Veraocde SCA Scan failed with exit code 7 Veracode SCA agent scanning engine ready Running the NPM scanner npm WARN config only Use `--omit=dev` to omit dev dependencies from the install. Scanning completed Found 960 lines of code Processing results... Processing results complete Summary Report Scan ID d6a65ad5-8923-421d-a1a6-95a0c6bb01ad Scan Date & Time May 11 2024 04:04AM UTC Account type ENTERPRISE Scan engine 3.8.62 (latest 3.8.62) Analysis time 33 seconds User runner Project /home/runner/work/uploadandscan-action/uploadandscan-action Package Manager(s) NPM Open-Source Libraries Total Libraries 141 Direct Libraries 7 Transitive Libraries 136 Vulnerable Libraries 3 Third Party Code 99.9% Security With Vulnerable Methods 0 Critical Risk Vulnerabilities 0 High Risk Vulnerabilities 1 Medium Risk Vulnerabilities 4 Low Risk Vulnerabilities 0 Vulnerabilities - Public Data CVE-2023-26159 Medium Risk Open Redirect follow-redirects 1.15.2 CVE-2024-28849 Medium Risk Credential Leakage follow-redirects 1.15.2 Vulnerabilities - Premium Data NO-CVE High Risk Prototype Pollution axios 1.6.2 NO-CVE Medium Risk Regular Expression Denial Of Service (ReDoS) axios 1.6.2 NO-CVE Medium Risk Memory Leak inflight 1.0.6 Licenses Unique Library Licenses 8 Libraries Using GPL 1 Libraries With High Risk License 1 Libraries With Medium Risk License 0 Libraries With Low Risk License 143 Libraries With Multiple Licenses 3 Libraries With Unassessable License 0 Libraries With Unrecognizable License 0 Issues Issue ID Issue Type Severity Description Library Name & Version In Use 287821592 Vulnerability 7.5 NO-CVE: Prototype Pollution axios 1.6.2 287821593 Vulnerability 5.3 NO-CVE: Regular Expression Denial Of Service (ReDoS) axios 1.6.2 287821594 Vulnerability 6.5 CVE-2024-28849: Credential Leakage follow-redirects 1.15.2 287821595 Vulnerability 6.1 CVE-2023-26159: Open Redirect follow-redirects 1.15.2 287821596 Vulnerability 6.2 NO-CVE: Memory Leak inflight 1.0.6 287821599 Outdated Library 3.0 Latest version at scan: 9.0.4 minimatch 9.0.3 287821600 Outdated Library 3.0 Latest version at scan: 0.6.2 xml2js 0.6.0 287821601 License 1.0 Library has High-Risk License sjcl 1.0.8 294341591 Outdated Library 3.0 Latest version at scan: 1.10.1 @actions/core 1.10.0 294341592 Outdated Library 3.0 Latest version at scan: 6.0.0 @actions/github 5.1.1 294341593 Outdated Library 3.0 Latest version at scan: 1.7.0-beta.1 axios 1.6.2 295043072 Outdated Library 3.0 Latest version at scan: 2.1.7 @actions/artifact 1.1.1 Full Report Details

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, veracode/veracode-sca@v2.1.9. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "Veracode Agent Based SCA Results". Please update your workflow to use v4 of the artifact actions. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/