Link checker is temperamental and apparently deprecated

[tghosth]

The link checker seems to sometimes fail, even when it should not.

For example:
https://github.com/OWASP/ASVS/actions/runs/9854671316/job/27207915942

The link seems to work even through the link checker said it didn't.

Also, it says in the README that it is deprecated.
https://github.com/gaurav-nelson/github-action-markdown-link-check?tab=readme-ov-file

@ike do you think you could upgrade to the newer tool he suggests?

[ike]

Yeah! Looks like he's also created a new github action.

[tghosth]

Ok so do you want to try and upgrade it?

[tghosth]

Hi @ike, any update on this?

[tghosth]

It would also be good to only include 5.0 in the link checker and not 4.0 because we don't change 4.0 any more but we do add translations so it makes a mess:
https://github.com/OWASP/ASVS/actions/runs/10573577586/job/29345695930?pr=1973

@ike @arkid15r

[arkid15r]

It would also be good to only include 5.0 in the link checker and not 4.0 because we don't change 4.0 any more but we do add translations so it makes a mess: https://github.com/OWASP/ASVS/actions/runs/10573577586/job/29345695930?pr=1973

@ike @arkid15r

Alright, I'll work on migrating the workflow to a proper replacement and running it for 5.0 only.
I'm going to look around first as https://github.com/UmbrellaDocs/action-linkspector looks pretty young action

ERROR: 2 dead links found!
[✖] https://owasp.org/www-project-security-knowledge-framework/ → Status: 404
[✖] https://cheatsheetseries.owasp.org/cheatsheets/IndexASVS.html → Status: 404

The findings from https://github.com/OWASP/ASVS/actions/runs/10573577586/job/29345695930?pr=1973 look legit to me as they are 404. My understanding is they just irrelevant as 4.0 doesn't require any updates @tghosth ?

[tghosth]

My understanding is they just irrelevant as 4.0 doesn't require any updates

Correct

Alright, I'll work on migrating the workflow to a proper replacement and running it for 5.0 only.

Great!

[arkid15r]

Just a small update:

As #2035 has been merged please let me know if you notice something is broken or works not as expected. I'll keep an eye on the workflow too.

The only part left to resolve this issue is addressing URL checker action deprecated status. I'm going to work on it this week.

[tghosth]

Thanks so much!

[tghosth]

Hi @arkid15r did you ever get to this?

[tghosth]

Looks like link checker is causing grief again...

https://github.com/OWASP/ASVS/actions/workflows/url-checker.yml?query=branch%3Amaster

[arkid15r]

Hi @tghosth
actually no, sorry -- I've been busy with some other OWASP projects.

As for this one it seems it's 403ing for this action check request. When I try to open it in a browser it works.

What can be done here:

• add 403 to aliveStatusCodes (quite global change)
• exclude https://securityheaders.com/ URL from checking w/ <!-- markdown-link-check-disable -->

I'm open to other ideas on fixing this case if you have any.

[tghosth]

Ok thanks, do you think the updated link checker would help with this?

[arkid15r]

Not necessarily. It could be just the website's block of the link checker's source IP address.
However, this doesn't change the deprecated tool upgrade need.