Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create checkmarx.yaml #62

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

Create checkmarx.yaml #62

wants to merge 16 commits into from

Conversation

saargon
Copy link
Contributor

@saargon saargon commented Jun 29, 2023

No description provided.

github-actions[bot]
github-actions bot reviewed Jun 29, 2023
View reviewed changes
.github/workflows/checkmarx.yaml Outdated
@@ -0,0 +1,36 @@
name: build
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-PIPELINE-0020
Check Name: Ensure scanners are in place to identify and prevent sensitive data in pipeline files
Severity: HIGH
Message: No secrets scanning tool is used in pipeline
[This comment was created by Aqua Pipeline]

github-actions[bot]
github-actions bot reviewed Jun 29, 2023
View reviewed changes
.github/workflows/checkmarx.yaml Outdated
@@ -0,0 +1,36 @@
name: build
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-PIPELINE-0021
Check Name: Ensure pipelines are automatically scanned for vulnerabilities
Severity: HIGH
Message: No vulnerabilities scanning tool is used in pipeline
[This comment was created by Aqua Pipeline]

github-actions[bot]
github-actions bot reviewed Jun 29, 2023
View reviewed changes
.github/workflows/checkmarx.yaml

jobs:
checkmarx:
name: Aqua scanner
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-PIPELINE-0022
Check Name: Ensure pipeline steps produce an SBOM
Severity: HIGH
Message: Consider adding SBOM generation tool to build job 'Aqua scanner'
[This comment was created by Aqua Pipeline]

github-actions[bot]
github-actions bot reviewed Jun 29, 2023
View reviewed changes
.github/workflows/checkmarx.yaml Outdated
@@ -0,0 +1,36 @@
name: build
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-PIPELINE-0024
Check Name: Ensure scanners are in place to identify and prevent IaC misconfigurations in pipeline files
Severity: HIGH
Message: No IaC scanning tool is used in pipeline
[This comment was created by Aqua Pipeline]

github-actions[bot]
github-actions bot reviewed Jun 29, 2023
View reviewed changes
.github/workflows/checkmarx.yaml

jobs:
checkmarx:
name: Aqua scanner
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-PIPELINE-0011
Check Name: HTTP usage instead of HTTPS
Severity: MEDIUM
Message: Avoid fetching from usecured resources (using http) in job 'Aqua scanner', step 'Simulate secret exfiltration'
[This comment was created by Aqua Pipeline]

github-actions[bot]
github-actions bot reviewed Jun 29, 2023
View reviewed changes
.github/workflows/checkmarx.yaml Outdated
@@ -0,0 +1,60 @@
name: build
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Aqua detected misconfiguration in your code

Misconfiguration ID: AVD-PIPELINE-0025
Check Name: Ensure scanners are in place to identify and prevent SAST findings in pipeline files
Severity: HIGH
Message: No SAST scanning tool is used in pipeline
[This comment was created by Aqua Pipeline]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions GitHub Actions github-actions left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@saargon