search

Checkmarx / ast-visual-studio-extension

The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE
https://marketplace.visualstudio.com/items?itemName=checkmarx.astVisualStudioExtension
Apache License 2.0
2 stars 6 forks source link

Fix vulnerabilities and tests, upgrade packages and CLI version (AST-38513) #160

Closed checkmarx-kobi-hagmi closed 5 months ago

checkmarx-kobi-hagmi commented 5 months ago

Description

Fix vulnerabilities and tests, upgrade packages and CLI to version 2.1.0

References

https://checkmarx.atlassian.net/browse/AST-38513

Testing

Manually tested and verified

Checklist

github-actions[bot] commented 5 months ago

Logo Checkmarx One – Scan Summary & Detailsae5c2ae7-93a2-4a19-a3a9-df4b5711e2e0

Policy Management Violations

Policy Name Rule(s) Break Build
[SAST-ML0] Not allowed NEW Sast vulnerabilities true

Fixed Issues

Severity Issue Source File / Package
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 115
MEDIUM Unpinned Actions Full Length Commit SHA /pr-label.yml: 15
MEDIUM Unpinned Actions Full Length Commit SHA /nightly.yml: 32
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 85
MEDIUM Unpinned Actions Full Length Commit SHA /update-cli.yml: 33
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 74
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 93
MEDIUM Unpinned Actions Full Length Commit SHA /ci.yml: 20
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 23
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 127
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 45
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 14
MEDIUM Unpinned Actions Full Length Commit SHA /ast-scan.yml: 12
MEDIUM Unpinned Actions Full Length Commit SHA /ci.yml: 17