Skip to content

added initial veracode scan pipeline#66

Merged
steven-xu-lf merged 6 commits into2.xfrom
story/471069-add-veracode-scan-pipeline
Aug 2, 2023
Merged

added initial veracode scan pipeline#66
steven-xu-lf merged 6 commits into2.xfrom
story/471069-add-veracode-scan-pipeline

Conversation

@steven-xu-lf
Copy link
Copy Markdown
Contributor

@steven-xu-lf steven-xu-lf commented Jul 19, 2023
edited
Loading

Note: already manually ran/tested the veracode scan pipeline

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jul 19, 2023
edited
Loading

unit-test-results

44 tests  ±0   43 ✔️ ±0   2s ⏱️ ±0s
  8 suites ±0     1 💤 ±0 
  8 files   ±0     0 ±0 

Results for commit 410d0bf. ± Comparison against base commit 63b625f.

♻️ This comment has been updated with latest results.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jul 19, 2023
edited
Loading

integration-test-results-cloud

14 tests  ±0   14 ✔️ ±0   6s ⏱️ -2s
  2 suites ±0     0 💤 ±0 
  2 files   ±0     0 ±0 

Results for commit 410d0bf. ± Comparison against base commit 63b625f.

♻️ This comment has been updated with latest results.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jul 19, 2023
edited
Loading

integration-test-results-self-hosted

6 tests  ±0   6 ✔️ ±0   6s ⏱️ +3s
1 suites ±0   0 💤 ±0 
1 files   ±0   0 ±0 

Results for commit 410d0bf. ± Comparison against base commit 63b625f.

♻️ This comment has been updated with latest results.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jul 19, 2023



Veraocde SCA Scan failed with exit code 0

Veracode SCA Scan details

Veracode SCA agent scanning engine ready Searching for supported projects (this may take a minute)... [Maven]        Scanning /home/runner/work/lf-api-client-core-java/lf-api-client-core-java [Jar]         Scanning /home/runner/work/lf-api-client-core-java/lf-api-client-core-java Processing results... Processing results complete

Summary Report
Scan ID                                        1b6923fc-2b4f-4204-accf-0c1319d88ac7
Scan Date & Time                             Jul 19 2023 03:11PM UTC
Account type                                 ENTERPRISE
Scan engine                                    3.8.35 (latest 3.8.35)
Analysis time                                 9 seconds
User                                         runner
Project                                        /home/runner/work/lf-api-client-core-java/lf-api-client-core-java
Package Manager(s)                             Maven, Jar

Open-Source Libraries
Total Libraries                                22
Direct Libraries                             10
Transitive Libraries                         12
Vulnerable Libraries                         0

Security
With Vulnerable Methods                        0
Critical Risk Vulnerabilities                 0
High Risk Vulnerabilities                     0
Medium Risk Vulnerabilities                    0
Low Risk Vulnerabilities                     0

Licenses
Unique Library Licenses                        3
Libraries Using GPL                            0
Libraries With High Risk License             0
Libraries With Medium Risk License             0
Libraries With Low Risk License                22
Libraries With Multiple Licenses             0
Libraries With Unassessable License            0
Libraries With Unrecognizable License         0

Issues
Issue ID     Issue Type         Severity    Description                         Library Name & Version In Use
197662266    Outdated Library    3.0         Latest version at scan: 2.15.2        Jackson-annotations 2.14.0
197662267    Outdated Library    3.0         Latest version at scan: 2.15.2        Jackson-core 2.14.0
197662268    Outdated Library    3.0         Latest version at scan: 2.15.2        jackson-databind 2.14.0
197662269    Outdated Library    3.0         Latest version at scan: 2.13.0-rc2    Jackson-Datatype-ThreeTenBackport 2.6.4
197662270    Outdated Library    3.0         Latest version at scan: 4.0.0-RC2     unirest-java 3.13.10
197662271    Outdated Library    3.0         Latest version at scan: 4.0.1         unirest-objectmapper-jackson 3.13.10
197662272    Outdated Library    3.0         Latest version at scan: 9.31         Nimbus JOSE+JWT 9.22
197662273    Outdated Library    3.0         Latest version at scan: 3.0.0         dotenv-java 2.2.3
197662274    Outdated Library    3.0         Latest version at scan: 5.4.0         mockito-core 4.6.1

Full Report Details                            https://sca.analysiscenter.veracode.com/teams/700tzxWR/scans/52641737

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jul 19, 2023



Veraocde SCA Scan failed with exit code 0

Veracode SCA Scan details

Veracode SCA agent scanning engine ready Searching for supported projects (this may take a minute)... [Maven]        Scanning /home/runner/work/lf-api-client-core-java/lf-api-client-core-java [Jar]         Scanning /home/runner/work/lf-api-client-core-java/lf-api-client-core-java Processing results... Processing results complete

Summary Report
Scan ID                                        2958a409-bc66-4297-85f8-3a9e143e5727
Scan Date & Time                             Jul 19 2023 09:59PM UTC
Account type                                 ENTERPRISE
Scan engine                                    3.8.35 (latest 3.8.35)
Analysis time                                 26 seconds
User                                         runner
Project                                        /home/runner/work/lf-api-client-core-java/lf-api-client-core-java
Package Manager(s)                             Maven, Jar

