it-at-m / digiwf-core

central workflow automation and integration platform based on the free process framework Camunda.

MIT License

19 stars 7 forks source link

test dependency review #1838

Closed simonhir closed 4 months ago

simonhir commented 4 months ago

Description

Test for dependency review

Reference

Issues: #xxx

Screenshots (If UI changed)

Check-List

[ ] All Acceptance criteria of user story are met
[ ] Accessibility was considered and tested (On UI Change)
[ ] JUnit tests are written (60% CodeCov)
[ ] Internal Review is maintained
[ ] Documentations external and internal are completed
[ ] Smoketest successful (Manual E2E-Test depending on Change)
[ ] No waste on Branch left (e.g. console.logs)
[ ] Board is up-to-date
[ ] Internal Services / Artifacts updated (Depending on Change - See Dependency Graph
[ ] Openshift environments are prepared (Secrets, etc.) and release-issue is maintained

github-actions[bot] commented 4 months ago

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
❌ 1 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

digiwf-apps/package-lock.json

Package	Version	License	Issue Type
node-forge	1.3.1	BSD-3-Clause OR GPL-2.0 OR (BSD-3-Clause AND GPL-2.0)	Incompatible License

digiwf-apps/package.json

Package	Version	License	Issue Type
node-forge	^1.3.1	Null	Unknown License

Denied Licenses: GPL-1.0-or-later, LGPL-2.0-or-later, AGPL-1.0-or-later

Excluded from license check: pkg:npm/escape-string-regexp, pkg:npm/path-exists, pkg:npm/slash, pkg:npm/yocto-queue, pkg:npm/load-script, pkg:maven/com.puppycrawl.tools/checkstyle, pkg:maven/com.hazelcast/hazelcast-spring

OpenSSF Scorecard

Package

Version

Score

Details

1.3.1

:green_circle: 4.4

Details

Check	Score	Reason
Code-Review	:warning: 0	Found 1/24 approved changesets -- score normalized to 0
Maintained	:warning: 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 9	license file detected
Signed-Releases	:warning: -1	no releases found
Packaging	:warning: -1	packaging workflow not detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Security-Policy	:green_circle: 9	security policy file detected
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Fuzzing	:warning: 0	project is not fuzzed
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0

^1.3.1

:green_circle: 4.4

Details

Check	Score	Reason
Code-Review	:warning: 0	Found 1/24 approved changesets -- score normalized to 0
Maintained	:warning: 0	0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 9	license file detected
Signed-Releases	:warning: -1	no releases found
Packaging	:warning: -1	packaging workflow not detected
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Security-Policy	:green_circle: 9	security policy file detected
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	:warning: -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Vulnerabilities	:green_circle: 10	0 existing vulnerabilities detected
Fuzzing	:warning: 0	project is not fuzzed
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

digiwf-apps/package-lock.json

@vue/compiler-core@3.4.31
@vue/compiler-dom@3.4.31
@vue/compiler-sfc@2.7.16
@vue/compiler-sfc@3.4.31
@vue/compiler-ssr@3.4.31
@vue/shared@3.4.31
csstype@3.1.3
entities@4.5.0
magic-string@0.30.10
node-forge@1.3.1
prettier@2.8.8
vue@2.7.16

digiwf-apps/package.json

node-forge@^1.3.1

simonhir commented 4 months ago

Just for testing