SUP-1602 Snyk task API migration from deprecated version to REST API version #874
nativeruby.yml
on: pull_request
Native-Ruby-Test
33s
Annotations
5 errors and 5 warnings
Native-Ruby-Test:
spec/tasks/connectors/snyk_v2/snyk_v2_task_spec.rb#L45
Kenna::Toolkit::SnykV2Task#run vulnerability creates normalized (non-duplicative) vuln_defs
Failure/Error:
expect(task.vuln_defs).to include(
{
"cve_identifiers" => "CVE-2015-7501,CVE-2015-4852",
"description" => "Deserialization of Untrusted Data",
"name" => "CVE-2015-7501",
"scanner_identifier" => "SNYK-JAVA-COMMONSCOLLECTIONS-30078",
"scanner_type" => "Snyk"
}
)
expected nil to include {"cve_identifiers" => "CVE-2015-7501,CVE-2015-4852", "description" => "Deserialization of Untrusted Data", "name" => "CVE-2015-7501", "scanner_identifier" => "SNYK-JAVA-COMMONSCOLLECTIONS-30078", "scanner_type" => "Snyk"}, but it does not respond to `include?`
|
Native-Ruby-Test:
spec/tasks/connectors/snyk_v2/snyk_v2_task_spec.rb#L57
Kenna::Toolkit::SnykV2Task#run vulnerability creates normalized (non-duplicative) vulns on assets
Failure/Error:
expect(task.assets).to include(
{
"file" => "pom.xml",
"application" => "JoyChou93/java-sec-code:pom.xml",
"tags" => ["github", "maven", "Org:Kenna Security NFR - Shared"],
"vulns" => [
{
"created_at" => "2023-04-26",
"details" => be_kind_of(String),
"last_seen_at" => be_kind_of(String),
expected nil to include {"file" => "pom.xml", "application" => "JoyChou93/java-sec-code:pom.xml", "tags" => ["github", "maven", "Org:Kenna Security NFR - Shared"], "vulns" => [{"created_at" => "2023-04-26", "details" => (be a kind of String), "last_seen_at" => (be a kind of String), "scanner_identifier" => "SNYK-JAVA-COMMONSCOLLECTIONS-30078", "scanner_score" => 9, "scanner_type" => "Snyk", "status" => "open", "vuln_def_name" => "CVE-2015-7501"}]}, but it does not respond to `include?`
|
Native-Ruby-Test:
spec/tasks/connectors/snyk_v2/snyk_v2_task_spec.rb#L83
Kenna::Toolkit::SnykV2Task#run finding that has multiple CVEs creates duplicate vuln_defs
Failure/Error:
expect(task.vuln_defs).to include(
{
"cve_identifiers" => "CVE-2015-7501",
"description" => "Deserialization of Untrusted Data",
"name" => "SNYK-JAVA-COMMONSCOLLECTIONS-30078-CVE-2015-7501",
"scanner_identifier" => "SNYK-JAVA-COMMONSCOLLECTIONS-30078-CVE-2015-7501",
"scanner_type" => "Snyk"
},
{
"cve_identifiers" => "CVE-2015-4852",
expected nil to include {"cve_identifiers" => "CVE-2015-4852", "description" => "Deserialization of Untrusted Data", "name" => "SNYK-JAVA-COMMONSCOLLECTIONS-30078-CVE-2015-4852", "scanner_identifier" => "SNYK-JAVA-COMMONSCOLLECTIONS-30078-CVE-2015-4852", "scanner_type" => "Snyk"}, but it does not respond to `include?`
|
Native-Ruby-Test:
spec/tasks/connectors/snyk_v2/snyk_v2_task_spec.rb#L102
Kenna::Toolkit::SnykV2Task#run finding that has multiple CVEs creates assets with duplicate findings
Failure/Error:
expect(task.assets).to include(
hash_including("file" => "pom.xml",
"application" => "JoyChou93/java-sec-code:pom.xml",
"tags" => ["github", "maven", "Org:Kenna Security NFR - Shared"],
"findings" => [
asset_finding_for_cve("CVE-2015-7501"), asset_finding_for_cve("CVE-2015-4852")
])
)
expected nil to include hash_including("file" => "pom.xml", "application" => "JoyChou93/java-sec-code:pom.xml", "tags" => ["github"...852"], "CWE" => ["CWE-502"]}, "publicationTime" => "2015-11-06T16:51:56.000Z"}, "triage_state" => "new"}]), but it does not respond to `include?`
|
Native-Ruby-Test
Process completed with exit code 1.
|
Native-Ruby-Test
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
Native-Ruby-Test:
spec/tasks/connectors/digital_footprint/compare_output_spec.rb#L10
compare output bitsight output is the same output
Skipped: Temporarily skipped with xdescribe
|
Native-Ruby-Test:
spec/tasks/connectors/digital_footprint/compare_output_spec.rb#L23
compare output expanse output is the same output
Skipped: Temporarily skipped with xdescribe
|
Native-Ruby-Test:
spec/tasks/connectors/digital_footprint/compare_output_spec.rb#L39
compare output riskiq output is the same output
Skipped: Temporarily skipped with xdescribe
|
Native-Ruby-Test:
spec/tasks/connectors/digital_footprint/compare_output_spec.rb#L52
compare output security scorecard output is the same output
Skipped: Temporarily skipped with xdescribe
|