github-actions[bot]
commented
5 months ago 
Checkmarx One – Scan Summary & Details – 43e9b964-de18-43dc-9d7a-a5bd57426969
Policy Management Violations
| Policy Name | Rule(s) | Break Build |
|---|---|---|
| [SAST-ML0] Not allowed NEW Sast vulnerabilities | true |
New Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
Unpinned Actions Full Length Commit SHA | /delete-dev-releases.yml: 28 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /ci.yml: 38 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /test-ui-windows.yml: 33 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /checkmarx-one-scan.yml: 19 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /release.yml: 136 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /test-ui-mac.yml: 34 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /pr-label.yml: 15 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /test-ui-ubuntu.yml: 33 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /dependabot-auto-merge.yml: 23 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /dependabot-auto-merge.yml: 14 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
Fixed Issues
| Severity | Issue | Source File / Package |
|---|---|---|
 |
CVE-2019-17571 | Gradle-log4j:log4j-1.2.17 |
|
CVE-2021-4104 | Gradle-log4j:log4j-1.2.17 |
|
CVE-2022-23302 | Gradle-log4j:log4j-1.2.17 |
|
CVE-2022-23305 | Gradle-log4j:log4j-1.2.17 |
|
CVE-2022-23307 | Gradle-log4j:log4j-1.2.17 |
|
CVE-2020-15250 | Gradle-junit:junit-4.10 |
|
CVE-2020-15250 | Gradle-junit:junit-4.12 |
 |
Log_Forging | /src/main/java/com/checkmarx/intellij/tool/window/CxToolWindowPanel.java: 438 |
|
Log_Forging | /src/main/java/com/checkmarx/intellij/tool/window/CxToolWindowPanel.java: 438 |
|
Log_Forging | /src/main/java/com/checkmarx/intellij/tool/window/CxToolWindowPanel.java: 438 |
|
Log_Forging | /src/main/java/com/checkmarx/intellij/tool/window/CxToolWindowPanel.java: 438 |
|
Use_of_Broken_or_Risky_Cryptographic_Algorithm | /src/main/java/com/checkmarx/intellij/Utils.java: 42 |
|
Use_of_Broken_or_Risky_Cryptographic_Algorithm | /src/main/java/com/checkmarx/intellij/Utils.java: 42 |
|
Use_of_Broken_or_Risky_Cryptographic_Algorithm | /src/main/java/com/checkmarx/intellij/Utils.java: 42 |
|
Use_of_Broken_or_Risky_Cryptographic_Algorithm | /src/main/java/com/checkmarx/intellij/Utils.java: 42 |
By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
References
Testing
Checklist