Closed dependabot[bot] closed 2 months ago
Checkmarx One – Scan Summary & Details – 142bb8ad-26dd-478e-873f-7f13f972aec5
Policy Name | Rule(s) | Break Build |
---|---|---|
[SAST-ML0] Not allowed NEW Sast vulnerabilities | true |
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector | |
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector | |
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector |
Severity | Issue | Source File / Package |
---|---|---|
Unpinned Actions Full Length Commit SHA | /ci.yml: 40 | |
Unpinned Actions Full Length Commit SHA | /manual-tag.yml: 23 | |
Unpinned Actions Full Length Commit SHA | /release.yml: 42 | |
Unpinned Actions Full Length Commit SHA | /release.yml: 53 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 24 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 17 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 55 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 34 |
Bumps org.apache.commons:commons-lang3 from 3.14.0 to 3.16.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show