search

turkdevops / sourcegraph

Universal code search (self-hosted)
https://sourcegraph.com
Other
1 stars 0 forks source link

Configure WhiteSource Bolt for GitHub #117

Closed mend-bolt-for-github[bot] closed 3 years ago

mend-bolt-for-github[bot] commented 3 years ago

Welcome to WhiteSource Bolt for GitHub! This is an onboarding PR to help you understand and configure settings before WhiteSource starts scanning your repository for security vulnerabilities.

:vertical_traffic_light: WhiteSource Bolt for GitHub will start scanning your repository only once you merge this Pull Request. To disable WhiteSource Bolt for GitHub, simply close this Pull Request.

What to Expect

This PR contains a '.whitesource' configuration file which can be customized to your needs. If no changes were applied to this file, WhiteSource Bolt for GitHub will use the default configuration.

Before merging this PR, Make sure the Issues tab is enabled. Once you merge this PR, WhiteSource Bolt for GitHub will scan your repository and create a GitHub Issue for every vulnerability detected in your repository.

If you do not want a GitHub Issue to be created for each detected vulnerability, you can edit the '.whitesource' file and set the 'minSeverityLevel' parameter to 'NONE'.

:question: Got questions? Check out WhiteSource Bolt for GitHub docs. If you need any further assistance then you can also request help here.

guardrails[bot] commented 3 years ago

:warning: We detected security issues in this pull request: Mode: paranoid | Total findings: 99 | Considered vulnerability: 0

Hard-Coded Secrets (58) https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/browser/src/extension/manifest.spec.json#L68 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/frontend/graphqlbackend/repository_comparison.go#L21 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/frontend/graphqlbackend/repository_test.go#L16 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/frontend/graphqlbackend/saved_queries.go#L307 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/frontend/internal/pkg/handlerutil/middleware.go#L14 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/searcher/protocol/searcher.go#L20 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/searcher/search/matcher_test.go#L163 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/searcher/search/matcher_test.go#L225 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/searcher/search/zipcache_test.go#L24 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/symbols/internal/symbols/search_test.go#L30 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/symbols/internal/symbols/search_test.go#L31 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/dev/auth-provider/config/client-saml-2.json#L19 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/dev/auth-provider/config/client-saml-2.json#L25 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/dev/auth-provider/config/client-saml.json#L19 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/dev/auth-provider/config/client-saml.json#L25 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/dev/ci/gen-pipeline.go#L40 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/util/url.test.ts#L169 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/util/url.ts#L13 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/web/src/repo/commit/RepositoryCommitPage.tsx#L275 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/web/src/search/input/CodeIntellifyBlob.tsx#L83 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/web/src/util/url.test.ts#L102 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/schema/critical.schema.json#L233 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/schema/critical.schema.json#L236 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/schema/critical_stringdata.go#L238 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/schema/critical_stringdata.go#L241 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/doc/admin/site_config/all.md#L1174 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/doc/admin/site_config/all.md#L1178 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/pkg/license/license_test.go#L32 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/cmd/frontend/auth/saml/middleware_test.go#L53 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/cmd/frontend/auth/saml/middleware_test.go#L108 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/vfsutil/github_archive_test.go#L19 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/conf/reposource/gitlab_test.go#L21 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/conf/reposource/gitlab_test.go#L25 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/conf/reposource/gitlab_test.go#L35 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/conf/reposource/gitlab_test.go#L39 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/conf/reposource/github_test.go#L23 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/conf/reposource/github_test.go#L27 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/conf/reposource/github_test.go#L37 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/pkg/conf/reposource/github_test.go#L41 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/doc/admin/repo/auth.md#L18 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/other_external_services_test.go#L23 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/test-fixtures/bitbucketserver-repos-simple.golden#L8 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/test-fixtures/bitbucketserver-repos-simple.golden#L28 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/test-fixtures/bitbucketserver-repos-simple.golden#L48 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/test-fixtures/bitbucketserver-repos-simple.golden#L68 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/test-fixtures/bitbucketserver-repos-path-pattern.golden#L8 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/test-fixtures/bitbucketserver-repos-path-pattern.golden#L28 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/test-fixtures/bitbucketserver-repos-path-pattern.golden#L48 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/repo-updater/repos/test-fixtures/bitbucketserver-repos-path-pattern.golden#L68 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/gitserver/server/server_test.go#L278 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/gitserver/server/server_test.go#L279 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/gitserver/server/server_test.go#L280 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/cmd/frontend/internal/session/session_test.go#L256 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/schema/site.schema.json#L427 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/schema/site.schema.json#L625 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/schema/site.schema.json#L658 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/dev/auth-provider/config/client-openid.json#L6 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/enterprise/dev/auth-provider/config/client-openid-2.json#L6 More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr) and [Javascript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/hard-coded_secrets.html?utm_source=ghpr). ---
Insecure Use of Regular Expressions (9) https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/contrib/GH2SG.bookmarklet.js#L39 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/contrib/GH2SG.bookmarklet.js#L50 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/browser/src/libs/github/dom_functions.ts#L169 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/browser/src/libs/gitlab/scrape.ts#L72 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/dev/tslint/banImportsRule.ts#L60 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/util/linkClickHandler.ts#L24 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/util/strings.ts#L19 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/util/url.ts#L317 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/util/url.ts#L333 More info on how to fix Insecure Use of Regular Expressions in [Javascript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_regular_expressions.html?utm_source=ghpr) and [Typescript](https://docs.guardrails.io/docs/en/vulnerabilities/typescript/insecure_use_of_regular_expressions.html?utm_source=ghpr). ---
Insecure File Management (5) https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/browser/scripts/build-updates-manifest.ts#L11 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/browser/scripts/build-updates-manifest.ts#L32 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/browser/scripts/tasks.ts#L72 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/browser/scripts/tasks.ts#L102 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/draftV7Resolver.ts#L10 More info on how to fix Insecure File Management in [Typescript](https://docs.guardrails.io/docs/en/vulnerabilities/typescript/Insecure_file_management.html?utm_source=ghpr). ---
Insecure Use of Crypto (27) https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/client/browser/src/e2e/chrome.e2e.test.ts#L16 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/lexer.ts#L177 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/lexer.ts#L205 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/lexer.ts#L210 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/lexer.ts#L215 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/lexer.ts#L220 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/lexer.ts#L225 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L27 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L90 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L99 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L113 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L119 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L126 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L149 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L153 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L163 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L169 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L170 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L171 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L193 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L211 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L231 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L275 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/api/client/context/expr/parser.ts#L286 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/shared/src/util/url.ts#L280 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/web/src/enterprise/site-admin/sidebaritems.ts#L47 https://github.com/turkdevops/sourcegraph/blob/dcff96596621593c2dffac6cf217eea547a14351/web/src/user/account/sidebaritems.ts#L24 More info on how to fix Insecure Use of Crypto in [Typescript](https://docs.guardrails.io/docs/en/vulnerabilities/typescript/insecure_use_of_crypto.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.