Open-Source Libraries
Total Libraries                                22
Direct Libraries                             10
Transitive Libraries                         12
Vulnerable Libraries                         0

Security
With Vulnerable Methods                        0
Critical Risk Vulnerabilities                 0
High Risk Vulnerabilities                     0
Medium Risk Vulnerabilities                    0
Low Risk Vulnerabilities                     0

Licenses
Unique Library Licenses                        3
Libraries Using GPL                            0
Libraries With High Risk License             0
Libraries With Medium Risk License             0
Libraries With Low Risk License                22
Libraries With Multiple Licenses             0
Libraries With Unassessable License            0
Libraries With Unrecognizable License         0

Issues
Issue ID     Issue Type         Severity    Description                         Library Name & Version In Use
197662266    Outdated Library    3.0         Latest version at scan: 2.15.2        Jackson-annotations 2.14.0
197662267    Outdated Library    3.0         Latest version at scan: 2.15.2        Jackson-core 2.14.0
197662268    Outdated Library    3.0         Latest version at scan: 2.15.2        jackson-databind 2.14.0
197662269    Outdated Library    3.0         Latest version at scan: 2.13.0-rc2    Jackson-Datatype-ThreeTenBackport 2.6.4
197662270    Outdated Library    3.0         Latest version at scan: 4.0.0-RC2     unirest-java 3.13.10
197662271    Outdated Library    3.0         Latest version at scan: 4.0.1         unirest-objectmapper-jackson 3.13.10
197662272    Outdated Library    3.0         Latest version at scan: 9.31         Nimbus JOSE+JWT 9.22
197662273    Outdated Library    3.0         Latest version at scan: 3.0.0         dotenv-java 2.2.3
197662274    Outdated Library    3.0         Latest version at scan: 5.4.0         mockito-core 4.6.1

Full Report Details                            https://sca.analysiscenter.veracode.com/teams/700tzxWR/scans/52658580

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jul 19, 2023



Veraocde SCA Scan failed with exit code 0

Veracode SCA Scan details

Veracode SCA agent scanning engine ready Searching for supported projects (this may take a minute)... [Maven]        Scanning /home/runner/work/lf-api-client-core-java/lf-api-client-core-java [Jar]         Scanning /home/runner/work/lf-api-client-core-java/lf-api-client-core-java Processing results... Processing results complete

Summary Report
Scan ID                                        8e07ef43-797e-4011-b53b-a7beeb3dc62e
Scan Date & Time                             Jul 19 2023 10:13PM UTC
Account type                                 ENTERPRISE
Scan engine                                    3.8.35 (latest 3.8.35)
Analysis time                                 12 seconds
User                                         runner
Project                                        /home/runner/work/lf-api-client-core-java/lf-api-client-core-java
Package Manager(s)                             Maven, Jar

Open-Source Libraries
Total Libraries                                22
Direct Libraries                             10
Transitive Libraries                         12
Vulnerable Libraries                         0

Security
With Vulnerable Methods                        0
Critical Risk Vulnerabilities                 0
High Risk Vulnerabilities                     0
Medium Risk Vulnerabilities                    0
Low Risk Vulnerabilities                     0

Licenses
Unique Library Licenses                        3
Libraries Using GPL                            0
Libraries With High Risk License             0
Libraries With Medium Risk License             0
Libraries With Low Risk License                22
Libraries With Multiple Licenses             0
Libraries With Unassessable License            0
Libraries With Unrecognizable License         0

Issues
Issue ID     Issue Type         Severity    Description                         Library Name & Version In Use
197662266    Outdated Library    3.0         Latest version at scan: 2.15.2        Jackson-annotations 2.14.0
197662267    Outdated Library    3.0         Latest version at scan: 2.15.2        Jackson-core 2.14.0
197662268    Outdated Library    3.0         Latest version at scan: 2.15.2        jackson-databind 2.14.0
197662269    Outdated Library    3.0         Latest version at scan: 2.13.0-rc2    Jackson-Datatype-ThreeTenBackport 2.6.4
197662270    Outdated Library    3.0         Latest version at scan: 4.0.0-RC2     unirest-java 3.13.10
197662271    Outdated Library    3.0         Latest version at scan: 4.0.1         unirest-objectmapper-jackson 3.13.10
197662272    Outdated Library    3.0         Latest version at scan: 9.31         Nimbus JOSE+JWT 9.22
197662273    Outdated Library    3.0         Latest version at scan: 3.0.0         dotenv-java 2.2.3
197662274    Outdated Library    3.0         Latest version at scan: 5.4.0         mockito-core 4.6.1

Full Report Details                            https://sca.analysiscenter.veracode.com/teams/700tzxWR/scans/52659236

@steven-xu-lf steven-xu-lf merged commit 2f2dfd3 into 2.x Aug 2, 2023
@steven-xu-lf steven-xu-lf deleted the story/471069-add-veracode-scan-pipeline branch August 2, 2023 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lf-dfc lf-dfc lf-dfc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@steven-xu-lf @lf-dfc