github-actions[bot]
commented
3 weeks ago 🦙 MegaLinter status: ⚠️ WARNING
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 4 | 0 | 0.06s | |
| ⚠️ CSS | scss-lint | 2 | 1 | 2.23s | |
| ✅ JAVASCRIPT | prettier | 6 | 0 | 0 | 1.11s |
| ✅ JSON | jsonlint | 7 | 0 | 0.19s | |
| ✅ JSON | npm-package-json-lint | yes | no | 0.39s | |
| ✅ JSON | prettier | 7 | 0 | 0 | 1.57s |
| ✅ JSON | v8r | 7 | 0 | 11.54s | |
| ✅ MARKDOWN | markdownlint | 20 | 0 | 0 | 2.09s |
| ✅ MARKDOWN | markdown-link-check | 20 | 0 | 52.63s | |
| ✅ MARKDOWN | markdown-table-formatter | 20 | 0 | 0 | 0.33s |
| ✅ REPOSITORY | checkov | yes | no | 13.24s | |
| ✅ REPOSITORY | gitleaks | yes | no | 0.14s | |
| ✅ REPOSITORY | git_diff | yes | no | 0.2s | |
| ⚠️ REPOSITORY | grype | yes | 3 | 12.37s | |
| ✅ REPOSITORY | secretlint | yes | no | 2.45s | |
| ⚠️ REPOSITORY | trivy | yes | 1 | 6.73s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | 1.46s | |
| ✅ REPOSITORY | trufflehog | yes | no | 3.13s | |
| ⚠️ SPELL | cspell | 20 | 1 | 2.68s | |
| ✅ YAML | prettier | 14 | 0 | 0 | 1.31s |
| ✅ YAML | v8r | 11 | 0 | 15.05s | |
| ✅ YAML | yamllint | 14 | 0 | 0.44s |
See detailed report in MegaLinter reports
_MegaLinter is graciously provided by 
_
wesley-dean-gsa
Changes proposed in this pull request
This addresses several of the issues SonarQube identified as security hotspots. The most significant changes are that several of our scripts now have hashes presented in the
<script />tags and, should the deployed scripts change, our stuff may break which will require us to rehash and update our scripts.security considerations
These ought to help us address CWE-353.
closes #161