fix: resolve TypeError in SummaryReportPresenter (issue #108)#110
Merged
Conversation
The scan result JSON was read by shelling out to `cat` and capturing stdout via @actions/exec listeners. Node.js 24 changed stream/pipe error handling — errors previously swallowed silently now propagate, which can cause incomplete stdout delivery for large JSON files. Replace with fs.readFileSync since the scanner already writes to disk. This eliminates the streaming/buffering layer entirely. Closes #108
Remove non-null assertions (!) on packageRef/vulnerabilityRef lookups in policy failure hydration. When a referenced package or vulnerability cannot be resolved (e.g. incomplete scan result data), the failure is skipped instead of passing undefined through to the presenter, which would crash with TypeError: Cannot read properties of undefined.
Scanner v1.25.0 (SSPROD-61902) introduced meta-packages in the JSON v1 output representing the base OS distro and container image. These entries lack layerRef and path fields, causing the adapter to skip them entirely — losing their vulnerabilities and policy failure references. Make Package.foundInLayer nullable so these packages can be hydrated. They won't appear in "per layer" sections (they don't belong to any layer) but will appear in policy failure reports. Also bump the default cli-scanner-version to 1.26.0 (latest) to align action.yml with SysdigCliScannerConstants.ts and README.md. Ref: SSPROD-67963
b92fe92 to
a6c4e92
Compare
alecron
approved these changes
May 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes the
TypeError: Cannot read properties of undefined (reading 'name')crash inSummaryReportPresenter.getRulePkgMessagereported in #108.The scan result JSON was being read by piping
catthrough@actions/execstdout listeners. After upgrading the action runtime to Node.js 24, changes in stream/pipe error handling can cause incomplete stdout delivery for large files. Replace withfs.readFileSyncsince the scanner already writes to disk.Additionally, scanner versions >= 1.25.0 introduced meta-packages (base OS distro, container image) in the JSON v1 output without
layerRef/pathfields. These were silently dropped, losing their vulnerabilities and any policy failures referencing them. The adapter now hydrates these packages with a nullable layer so they appear in policy failure reports.The breaking change in the scanner output has been reported to the engineering team that maintains
sysdig-cli-scannerfor a proper fix on their side.Closes #108