Azure | Fix IAC-Security Vulnerabilities (AST-47969)

Checkmarx / ast-azure-plugin

The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

Apache License 2.0

4 stars 2 forks source link

By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Fix IAC-Security Vulnerabilities

References

https://checkmarx.atlassian.net/browse/AST-47969

Testing

X

Checklist

[x] I have added documentation for new/changed functionality in this PR (if applicable).
[x] I have updated the CLI help for new/changed functionality in this PR (if applicable).
[x] All active GitHub checks for tests, formatting, and security are passing
[x] The correct base branch is being used

Policy Name	Rule(s)	Break Build
[SAST-ML0] Not allowed NEW Sast vulnerabilities	true

Policy Name

Rule(s)

Break Build

[SAST-ML0] Not allowed NEW Sast vulnerabilities

true

Severity	Issue	Source File / Package
	CVE-2024-4068	Npm-braces-3.0.2
	Unpinned Actions Full Length Commit SHA	/pr-label.yml: 10
	Unpinned Actions Full Length Commit SHA	/ast-scan.yml: 12
	Unpinned Actions Full Length Commit SHA	/dependabot-auto-merge.yml: 23
	Unpinned Actions Full Length Commit SHA	/dependabot-auto-merge.yml: 14
	Unpinned Actions Full Length Commit SHA	/release.yml: 101
	Unpinned Actions Full Length Commit SHA	/release.yml: 68
	Unpinned Actions Full Length Commit SHA	/release.yml: 88

Severity

Issue

Source File / Package