Error using horusec in GitHub Actions pipeline

When trying to use horusec analysis in our pipeline, we faced this error:

We had a previous pipeline configured and running with no problems in another repository, and when we created this new one, the error above happened.

Both pipelines are running on the same custom runner, so I don’t think it is exactly a problem with our runner, cause it worked on the previous repository.

This is the job that runs Horusec analysis:

  security:
    runs-on: self-hosted
    needs: build
    defaults:
      run:
        working-directory: ./backend/micronaut
    steps:
      - name: Horusec Security
        run: |
          curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/master/deployments/scripts/install.sh | bash
          horusec start -p ./

Do you guys have any idea of what could be wrong?

hello @emiteze !

When horusec starts its analysis it creates a clone of your project in a temporary folder in the {PROJECT}/.horusec/{Analysis_ID}/{PROJECT} directory. As much as he creates the directory with few permissions, he needs at least a privileged permission to create directories and files inside his CI/CD flow, so try to check if your Jenkins has these permissions and add them to your project

1 Like

Hello @wilian.silva .

We’ve tried to fix this, but have not success. The error is in the GitHub Actions CI/CD actually.
When we run the job just like @emiteze said above, into a personal repository it runs correctly, but when we try to run it into a organization (orangestack in this case) the error persists.

hello @icaroafonso
in this case you have permission for download external file inside your pipeline in github actions? because in print is not possible assign executable binary because it not exists. In second line you can see the error curl: (23) Failed writing body (0 != 1362) try download binary by other format how by example wget.