[13 May 2024 05:07:35,0315] PIPELINE-SCAN INFO: Pipeline Scan Tool Version 24.5.0-0. [13 May 2024 05:07:35,0326] PIPELINE-SCAN INFO: Loading policy file Alfresco_Default.json [13 May 2024 05:07:35,0328] PIPELINE-SCAN INFO: Successfully retrieved the policy [13 May 2024 05:07:35,0328] PIPELINE-SCAN INFO: Policy name: Alfresco Default [13 May 2024 05:07:35,0328] PIPELINE-SCAN INFO: CWE filter: [13 May 2024 05:07:35,0328] PIPELINE-SCAN INFO: Severity filter: 3, 4, 5, [13 May 2024 05:07:35,0329] PIPELINE-SCAN INFO: Beginning scanning of 'to-scan.zip'. [13 May 2024 05:07:35,0329] PIPELINE-SCAN INFO: Sending 84228626 bytes to the server for analysis. [13 May 2024 05:08:00,0366] PIPELINE-SCAN INFO: Upload complete. [13 May 2024 05:08:00,0367] PIPELINE-SCAN INFO: Scan ID: b6dbafc5-04ea-4e62-9b0c-ce90ce137109 [13 May 2024 05:08:00,0585] PIPELINE-SCAN INFO: Analysis Started. =========================== Found 5 Scannable modules. =========================== JS files within alfresco-transform-core-aio-5.1.2-A2-SNAPSHOT-javadoc.jar JS files within jwarc-0.29.0.jar engines/aio/target/alfresco-transform-core-aio-5.1.2-A2-SNAPSHOT.jar JS files within alfresco-base-t-engine-5.1.2-A2-SNAPSHOT-javadoc.jar JS files within alfresco-transform-model-5.1.2-A2-SNAPSHOT-javadoc.jar [13 May 2024 05:16:47,0360] PIPELINE-SCAN INFO: Analysis Complete. [13 May 2024 05:16:47,0362] PIPELINE-SCAN INFO: Analysis Results: Received 120871 bytes in 552033ms. [13 May 2024 05:16:47,0375] PIPELINE-SCAN INFO: Writing Raw JSON Results to file '/home/runner/work/alfresco-transform-core/alfresco-transform-core/results.json'. [13 May 2024 05:16:47,0385] PIPELINE-SCAN INFO: Writing Filtered JSON Results to file '/home/runner/work/alfresco-transform-core/alfresco-transform-core/filtered_results.json'. Scan Summary: PIPELINE_SCAN_VERSION: 24.5.0-0 DEV-STAGE: DEVELOPMENT PROJECT-NAME: alfresco-transform-core SCAN_ID: b6dbafc5-04ea-4e62-9b0c-ce90ce137109 SCAN_STATUS: SUCCESS SCAN_MESSAGE: Scan successful. Results size: 119145 bytes ==================== Analysis Successful. ==================== ========================== Found 5 Scannable modules. ========================== JS files within alfresco-transform-core-aio-5.1.2-A2-SNAPSHOT-javadoc.jar JS files within jwarc-0.29.0.jar engines/aio/target/alfresco-transform-core-aio-5.1.2-A2-SNAPSHOT.jar JS files within alfresco-base-t-engine-5.1.2-A2-SNAPSHOT-javadoc.jar JS files within alfresco-transform-model-5.1.2-A2-SNAPSHOT-javadoc.jar =================== Analyzed 5 modules. =================== JS files within alfresco-transform-core-aio-5.1.2-A2-SNAPSHOT-javadoc.jar JS files within jwarc-0.29.0.jar engines/aio/target/alfresco-transform-core-aio-5.1.2-A2-SNAPSHOT.jar JS files within alfresco-base-t-engine-5.1.2-A2-SNAPSHOT-javadoc.jar JS files within alfresco-transform-model-5.1.2-A2-SNAPSHOT-javadoc.jar =================== Analyzed 60 issues. =================== ----------------------------------- Found 40 issues of Medium severity. ----------------------------------- CWE-327: Use of a Broken or Risky Cryptographic Algorithm: aj/org/objectweb/asm/commons/SerialVersionUIDAdder.java:426 Details: <span>This function uses the SHA() function, which uses a hash algorithm that is considered weak. In recent years, researchers have demonstrated ways to breach many uses of previously-thought-safe hash functions such as MD5. </span> <span>Consider using a stronger algorithm in order to prevent attackers from being able to manipulate hash results. If this algorithm is being used to hash passwords, then consider using a strong computationally-hard algorithm such as PBKDF2 or bcrypt instead of a plain hashing algorithm.</span> <span>References: <a href="https://cwe.mitre.org/data/definitions/327.html">CWE</a></span> https://downloads.veracode.com/securityscan/cwe/v4/java/327.html CWE-327: Use of a Broken or Risky Cryptographic Algorithm: org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/org/bouncycastle/jcajce/provider/asymmetric/compositesignatures/SignatureSpi.java:1 Details: <span>This cryptograph

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, actions/cache@v3, actions/setup-java@v3, docker/[email protected], veracode/[email protected], actions/upload-artifact@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.