Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP - AWS ECR scans #84

Closed
wants to merge 4 commits into from
Closed

WIP - AWS ECR scans #84

wants to merge 4 commits into from

Conversation

JoseAngel1196
Copy link
Contributor

Fixes #51

@phylum-io
Copy link

phylum-io bot commented Oct 4, 2023

Phylum OSS Supply Chain Risk Analysis - INCOMPLETE WITH FAILURE

The analysis contains 1 package(s) Phylum has not yet processed,
preventing a complete risk analysis. Phylum is processing these
packages currently and should complete soon.
Please wait for up to 30 minutes, then re-run the analysis.

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: golang.org/x/net@v0.1.0 failed.

golang.org/x/net@v0.1.0 is vulnerable to Uncontrolled Resource Consumption

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/http2 Denial of Service vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/http vulnerable to ping floods

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/http vulnerable to a reset flood

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html NULL Pointer Dereference vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html Improper Validation of Array Index vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html Infinite Loop vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/http2/h2c vulnerable to request smuggling attack

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html NULL Pointer Dereference vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to x/net/html Vulnerable to DoS During HTML Parsing

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

View this project in the Phylum UI

@codecov
Copy link

codecov bot commented Oct 4, 2023
edited
Loading

Codecov Report

Merging #84 (a7323f8) into main (205b72b) will decrease coverage by 12.78%.
Report is 1 commits behind head on main.
The diff coverage is 0.00%.

@@             Coverage Diff             @@
##             main      #84       +/-   ##
===========================================
- Coverage   75.41%   62.64%   -12.78%     
===========================================
  Files          15       16        +1     
  Lines         716      862      +146     
===========================================
  Hits          540      540               
- Misses        168      314      +146     
  Partials        8        8
Flag Coverage Δ
unittests 62.64% <0.00%> (-12.78%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
config/config.go 77.14% <ø> (ø)
internal/datasources.go 0.00% <0.00%> (ø)
querying/aws.go 0.00% <0.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@phylum-io
Copy link

phylum-io bot commented Oct 4, 2023

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: golang.org/x/net@v0.1.0 failed.

golang.org/x/net@v0.1.0 is vulnerable to Uncontrolled Resource Consumption

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/http2 Denial of Service vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/http vulnerable to ping floods

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/http vulnerable to a reset flood

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html NULL Pointer Dereference vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html Improper Validation of Array Index vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html Infinite Loop vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/http2/h2c vulnerable to request smuggling attack

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to golang.org/x/net/html NULL Pointer Dereference vulnerability

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

golang.org/x/net@v0.1.0 is vulnerable to x/net/html Vulnerable to DoS During HTML Parsing

Risk Domain: Software Vulnerability
Risk Level: high

Reason: risk level cannot exceed medium

View this project in the Phylum UI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

New data source: AWS ECR scans
1 participant
@JoseAngel1196