Skip to content
security-checks

fix(query): openapi pattern undefined fp enum and format sanitizers #2566

Sign in to view logs

fix(query): openapi pattern undefined fp enum and format sanitizers

fix(query): openapi pattern undefined fp enum and format sanitizers #2566

Triggered via pull request January 31, 2025 14:38
@EduardoSemanasEduardoSemanas
opened #7323
ast-65357
Status Failure
Total duration 2m 49s
Artifacts 6

sec-checks.yaml

on: pull_request
Trivy fs scan
28s
Trivy fs scan
Grype fs scan
20s
Grype fs scan
govulncheck fs scan
56s
govulncheck fs scan
govulncheck binary scan
2m 5s
govulncheck binary scan
Matrix: Grype docker image scan
Matrix: Trivy docker image scan
Fit to window
Zoom out
Zoom in

Annotations

13 errors and 1 warning
govulncheck fs scan
Process completed with exit code 1.
govulncheck fs scan
descriptions.doRequest calls http.Client.Do
govulncheck fs scan
provider.getPaths calls getter.Client.Get, which eventually calls http.Client.PostForm
govulncheck fs scan
utils.JSONSchemaCompare calls gojsonschema.Validate, which eventually calls http.Get
govulncheck fs scan
parser.BicepLexerInit calls sync.Once.Do, which eventually calls x509.CertPool.AppendCertsFromPEM
govulncheck fs scan
descriptions.Client.RequestDescriptions calls io.ReadAll, which eventually calls x509.Certificate.Verify
govulncheck fs scan
descriptions.Client.RequestDescriptions calls io.ReadAll, which eventually calls x509.Certificate.VerifyHostname
govulncheck fs scan
source.FilesystemSource.GetQueryLibrary calls x509.HostnameError.Error
govulncheck fs scan
utils.getCertificateInfo calls x509.ParseCertificate
govulncheck fs scan
engine.QueryLoader.LoadQuery calls rego.Rego.PrepareForEval, which eventually calls x509.ParseCertificateRequest
govulncheck fs scan
engine.QueryLoader.LoadQuery calls rego.Rego.PrepareForEval, which eventually calls x509.ParseCertificates
govulncheck binary scan
Process completed with exit code 1.
Grype docker image scan (Dockerfile)
Failed minimum severity level. Found vulnerabilities with level 'low' or higher
govulncheck binary scan
No files were found with the provided path: ./binary_dependencies.txt. No artifacts will be uploaded.

Artifacts

Produced during runtime
Name Size
Checkmarx~kics~FGIFHT.dockerbuild
101 KB
Checkmarx~kics~P9LO8L.dockerbuild
99.9 KB
govulncheck-binary-scan-results
4.06 KB
govulncheck-fs-scan-results
4.85 KB
trivy-docker-image-scan-results
1022 Bytes
trivy-fs-scan-results
138 Bytes