Skip to content

Update pom.xml #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Update pom.xml #6

wants to merge 7 commits into from

Conversation

@robwlundy
Copy link
Owner

@robwlundy robwlundy commented Dec 14, 2021

No description provided.

@github-actions
Copy link

github-actions bot commented Dec 14, 2021

ShiftLeft Logo

Summary

ShiftLeft NextGen Static Analysis detected 217 findings in this PR

Severity Count
Critical 23
Moderate 29
Info 44

Additionally there are 4 secrets leaked, and 117 vulnerabilities
inherited from OSS components.

Build Rules

Build rule with ID "allow-zero-findings" failed because it matched 213 findings and the configured threshold is 0

Get more information about this scan.

@github-actions
Copy link

github-actions bot commented Dec 16, 2021

ShiftLeft Logo

Summary

ShiftLeft NextGen Static Analysis detected 216 findings in this PR

Severity Count
Critical 23
Moderate 29
Info 44

Additionally there are 4 secrets leaked, and 116 vulnerabilities
inherited from OSS components.

Build Rules

Build rule with ID "allow-zero-findings" failed because it matched 212 findings and the configured threshold is 0

Get more information about this scan.

@github-actions
Copy link

github-actions bot commented Jan 25, 2022

ShiftLeft LogoShiftLeft Logo

Summary

ShiftLeft NextGen Static Analysis detected 219 findings in this PR

Severity Count
Critical 23
Moderate 29
Info 44

Additionally there are 4 secrets leaked, and 119 vulnerabilities
inherited from OSS components.

Build Rules

Build rule with ID "allow-zero-findings" failed because it matched 215 findings and the configured threshold is 0

Get more information about this scan.

@github-actions
Copy link

github-actions bot commented Jan 25, 2022

ShiftLeft LogoShiftLeft Logo

Checking analysis of application shiftleft-java-demo against 2 build rules.

Checking new findings between scans 12 and 13.

Results per rule:

  • allow-zero-findings: FAIL (1 matched vulnerabilities; configured threshold is 0)

    New findings:

    ID Severity Title
    442 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    Severity Count
    Critical 1
    Moderate 0
    Info 0

  • reachable-oss-vuln: FAIL (1 matched vulnerabilities; configured threshold is 0)

    New findings:

    ID Severity Title
    442 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    Severity Count
    Critical 1
    Moderate 0
    Info 0

2 rules failed.

@github-actions
Copy link

github-actions bot commented Jan 25, 2022

Neither source branch nor scan specified; switching to 'single' mode.

ShiftLeft LogoShiftLeft Logo

Checking analysis of application shiftleft-java-demo against 2 build rules.

Checking findings on scan 17.

Results per rule:

  • allow-zero-findings: FAIL (215 matched vulnerabilities; configured threshold is 0)

    First 5 findings:

    ID Severity Title
    80 critical Sensitive Data Leak: Security-sensitive data leaked to console via firstName in CustomerController.debugEscaped
    83 critical Sensitive Data Leak: Sensitive data is leaked to log in PatientController.getPatient
    85 critical Sensitive Data Leak: Sensitive data is leaked via amount to log in AccountController.withdrawFromAccount
    86 critical Sensitive Data Leak: Sensitive data is leaked via account to log in AccountController.createAccount
    87 critical Sensitive Data Leak: Sensitive data is leaked to log in AccountController.getAccount
    Severity Count
    Critical 63
    Moderate 108
    Info 44
    Finding Type Count
    Vuln 96
    Secret 0
    Insight 0
    Extscan 0
    Oss_vuln 119
    Package 0
    Category Count
    Sensitive Data Usage 41
    Sensitive Data Leak 33
    XSS 9
    Header Injection 3
    Directory Traversal 3
    Deserialization 3
    Security Best Practices 2
    Session Injection 1
    Log Forging 1
    OWASP Category Count
    A3-Sensitive-Data-Exposure 77
    A3-Cross-Site-Scripting 9
    A1-Injection 3
    A5-Broken-Access-Control 3
    A8-Deserialization 3
    A2-Broken-Authentication 1

  • reachable-oss-vuln: FAIL ( 44 matched vulnerabilities; configured threshold is 0)

    First 10 findings:

    ID Severity Title
    272 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    273 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    274 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    275 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    276 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    277 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    278 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    279 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    280 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    281 critical pkg:maven/org.apache.tomcat.embed/[email protected]
    Severity Count
    Critical 38
    Moderate 6
    Info 0

2 rules failed.

@robwlundy
Merge pull request #11 from robwlundy/robwlundy-patch-5
de70dc8 
Update shiftleft.yml to add attackable OSS to build rules
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@robwlundy