Fix Delete Incomplete Scan Issue #121
nightlyScan.yml
on: pull_request
Veracode SCA scan
58s
Veracode SAST policy scan
8m 20s
Annotations
1 error and 3 warnings
Veracode SCA scan
Veraocde SCA Scan failed with exit code 7
Veracode SCA agent scanning engine ready
Running the NPM scanner
npm warn config only Use `--omit=dev` to omit dev dependencies from the install.
Scanning completed
Found 1058 lines of code
Processing results...
Processing results complete
Summary Report
Scan ID 45365423-4634-4f59-8f59-a4be656fe503
Scan Date & Time Jul 31 2024 01:16AM UTC
Account type ENTERPRISE
Scan engine 3.8.70 (latest 3.8.70)
Analysis time 50 seconds
User runner
Project /home/runner/work/uploadandscan-action/uploadandscan-action
Package Manager(s) NPM
Open-Source Libraries
Total Libraries 174
Direct Libraries 7
Transitive Libraries 170
Vulnerable Libraries 3
Third Party Code 99.9%
Security
With Vulnerable Methods 0
Critical Risk Vulnerabilities 0
High Risk Vulnerabilities 1
Medium Risk Vulnerabilities 2
Low Risk Vulnerabilities 0
Vulnerabilities - Public Data
CVE-2024-41818 High Risk Regular Expression Denial Of Service (ReDoS) fast-xml-parser 4.4.0
CVE-2024-39249 Medium Risk Regular Expression Denial Of Service (ReDoS) async 3.2.5
Vulnerabilities - Premium Data
NO-CVE Medium Risk Memory Leak inflight 1.0.6
Licenses
Unique Library Licenses 9
Libraries Using GPL 1
Libraries With High Risk License 1
Libraries With Medium Risk License 0
Libraries With Low Risk License 174
Libraries With Multiple Licenses 3
Libraries With Unassessable License 2
Libraries With Unrecognizable License 0
Issues
Issue ID Issue Type Severity Description Library Name & Version In Use
316164864 Vulnerability 5.3 CVE-2024-39249: Regular Expression Denial Of Service (ReDoS) async 3.2.5
316164865 Vulnerability 7.5 CVE-2024-41818: Regular Expression Denial Of Service (ReDoS) fast-xml-parser 4.4.0
316164866 Vulnerability 6.2 NO-CVE: Memory Leak inflight 1.0.6
316164867 Outdated Library 3.0 Latest version at scan: 6.0.0 @actions/github 5.1.1
316164868 Outdated Library 3.0 Latest version at scan: 10.0.1 minimatch 9.0.4
316164869 License 1.0 Library has High-Risk License sjcl 1.0.8
Full Report Details https://sca.analysiscenter.veracode.com/teams/PaainWzy/scans/70994011
|
Veracode SCA scan
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3, veracode/veracode-sca@v2.1.9. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
Veracode SAST policy scan
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@v3. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "Veracode Agent Based SCA Results".
Please update your workflow to use v4 of the artifact actions.
Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
|
Artifacts
Produced during runtime
Name | Size | |
---|---|---|
Veracode Agent Based SCA Results
|
3.14 KB |
|