Skip to content

Java Wrapper | Fix SAST & IAC Vul + ThresholdAST-47965) #350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 1, 2024
Merged

Java Wrapper | Fix SAST & IAC Vul + ThresholdAST-47965) #350

merged 5 commits into from
Aug 1, 2024

Conversation

@cx-itay-paz
Copy link
Collaborator

@cx-itay-paz cx-itay-paz commented Jul 31, 2024
edited
Loading

No description provided.

@cx-ben-alvo
Copy link
Collaborator

cx-ben-alvo commented Jul 31, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsb62c7638-9e6f-4189-a007-1473fc8257f2

Fixed Issues

Severity Issue Source File / Package
HIGH Passwords And Secrets - Generic Password /ci.yml: 40
HIGH Passwords And Secrets - Generic Password /release.yml: 77
MEDIUM APT-GET Missing '-y' To Avoid Manual Input /Dockerfile: 5
MEDIUM Unpinned Actions Full Length Commit SHA /pr-label.yml: 15
MEDIUM Unpinned Actions Full Length Commit SHA /nightly.yml: 13
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 14
MEDIUM Unpinned Actions Full Length Commit SHA /ci.yml: 79
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 100
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 23
MEDIUM Unpinned Actions Full Length Commit SHA /update-cli.yml: 61
LOW Healthcheck Instruction Missing /Dockerfile: 1

@cx-itay-paz cx-itay-paz changed the title first attempt fix vul ci.yml (AST-47965) Java Wrapper | Fix SAST & IAC Vul + ThresholdAST-47965) Aug 1, 2024
cx-tamar-levi
cx-tamar-levi reviewed Aug 1, 2024
View reviewed changes
.github/workflows/ci.yml
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
server-password: ${{ secrets.OSSRH_TOKEN }}
Copy link
Collaborator

@cx-tamar-levi cx-tamar-levi Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have this secret?

.github/workflows/ci.yml Outdated
- name: Run SpotBugs Analysis
if: ${{ github.actor != 'dependabot[bot]' }}
uses: jwgmeligmeyling/spotbugs-github-action@master
uses: jwgmeligmeyling/spotbugs-github-action@b8e2c3523acb34c87f14e18cbcd2d87db8c8584e #master
Copy link
Collaborator

@cx-tamar-levi cx-tamar-levi Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of master put the current tag version

.github/workflows/release.yml
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
server-password: ${{ secrets.OSSRH_TOKEN }}
Copy link
Collaborator

@cx-tamar-levi cx-tamar-levi Aug 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

again - do we have this secret?

@cx-itay-paz cx-itay-paz merged commit d46f079 into main Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cx-tamar-levi cx-tamar-levi cx-tamar-levi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cx-itay-paz @cx-ben-alvo @cx-tamar-levi