call-ci-main-pr-check-pipeline  /  ...  /  Grype scan (Windows)
call-ci-main-pr-check-pipeline / Grype scan Habitat packages from bldr.habitat.sh / Grype scan (Windows)
call-ci-main-pr-check-pipeline  /  Creating packaged binaries
0s
call-ci-main-pr-check-pipeline / Creating packaged binaries
call-ci-main-pr-check-pipeline  /  Detect SBOM version for application
0s
call-ci-main-pr-check-pipeline / Detect SBOM version for application
Matrix: call-ci-main-pr-check-pipeline / Unit tests
call-ci-main-pr-check-pipeline  /  ...  /  irfan
call-ci-main-pr-check-pipeline / Reporting to quality dashboard / irfan
call-ci-main-pr-check-pipeline  /  Creating Habitat packages
0s
call-ci-main-pr-check-pipeline / Creating Habitat packages
call-ci-main-pr-check-pipeline  /  Publishing Habitat packages to Builder
0s
call-ci-main-pr-check-pipeline / Publishing Habitat packages to Builder
call-ci-main-pr-check-pipeline  /  Publishing packages
0s
call-ci-main-pr-check-pipeline / Publishing packages
call-ci-main-pr-check-pipeline  /  Grype scan of Habitat packages
0s
call-ci-main-pr-check-pipeline / Grype scan of Habitat packages
call-ci-main-pr-check-pipeline  /  Grype scan of Habitat packages (Windows)
0s
call-ci-main-pr-check-pipeline / Grype scan of Habitat packages (Windows)
Fit to window
Zoom out
Zoom in

Annotations

2 errors and 5 warnings
call-ci-main-pr-check-pipeline / Build/compilation and unit tests (CI)
Process completed with exit code 1.
call-ci-main-pr-check-pipeline / BlackDuck Polaris SAST scan / BlackDuck Polaris SAST scan
Workflow failed! Exit Code: 2 Error from adapter end
Detect custom properties
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / Generating SBOM / Export SBOM from GitHub Dependency Graph API
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / Source code complexity checks / Complexity and SLOC generation
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / BlackDuck Polaris SAST scan / BlackDuck Polaris SAST scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: blackduck-inc/black-duck-security-scan@v2. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / Generating SBOM / Blackduck SCA Scan (PURPLE)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4, blackduck-inc/black-duck-security-scan@v2.1.1. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

Artifacts

Produced during runtime
Name Size Digest
inspec-alicloud-Gemfile-lock.txt
5.01 KB
sha256:fec57008efd0a3a4c61ef05fd7af1dd5a22b9c034ef026614fe2ab4ba8e73ec6
inspec-inspec-alicloud-20260408160818-GitHub-sbom.json
1.39 KB
sha256:73a4f6f3aa01766f30fc775baad3ce52c36ae37c7fe2d27004c5e4be03c28104
inspec-inspec-alicloud-main-0.10.24-20260408160818-GitHub-sbom.csv
765 Bytes
sha256:0ea0a47a35b9ec4558626bc9efda007b1eb308abfd8371f45d4737bb7e961d03
inspec-inspec-alicloud-main-20260408160832-scc-complexity.html
5.25 KB
sha256:1b231456ac36008d48eb75243c854b7a91d583ee8f16bc82ec96570a5405b711
inspec-inspec-alicloud-main-20260408160832-scc-complexity.json
6.43 KB
sha256:891d300696eaecf10b2f8ea03f3fae10a3788dde96b81e6f0137ee2066e58a7c
inspec-inspec-alicloud-main-20260408160832-scc-complexity.txt
778 Bytes
sha256:4b14cee7f7d9da5baa2f67bf599db8ec94a5fb71f09e0256f658c9102830521c