search

cyates-checkmarx / terragoat

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
https://www.bridgecrew.io/
Apache License 2.0
0 stars 0 forks source link

Mobb workflow initiation #1

Closed cyates-checkmarx closed 9 months ago

cyates-checkmarx commented 9 months ago

This workflow is triggered on every pull request. It runs a security scans and then provides automatic fixes to the revealed issues. Developers will see the fix suggestions in the PR conversation page.

cyates-checkmarx commented 9 months ago

Logo Checkmarx One – Scan Summary & Details38399920-19e1-4b6e-838d-64a6aaf6827f

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2023-42282 Npm-ip-1.1.5 Vulnerable Package
HIGH Cxab55612e-3a56 Npm-braces-3.0.2 Vulnerable Package
HIGH Cxab55612e-3a56 Npm-braces-2.3.2 Vulnerable Package
HIGH Cxca84a1c2-1f12 Npm-micromatch-3.1.10 Vulnerable Package
HIGH Cxca84a1c2-1f12 Npm-micromatch-4.0.4 Vulnerable Package
MEDIUM Unpinned Actions Full Length Commit SHA /mobb-checkmarx.yaml: 49 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...