[Bug]: Persistent "Artifact name is not valid" (400 Bad Request) from GitHub API despite valid name & token
47 views
Skip to first unread message
Nikhilesh Singh
Jun 11, 2025, 6:55:44 AMJun 11
to ZAP Developer Group
Description:
I am encountering a persistent issue where the zaproxy/action-baseline fails to upload artifacts, receiving a 400 Bad Request from the GitHub Artifacts API with the message "The artifact name [NAME] is not valid." This occurs even when using simplified, alphanumeric artifact names and with github.token correctly configured.
Action Version: zaproxy/action-...@v0.9.0
Workflow Snippet (relevant part):
YAML
- name: Set permissions for ZAP workspace
run: |
chmod -R 777 ${{ github.workspace }}
- name: 🔥 Run ZAP Baseline Scan
uses: zaproxy/action-...@v0.9.0
with:
target: 'http://localhost:8080'
fail_action: false
allow_issue_writing: true
artifact_name: zapreports # Tried "vuln-scan-results", "zap-scan-results", and "zapreports"
issue_title: ZAP Scan Baseline Report
docker_name: ghcr.io/zaproxy/zaproxy:stable
token: ${{ github.token }}
run: |
chmod -R 777 ${{ github.workspace }}
- name: 🔥 Run ZAP Baseline Scan
uses: zaproxy/action-...@v0.9.0
with:
target: 'http://localhost:8080'
fail_action: false
allow_issue_writing: true
artifact_name: zapreports # Tried "vuln-scan-results", "zap-scan-results", and "zapreports"
issue_title: ZAP Scan Baseline Report
docker_name: ghcr.io/zaproxy/zaproxy:stable
token: ${{ github.token }}
Observed Behavior:
- The ZAP scan runs successfully, and new GitHub issues are created as expected.
- The action's logs for the artifact upload step explicitly state "Artifact name is valid!"
- Immediately after this, a 400 Bad Request is received from the GitHub Artifacts API endpoint, with the message Error: Create Artifact Container failed: The artifact name [tried_name] is not valid.
- This behavior is consistent across multiple runs, even after simplifying the artifact name to zapreports (a purely alphanumeric, short name).
- Authentication with github.token is confirmed to be correct in the YAML, and other GitHub API interactions (issue creation) work fine.
- A previous "Permission denied" error for zap.yaml was resolved by adding chmod -R 777 ${{ github.workspace }}.
Expected Behavior:
The artifact should be successfully uploaded to the GitHub workflow run.
Logs (relevant section from latest attempt):
Starting artifact upload
For more detailed logs during the artifact upload process, enable step-debugging: https://docs.github.com/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging
Artifact name is valid!
Create Artifact Container - Error is not retryable
##### Begin Diagnostic HTTP information #####
Status Code: 400
Status Message: Bad Request
Header Information: {
"content-length": "268",
"content-type": "application/json; charset=utf-8",
"date": "Wed, 11 Jun 2025 09:32:18 GMT",
"server": "Kestrel",
"cache-control": "no-store,no-cache",
"pragma": "no-cache",
"strict-transport-security": "max-age=2592000",
"x-tfs-processid": "8b9c339b-4d83-471e-bf2f-794549280e58",
"activityid": "ab74c3b6-ee22-40fe-bb60-4aa7367a058f",
"x-tfs-session": "ab74c3b6-ee22-40fe-bb60-4aa7367a058f",
"x-vss-e2eid": "ab74c3b6-ee22-40fe-bb60-4aa7367a058f",
"x-vss-senderdeploymentid": "0bea2708-580e-d31c-f6de-bbc2333e4650",
"x-frame-options": "SAMEORIGIN"
}
###### End Diagnostic HTTP information ######
Error: Create Artifact Container failed: The artifact name zapreports is not valid. Request URL https://pipelinesghubeus15.actions.githubusercontent.com/CFIVKztmAaHK7YdaWG7BNLEwiD6N8FVmZo3KvESrAuDJzHlKNp/_apis/pipelines/workflows/15581218256/artifacts?api-version=6.0-preview
Environment:
- Runner: ubuntu-latest
- Repository: [Your GitHub Repository URL, e.g., https://github.com/Niksinikhilesh045/automated-security-scanning-devsecops]
- Workflow Run ID: 15581218256
psiinon
Jun 11, 2025, 6:58:44 AMJun 11
to ZAP Developer Group
You've just raised a bug for this https://github.com/zaproxy/action-baseline/issues/134
Please do NOT post about the same thing in multiple places - the ZAP team monitors all of our repos and groups, so you are just causing noise.
In this case we'll follow up on this issue.
Nikhilesh Singh
Jun 11, 2025, 8:13:55 AMJun 11
to zaproxy...@googlegroups.com
Okay, for sure.
This was in measure to report the issue.
--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP Developer Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-devel...@googlegroups.com.
To view this discussion, visit https://groups.google.com/d/msgid/zaproxy-develop/c3dcedd7-bd55-4f7e-a0c6-257ba297d540n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages