Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public GH repo is getting 422 Validation Failed #4352

Open
diberry opened this issue Sep 18, 2024 · 1 comment
Open

Public GH repo is getting 422 Validation Failed #4352

diberry opened this issue Sep 18, 2024 · 1 comment
Labels
kind/bug Something isn't working

Comments

@diberry
Copy link

diberry commented Sep 18, 2024

Describe the bug
Run OSS CLI on public GH repo with valid GH PAT - get 422 error for dependabot commit search.

Related to issue #3607

Reproduction steps
Steps to reproduce the behavior:

  1. Install OSS CLI, create PAT and add to env
  2. Run tool: scorecard --repo=github.com/Azure/azureml-examples
  3. Aggregate score and many of the rows display then get 422
scorecard --repo=github.com/Azure/azureml-examples
Starting [Fuzzing]
Starting [Binary-Artifacts]
Starting [CI-Tests]
Starting [Token-Permissions]
Starting [Dangerous-Workflow]
Starting [Dependency-Update-Tool]
Starting [License]
Starting [Security-Policy]
Starting [Signed-Releases]
Starting [Vulnerabilities]
Starting [Pinned-Dependencies]
Starting [Maintained]
Starting [Packaging]
Starting [CII-Best-Practices]
Starting [SAST]
Starting [Branch-Protection]
Starting [Contributors]
Starting [Code-Review]
Finished [Token-Permissions]
Finished [Dangerous-Workflow]
Finished [Fuzzing]
Finished [Binary-Artifacts]
Finished [CI-Tests]
Finished [Signed-Releases]
Finished [Vulnerabilities]
Finished [Dependency-Update-Tool]
Finished [License]
Finished [Security-Policy]
Finished [Packaging]
Finished [CII-Best-Practices]
Finished [Pinned-Dependencies]
Finished [Maintained]
Finished [Contributors]
Finished [Code-Review]
Finished [SAST]
Finished [Branch-Protection]

RESULTS
-------
Aggregate score: 6.0 / 10

Check scores:
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
|  SCORE  |          NAME          |                                                       REASON                                                       |                                               DOCUMENTATION/REMEDIATION                                               |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 9 / 10  | Binary-Artifacts       | binaries present in source                                                                                         | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#binary-artifacts       |
|         |                        | code
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 8 / 10  | Branch-Protection      | branch protection is not
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#branch-protection      |
|         |                        | maximal on development and all
                                |
                                |
|         |                        | release branches
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | CI-Tests               | 30 out of 30 merged PRs
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#ci-tests               |
|         |                        | checked by a CI test -- score
                                |
                                |
|         |                        | normalized to 10
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | CII-Best-Practices     | no effort to earn an OpenSSF
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#cii-best-practices     |
|         |                        | best practices badge detected
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Code-Review            | all changesets reviewed
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#code-review            |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Contributors           | project has 11 contributing
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#contributors           |
|         |                        | companies or organizations
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Dangerous-Workflow     | no workflows found
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dangerous-workflow     |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Dependency-Update-Tool | internal error: dependabot commit search: Search.Code: GET
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#dependency-update-tool |
|         |                        | https://api.github.com/search/commits?per_page=100&q=repo%3AAzure%2Fazureml-examples+author%3Adependabot%5Bbot%5D: |
                                |
|         |                        | 422 Validation Failed [{Resource:Search Field:q Code:invalid Message:The listed users and repositories cannot be   |
                                |
|         |                        | searched either because the resources do not exist or you do not have permission to view them.}]                   |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Fuzzing                | project is not fuzzed
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#fuzzing                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | License                | license file detected
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#license                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Maintained             | 30 commit(s) and 2 issue
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#maintained             |
|         |                        | activity found in the last 90
                                |
                                |
|         |                        | days -- score normalized to 10
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Packaging              | packaging workflow not
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#packaging              |
|         |                        | detected
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Pinned-Dependencies    | dependency not pinned by hash
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#pinned-dependencies    |
|         |                        | detected -- score normalized
                                |
                                |
|         |                        | to 0
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | SAST                   | SAST tool is not run on all
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#sast                   |
|         |                        | commits -- score normalized to
                                |
                                |
|         |                        | 0
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Security-Policy        | security policy file detected
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#security-policy        |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Signed-Releases        | no releases found
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#signed-releases        |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Token-Permissions      | No tokens found
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#token-permissions      |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Vulnerabilities        | 151 existing vulnerabilities
                                | https://github.com/ossf/scorecard/blob/ea7e27ed41b76ab879c862fa0ca4cc9c61764ee4/docs/checks.md#vulnerabilities        |
|         |                        | detected
                                |
                                |
|---------|------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|
Error: check runtime error: Dependency-Update-Tool: internal error: dependabot commit search: Search.Code: GET https://api.github.com/search/commits?per_page=100&q=repo%3AAzure%2Fazureml-examples+author%3Adependabot%5Bbot%5D: 422 Validation Failed [{Resource:Search Field:q Code:invalid Message:The listed users and repositories cannot be searched either because the resources do not exist or you do not have permission to view them.}]
2024/09/18 09:52:44 error during command execution: check runtime error: Dependency-Update-Tool: internal error: dependabot commit search: Search.Code: GET https://api.github.com/search/commits?per_page=100&q=repo%3AAzure%2Fazureml-examples+author%3Adependabot%5Bbot%5D: 422 Validation Failed [{Resource:Search Field:q Code:invalid Message:The listed users and repositories cannot be searched either because the resources do not exist or you do not have permission to view them.}]

Expected behavior
Why is the a 422 on a public repo? Could the error be more informative about what is incorrectly configured for the repo that causes this issue with OSS CLI?

Additional context
Add any other context about the problem here.
@diberry diberry added the kind/bug Something isn't working label Sep 18, 2024
@spencerschrock
Copy link
Member

Can you describe how you created your PAT? The repository works for me (with a classic PAT).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something isn't working
Projects
Scorecard - NEW
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spencerschrock @diberry