ACS-7776 Upgrade 3rd Party Components (#954) #852
pzhylandci.yml
on: push
Matrix: all_tests_matrix
Veracode - Source Clear Scan (SCA)
1m 48s
Core & Base Snapshot deployment
2m 23s
Pipeline SAST Scan
12m 26s
Release
0s
Annotations
1 error and 10 warnings
|
Pipeline SAST Scan
[08 May 2024 17:58:39,0545] PIPELINE-SCAN INFO: Pipeline Scan Tool Version 24.4.0-0.
[08 May 2024 17:58:39,0557] PIPELINE-SCAN INFO: Loading policy file Alfresco_Default.json
[08 May 2024 17:58:39,0560] PIPELINE-SCAN INFO: Successfully retrieved the policy
[08 May 2024 17:58:39,0560] PIPELINE-SCAN INFO: Policy name: Alfresco Default
[08 May 2024 17:58:39,0560] PIPELINE-SCAN INFO: CWE filter:
[08 May 2024 17:58:39,0560] PIPELINE-SCAN INFO: Severity filter: 3, 4, 5,
[08 May 2024 17:58:39,0561] PIPELINE-SCAN INFO: Beginning scanning of 'to-scan.zip'.
[08 May 2024 17:58:39,0561] PIPELINE-SCAN INFO: Sending 84228255 bytes to the server for analysis.
[08 May 2024 17:59:12,0987] PIPELINE-SCAN INFO: Upload complete.
[08 May 2024 17:59:12,0987] PIPELINE-SCAN INFO: Scan ID: 083a0219-276b-4adc-a3dc-08a8fe114f77
[08 May 2024 17:59:13,0313] PIPELINE-SCAN INFO: Analysis Started.
===========================
Found 5 Scannable modules.
===========================
JS files within alfresco-transform-core-aio-5.1.2-A1-SNAPSHOT-javadoc.jar
JS files within jwarc-0.29.0.jar
engines/aio/target/alfresco-transform-core-aio-5.1.2-A1-SNAPSHOT.jar
JS files within alfresco-base-t-engine-5.1.2-A1-SNAPSHOT-javadoc.jar
JS files within alfresco-transform-model-5.1.2-A1-SNAPSHOT-javadoc.jar
[08 May 2024 18:09:06,0826] PIPELINE-SCAN INFO: Analysis Complete.
[08 May 2024 18:09:06,0827] PIPELINE-SCAN INFO: Analysis Results: Received 120871 bytes in 627266ms.
[08 May 2024 18:09:06,0838] PIPELINE-SCAN INFO: Writing Raw JSON Results to file '/home/runner/work/alfresco-transform-core/alfresco-transform-core/results.json'.
[08 May 2024 18:09:06,0850] PIPELINE-SCAN INFO: Writing Filtered JSON Results to file '/home/runner/work/alfresco-transform-core/alfresco-transform-core/filtered_results.json'.
Scan Summary:
PIPELINE_SCAN_VERSION: 24.4.0-0
DEV-STAGE: DEVELOPMENT
PROJECT-NAME: alfresco-transform-core
SCAN_ID: 083a0219-276b-4adc-a3dc-08a8fe114f77
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 119145 bytes
====================
Analysis Successful.
====================
==========================
Found 5 Scannable modules.
==========================
JS files within alfresco-transform-core-aio-5.1.2-A1-SNAPSHOT-javadoc.jar
JS files within jwarc-0.29.0.jar
engines/aio/target/alfresco-transform-core-aio-5.1.2-A1-SNAPSHOT.jar
JS files within alfresco-base-t-engine-5.1.2-A1-SNAPSHOT-javadoc.jar
JS files within alfresco-transform-model-5.1.2-A1-SNAPSHOT-javadoc.jar
===================
Analyzed 5 modules.
===================
JS files within alfresco-transform-core-aio-5.1.2-A1-SNAPSHOT-javadoc.jar
JS files within jwarc-0.29.0.jar
engines/aio/target/alfresco-transform-core-aio-5.1.2-A1-SNAPSHOT.jar
JS files within alfresco-base-t-engine-5.1.2-A1-SNAPSHOT-javadoc.jar
JS files within alfresco-transform-model-5.1.2-A1-SNAPSHOT-javadoc.jar
===================
Analyzed 60 issues.
===================
-----------------------------------
Found 40 issues of Medium severity.
-----------------------------------
CWE-327: Use of a Broken or Risky Cryptographic Algorithm: aj/org/objectweb/asm/commons/SerialVersionUIDAdder.java:426
Details: <span>This function uses the SHA() function, which uses a hash algorithm that is considered weak. In recent years, researchers have demonstrated ways to breach many uses of previously-thought-safe hash functions such as MD5. </span> <span>Consider using a stronger algorithm in order to prevent attackers from being able to manipulate hash results. If this algorithm is being used to hash passwords, then consider using a strong computationally-hard algorithm such as PBKDF2 or bcrypt instead of a plain hashing algorithm.</span> <span>References: <a href="https://cwe.mitre.org/data/definitions/327.html">CWE</a></span>
https://downloads.veracode.com/securityscan/cwe/v4/java/327.html
CWE-327: Use of a Broken or Risky Cryptographic Algorithm: org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java:1
Details: <span>This cryptograph
|
|
Veracode - Source Clear Scan (SCA)
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
Core & Base Snapshot deployment
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
Transform Misc
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
PDF Renderer
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
ImageMagick
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
LibreOffice
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
Tika
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
Pipeline SAST Scan
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected], veracode/[email protected], actions/upload-artifact@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
All in One Transformer
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
Deprecation notice: v1, v2, and v3 of the artifact actions
The following artifacts were uploaded using a version of actions/upload-artifact that is scheduled for deprecation: "Veracode Pipeline-Scan Results", "Veracode Pipeline-Scan Results (Human Readable)".
Please update your workflow to use v4 of the artifact actions.
Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
|
Artifacts
Produced during runtime
| Name | Size | |
|---|---|---|
|
Veracode Pipeline-Scan Results
Expired
|
135 KB |
|
|
Veracode Pipeline-Scan Results (Human Readable)
Expired
|
2.01 KB |
|