Skip to content

owasp scanning issues #25

Description

@mos9mu

Hi team,

Even after whitelisting the GITHUB IPs ($curl https://api.github.com/meta | jq '.actions') inside the security group of the owasp tracker application that we host (on EC2 instance), we face issues while running the owasp pipeline

image
It says request timed out error.

Furthermore, we also tried to whitelist all IPs (0.0.0.0/0) inside the security group of the owasp tracker application, and we get error 405 code response as below
image

I'm not sure where the issue is coming from...

Do you know if we are missing something here?

Here is our code:-

workflow file for owasp tracking contains:-

  • uses: DependencyTrack/gh-upload-sbom@v2.0.0
    with:
    serverHostname: 'dt-xxxx-owaspdtrack.com'
    protocol: 'https'
    apiKey: ${{ secrets.SECRET_OWASP_DT_KEY }}
    projectName: 'TestZ_java'
    projectVersion: 'master'
    bomFilename: "src/main/java/zeeshan/bom.xml"
    autoCreate: true

this is our bom.xml file which is written manually:-
image

this is the plugin that we use in pom.xml file:-
image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions