Update main.yml by nishfath · Pull Request #12 · nishfath/shiftleft-java-demo

nishfath · 2022-01-20T20:23:53Z

No description provided.

github-actions · 2022-01-20T20:25:57Z

Summary

ShiftLeft NextGen Static Analysis detected 201 findings in this PR

Severity	Count
Critical	25
Moderate	15
Info	40

Additionally there are 4 secrets leaked, and 117 vulnerabilities
inherited from OSS components.

Get more information about this scan.

github-actions · 2022-01-20T20:29:26Z

Summary

ShiftLeft NextGen Static Analysis detected 207 findings in this PR

Severity	Count
Critical	12
Moderate	20
Info	18

Additionally there are 4 secrets leaked, and 153 vulnerabilities
inherited from OSS components.

Get more information about this scan.

github-actions · 2022-01-20T20:29:26Z

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking new findings between scans 33 and 34.

Results per rule:

report: pass (0 matched vulnerabilities; configured threshold is 0)

All rules passed.

github-actions · 2022-01-21T14:47:30Z

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking new findings between scans 35 and 36.

Results per rule:

report: pass (0 matched vulnerabilities; configured threshold is 0)

All rules passed.

github-actions · 2022-01-21T14:47:43Z

Summary

ShiftLeft NextGen Static Analysis detected 201 findings in this PR

Severity	Count
Critical	25
Moderate	15
Info	40

Additionally there are 4 secrets leaked, and 117 vulnerabilities
inherited from OSS components.

Get more information about this scan.

github-actions · 2022-01-21T14:58:27Z

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking new findings between scans 37 and 38.

Results per rule:

report: pass (0 matched vulnerabilities; configured threshold is 0)

All rules passed.

github-actions · 2022-01-21T14:58:50Z

Summary

ShiftLeft NextGen Static Analysis detected 201 findings in this PR

Severity	Count
Critical	25
Moderate	15
Info	40

Additionally there are 4 secrets leaked, and 117 vulnerabilities
inherited from OSS components.

Get more information about this scan.

github-actions · 2022-01-21T15:01:52Z

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking new findings between scans 39 and 40.

Results per rule:

report: pass (0 matched vulnerabilities; configured threshold is 0)

All rules passed.

github-actions · 2022-01-21T15:02:10Z

Summary

ShiftLeft NextGen Static Analysis detected 201 findings in this PR

Severity	Count
Critical	25
Moderate	15
Info	40

Additionally there are 4 secrets leaked, and 117 vulnerabilities
inherited from OSS components.

Get more information about this scan.

github-actions · 2022-01-21T15:02:23Z

Summary

ShiftLeft NextGen Static Analysis detected 136 findings in this PR

Severity	Count
Critical	0
Moderate	0
Info	18

Additionally there are 0 secrets leaked, and 118 vulnerabilities
inherited from OSS components.

Get more information about this scan.

github-actions · 2022-01-21T15:02:27Z

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking new findings between scans 41 and 42.

Results per rule:

report: pass (0 matched vulnerabilities; configured threshold is 0)

All rules passed.

github-actions · 2022-01-21T15:10:04Z

Summary

ShiftLeft NextGen Static Analysis detected 117 findings in this PR

Severity	Count
Critical	0
Moderate	0
Info	0

Additionally there are 0 secrets leaked, and 117 vulnerabilities
inherited from OSS components.

Get more information about this scan.

github-actions · 2022-01-21T15:10:12Z

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking new findings between scans 43 and 44.

Results per rule:

report: pass (0 matched vulnerabilities; configured threshold is 0)

All rules passed.

github-actions · 2022-01-21T16:00:11Z

Summary

ShiftLeft NextGen Static Analysis detected 117 findings in this PR

Severity	Count
Critical	0
Moderate	0
Info	0

Additionally there are 0 secrets leaked, and 117 vulnerabilities
inherited from OSS components.

Get more information about this scan.

github-actions · 2022-01-21T16:00:22Z

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking new findings between scans 45 and 46.

Results per rule:

report: FAIL (29 matched vulnerabilities; configured threshold is 0)

First 5 new findings:

ID	Severity	Title
75	moderate	XSS: Attacker controlled, sensitive data to DB via `firstName` in `CustomerController.debug`
90	moderate	XSS: Attacker controlled, sensitive data to DB via `tin` in `CustomerController.debug`
100	moderate	XSS: Attacker controlled, sensitive data to DB via `socialSecurityNum` in `CustomerController.debug`
105	moderate	XSS: Attacker controlled, sensitive data to DB via `ssn` in `CustomerController.debug`
110	moderate	XSS: Attacker controlled, sensitive data to DB via `lastName` in `CustomerController.debug`

Severity	Count
Critical	0
Moderate	9
Info	20

OWASP Category	Count
A3-Sensitive-Data-Exposure	21
A3-Cross-Site-Scripting	8

Category	Count
Sensitive Data Usage	20
XSS	8
Sensitive Data Leak	1

1 rule failed.

Update main.yml

e20c0a3

Update main.yml

a71c867

Create shiftleft.yml

19a1ff4

Update shiftleft.yml

f630993

nishfath added 2 commits January 21, 2022 09:59

Update shiftleft.yml

bc64100

Create shiftleft.yml

59bedc0

Update main.yml

848acce

Update shiftleft.yml

28e98b9

Comments

Conversation

nishfath commented Jan 20, 2022

Uh oh!

github-actions bot commented Jan 20, 2022

Summary

Uh oh!

github-actions bot commented Jan 20, 2022

Summary

Uh oh!

github-actions bot commented Jan 20, 2022

Checking analysis of application shiftleft-java-demo against 1 build rules.

Checking new findings between scans 33 and 34.

Uh oh!

github-actions bot commented Jan 21, 2022

Checking analysis of application shiftleft-java-demo against 1 build rules.

Checking new findings between scans 35 and 36.

Uh oh!

github-actions bot commented Jan 21, 2022

Summary

Uh oh!

github-actions bot commented Jan 21, 2022

Checking analysis of application shiftleft-java-demo against 1 build rules.

Checking new findings between scans 37 and 38.

Uh oh!

github-actions bot commented Jan 21, 2022

Summary

Uh oh!

github-actions bot commented Jan 21, 2022

Checking analysis of application shiftleft-java-demo against 1 build rules.

Checking new findings between scans 39 and 40.

Uh oh!

github-actions bot commented Jan 21, 2022

Summary

Uh oh!

github-actions bot commented Jan 21, 2022

Summary

Uh oh!

github-actions bot commented Jan 21, 2022

Checking analysis of application shiftleft-java-demo against 1 build rules.

Checking new findings between scans 41 and 42.

Uh oh!

github-actions bot commented Jan 21, 2022

Summary

Uh oh!

github-actions bot commented Jan 21, 2022

Checking analysis of application shiftleft-java-demo against 1 build rules.

Checking new findings between scans 43 and 44.

Uh oh!

github-actions bot commented Jan 21, 2022

Summary

Uh oh!

github-actions bot commented Jan 21, 2022

Checking analysis of application shiftleft-java-demo against 1 build rules.

Checking new findings between scans 45 and 46.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking analysis of application `shiftleft-java-demo` against 1 build rules.

Checking analysis of application `shiftleft-java-demo` against 1 build rules.