Skip to content

Merge pull request #759 from Alfresco/dependabot/maven/alfresco-db-co… #4671

Merge pull request #759 from Alfresco/dependabot/maven/alfresco-db-co…

Merge pull request #759 from Alfresco/dependabot/maven/alfresco-db-co… #4671

Triggered via push December 5, 2024 13:09
Status Failure
Total duration 35m 46s
Artifacts 1

ci.yml

on: push
Matrix: run_e2e_test
Matrix: Build and test application
Matrix: Build application with distribution profile
Veracode - Source Clear Scan (SCA)
4m 39s
Veracode - Source Clear Scan (SCA)
Pipeline SAST Scan
6m 19s
Pipeline SAST Scan
Matrix: run_e2e_test_using_older_java
Push docker images
5m 48s
Push docker images
Publish SNAPSHOT artifacts
1m 59s
Publish SNAPSHOT artifacts
Make release and deploy to Nexus and S3 Staging Bucket
0s
Make release and deploy to Nexus and S3 Staging Bucket
Deploy release version to quay.io
0s
Deploy release version to quay.io
Copy to S3 Downloads Bucket
0s
Copy to S3 Downloads Bucket
Fit to window
Zoom out
Zoom in

Annotations

2 errors and 20 warnings
Pipeline SAST Scan
[05 Dec 2024 13:15:24,0599] PIPELINE-SCAN INFO: Pipeline Scan Tool Version 24.10.0-0. [05 Dec 2024 13:15:24,0612] PIPELINE-SCAN INFO: Loading policy file Alfresco_Default.json [05 Dec 2024 13:15:24,0614] PIPELINE-SCAN INFO: Successfully retrieved the policy [05 Dec 2024 13:15:24,0614] PIPELINE-SCAN INFO: Policy name: Alfresco Default [05 Dec 2024 13:15:24,0614] PIPELINE-SCAN INFO: CWE filter: [05 Dec 2024 13:15:24,0615] PIPELINE-SCAN INFO: Severity filter: 3, 4, 5, [05 Dec 2024 13:15:24,0615] PIPELINE-SCAN INFO: Beginning scanning of 'distribution/target/alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip'. [05 Dec 2024 13:15:24,0618] PIPELINE-SCAN INFO: Sending 122598767 bytes to the server for analysis. [05 Dec 2024 13:16:00,0101] PIPELINE-SCAN INFO: Upload complete. [05 Dec 2024 13:16:00,0102] PIPELINE-SCAN INFO: Scan ID: 41e5dcc8-4813-4747-b649-bc7c82ed6550 [05 Dec 2024 13:16:00,0380] PIPELINE-SCAN INFO: Analysis Started. =========================== Found 6 Scannable modules. =========================== alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar JS files within spring-security-web-6.4.1.jar JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip [05 Dec 2024 13:18:50,0549] PIPELINE-SCAN INFO: Analysis Complete. [05 Dec 2024 13:18:50,0551] PIPELINE-SCAN INFO: Analysis Results: Received 5159 bytes in 205936ms. [05 Dec 2024 13:18:50,0553] PIPELINE-SCAN INFO: Writing Raw JSON Results to file '/home/runner/work/hxinsight-connector/hxinsight-connector/results.json'. [05 Dec 2024 13:18:50,0554] PIPELINE-SCAN INFO: Applying custom severity 4 to cwe 80 [05 Dec 2024 13:18:50,0556] PIPELINE-SCAN INFO: Writing Filtered JSON Results to file '/home/runner/work/hxinsight-connector/hxinsight-connector/filtered_results.json'. Scan Summary: PIPELINE_SCAN_VERSION: 24.10.0-0 DEV-STAGE: DEVELOPMENT PROJECT-NAME: hxinsight-connector SCAN_ID: 41e5dcc8-4813-4747-b649-bc7c82ed6550 SCAN_STATUS: SUCCESS SCAN_MESSAGE: Scan successful. Results size: 4388 bytes ==================== Analysis Successful. ==================== ========================== Found 6 Scannable modules. ========================== alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar JS files within spring-security-web-6.4.1.jar JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip =================== Analyzed 6 modules. =================== alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar JS files within spring-security-web-6.4.1.jar JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip ================== Analyzed 2 issues. ================== -------------------------------- Found 1 issues of High severity. -------------------------------- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): org/springframework/security/spring-security-webauthn.js:199 Details: <span>This call to href() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. </span> <span>Use contextual escaping on all untrusted
Run e2e tests using ACS 7.4.2 on Java 11
Process completed with exit code 1.
pre_commit
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build and test application (common-test)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build and test application (common)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build and test application (common-authentication)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build and test application (bulk-ingester)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build application with distribution profile (23.3.0)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build application with distribution profile (7.4.2)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build application with distribution profile (7.3.2)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build and test application (hxinsight-extension)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Veracode - Source Clear Scan (SCA)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Pipeline SAST Scan
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build and test application (prediction-applier)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Build and test application (live-ingester)
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Run e2e tests using ACS 23.3.0
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Run e2e tests using ACS 7.3.2 on Java 11
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Run e2e tests using ACS 7.3.2
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Run e2e tests using ACS 7.4.2
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Publish SNAPSHOT artifacts
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Push docker images
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
Run e2e tests using ACS 7.4.2 on Java 11
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

Artifacts

Produced during runtime
Name Size
Veracode Pipeline-Scan Results
3.69 KB