Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to fail or pass the action based on alerts #31

Closed
sshniro opened this issue Apr 29, 2020 · 4 comments · Fixed by #35
Closed

Option to fail or pass the action based on alerts #31

sshniro opened this issue Apr 29, 2020 · 4 comments · Fixed by #35
Assignees
@sshniro
Labels
enhancement New feature or request
Milestone
0.4.0

Comments

@sshniro
Copy link
Member

sshniro commented Apr 29, 2020

Currently, the action fails if it finds any alerts in the report. This will trigger an email for the failed action. It will be good to make this behavior configurable.

  fail_action:
    description: 'Fail or pass the action based on alerts'
    required: false
    default: false
@sshniro sshniro changed the title Option to fails to pass the action based on results Option to fails or pass the action based on alerts Apr 29, 2020
@thc202 thc202 mentioned this issue Jul 7, 2020
Closed
@thc202 thc202 changed the title Option to fails or pass the action based on alerts Option to fail or pass the action based on alerts Jul 7, 2020
@richAtreides
Copy link

Is this being worked on?

@kingthorin
Copy link
Member

kingthorin commented Jul 8, 2020
edited
Loading

As a work around you could simply add a step to your action workflow that exits successfully, if your goal is to always run the action but not ever fail the build

...
steps:
    ...
    - name: Exit with success
      run: exit 0

@Lewiscowles1986
Copy link

Will it fail every time? The warnings are not new on the second run. If it's just priming to give discoverability this seems almost desirable. If not, then they are not warnings, but errors and it's an indictment of the tool. For example running on a website with no cookies, hardly any JS, no contact forms, no user login, it starts telling me about software discoverability. There is no software I own in the stack, and the complaints are at best paranoid.

HSTS header missing... Well if I were testing an e-commerce site that might make sense, but actually I want http access.

@kingthorin
Copy link
Member

kingthorin commented Jul 10, 2020
edited
Loading

Will it fail every time?

It depends how you've configured it.

The warnings are not new on the second run.

Have you configured it to only care about new alerts?

HSTS header missing... Well if I were testing an e-commerce site that might make sense, but actually I want http access.

That's why you have the option of passing a rules file. If you don't care about HSTS then configure it as such...

@sshniro sshniro mentioned this issue Jul 10, 2020
Merged
@thc202 thc202 added this to the 0.4.0 milestone Jul 10, 2020
@thc202 thc202 added the enhancement New feature or request label Jul 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sshniro sshniro

Labels
enhancement New feature or request
Milestone
0.4.0
Development

Successfully merging a pull request may close this issue.

Option to fail or pass the action based on results
5 participants
@Lewiscowles1986 @thc202 @kingthorin @sshniro @richAtreides