Skip to content

Veracode Security Scan #415

Veracode Security Scan

Veracode Security Scan #415

Triggered via schedule September 1, 2024 04:01
Status Failure
Total duration 8m 35s
Artifacts 1
Veracode SCA scan
52s
Veracode SCA scan
Veracode SAST policy scan
8m 24s
Veracode SAST policy scan
Fit to window
Zoom out
Zoom in

Annotations

1 error and 4 warnings
Veracode SCA scan
Veraocde SCA Scan failed with exit code 7 Veracode SCA agent scanning engine ready Running the NPM scanner npm warn config only Use `--omit=dev` to omit dev dependencies from the install. Scanning completed Found 0 lines of code Processing results... Processing results complete Summary Report Scan ID 24012298-beb2-40d6-8e5a-402f30081e93 Scan Date & Time Sep 01 2024 04:02AM UTC Account type ENTERPRISE Scan engine 3.8.73 (latest 3.8.73) Analysis time 41 seconds User runner Project /home/runner/work/Veracode-pipeline-scan-action/Veracode-pipeline-scan-action Package Manager(s) NPM, Jar Open-Source Libraries Total Libraries 172 Direct Libraries 6 Transitive Libraries 168 Vulnerable Libraries 4 Third Party Code 100% Security With Vulnerable Methods 0 Critical Risk Vulnerabilities 0 High Risk Vulnerabilities 2 Medium Risk Vulnerabilities 2 Low Risk Vulnerabilities 0 Vulnerabilities - Public Data CVE-2024-41818 High Risk Regular Expression Denial Of Service (ReDoS) fast-xml-parser 4.4.0 CVE-2024-39338 High Risk Server-Side Request Forgery (SSRF) axios 1.7.2 CVE-2024-39249 Medium Risk Regular Expression Denial Of Service (ReDoS) async 3.2.5 Vulnerabilities - Premium Data NO-CVE Medium Risk Memory Leak inflight 1.0.6 Licenses Unique Library Licenses 10 Libraries Using GPL 1 Libraries With High Risk License 1 Libraries With Medium Risk License 0 Libraries With Low Risk License 173 Libraries With Multiple Licenses 3 Libraries With Unassessable License 1 Libraries With Unrecognizable License 0 Issues Issue ID Issue Type Severity Description Library Name & Version In Use 201811398 Vulnerability 6.2 NO-CVE: Memory Leak inflight 1.0.6 220935280 License 1.0 Library has High-Risk License sjcl 1.0.8 294337976 Outdated Library 3.0 Latest version at scan: 6.0.0 @actions/github 5.1.1 309151992 Vulnerability 5.3 CVE-2024-39249: Regular Expression Denial Of Service (ReDoS) async 3.2.5 316180343 Vulnerability 7.5 CVE-2024-41818: Regular Expression Denial Of Service (ReDoS) fast-xml-parser 4.4.0 317236611 Outdated Library 3.0 Latest version at scan: 2.1.9 @actions/artifact 2.1.7 320314298 Vulnerability 7.5 CVE-2024-39338: Server-Side Request Forgery (SSRF) axios 1.7.2 325450673 Outdated Library 3.0 Latest version at scan: 1.7.7 axios 1.7.2 325450674 Outdated Library 3.0 Latest version at scan: 5.7.0-dev.20240831 typescript 4.9.5 Full Report Details https://sca.analysiscenter.veracode.com/teams/700tzKDV/scans/72925993
Veracode SCA scan
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
Veracode SCA scan
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v2, veracode/[email protected]. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
Veracode SAST policy scan
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "Veracode Agent Based SCA Results". Please update your workflow to use v4 of the artifact actions. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

Artifacts

Produced during runtime
Name Size
Veracode Agent Based SCA Results
3.65 KB