pablosguajardo
commented
1 month ago Hello. My level of English is not good... I have a doubt that perhaps you can help me resolve. If the extension is run only through an Azure Devop agent, either on its own agent or in Azure, what would be the real risk of a vulnerability being exploited?
If you want, you can help. This is a public repository, you can help resolve reported issues. You would need to fork the repository, work on it in your personal workspace, and then submit a pull request to a new branch.
You can see the vulnerabilities found in the project readme: https://github.com/pablosguajardo/owasp-zap-scanner or in the following link: https://snyk.io/test/github/pablosguajardo/owasp-zap-scanner
We have done JFROG scan on this ZAP extension.
Scan result below.
JFROG scan result
. As per JFROG scan, it has 2 Critical and 2 High Vulnerabilities. Could this issue be resolved
https://marketplace.visualstudio.com/items?itemName=CSE-DevOps.zap-scanner