Closed tamarleviCm closed 3 months ago
Checkmarx One – Scan Summary & Details – e0e0b66e-61c4-4da7-8947-ed07534be14f
Policy Name | Rule(s) | Break Build |
---|---|---|
[SAST-ML0] Not allowed NEW Sast vulnerabilities | true |
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: [34](https://github.com/jenkinsci/checkmarx-ast-scanner-plugin/blob/trigger-release//src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java# L34) | Attack Vector | |
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: [34](https://github.com/jenkinsci/checkmarx-ast-scanner-plugin/blob/trigger-release//src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java# L34) | Attack Vector | |
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: [34](https://github.com/jenkinsci/checkmarx-ast-scanner-plugin/blob/trigger-release//src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java# L34) | Attack Vector | |
Unpinned Actions Full Length Commit SHA | /ast-scan.yml: [12](https://github.com/jenkinsci/checkmarx-ast-scanner-plugin/blob/trigger-release//.github/workflows/ast-scan.yml# L12) | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... | |
Unpinned Actions Full Length Commit SHA | /cd.yml: [53](https://github.com/jenkinsci/checkmarx-ast-scanner-plugin/blob/trigger-release//.github/workflows/cd.yml# L53) | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... | |
Unpinned Actions Full Length Commit SHA | /dependabot-auto-merge.yml: [23](https://github.com/jenkinsci/checkmarx-ast-scanner-plugin/blob/trigger-release//.github/workflows/dependabot-auto-merge.yml# L23) | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
change the year