This repository has been archived by the owner on Jul 29, 2024. It is now read-only.
chore(stack): use one database container per service #232
DaAnda97build.yml
on: pull_request
build_miranum_platform
5m 35s
Annotations
47 warnings
|
build_miranum_platform
Unexpected input(s) 'debug', 'acs-report-enable', valid inputs are ['image', 'path', 'sbom', 'fail-build', 'output-format', 'severity-cutoff', 'only-fixed', 'add-cpes-if-none', 'by-cve', 'grype-version', 'vex']
|
|
build_miranum_platform
Failed minimum severity level. Found vulnerabilities with level 'medium' or higher
|
|
build_miranum_platform
Unexpected input(s) 'debug', 'acs-report-enable', valid inputs are ['image', 'path', 'sbom', 'fail-build', 'output-format', 'severity-cutoff', 'only-fixed', 'add-cpes-if-none', 'by-cve', 'grype-version', 'vex']
|
|
build_miranum_platform
Failed minimum severity level. Found vulnerabilities with level 'medium' or higher
|
|
build_miranum_platform
Unexpected input(s) 'debug', 'acs-report-enable', valid inputs are ['image', 'path', 'sbom', 'fail-build', 'output-format', 'severity-cutoff', 'only-fixed', 'add-cpes-if-none', 'by-cve', 'grype-version', 'vex']
|
|
build_miranum_platform
Failed minimum severity level. Found vulnerabilities with level 'medium' or higher
|
|
HIGH: GHSA-22wj-vf5f-wrvj high vulnerability for h2 package
Vulnerability GHSA-22wj-vf5f-wrvj
Severity: high
Package: h2
Version: 2.1.214
Fix Version: 2.2.220
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/h2-2.1.214.jar
Data Namespace: github:language:java
Link: [GHSA-22wj-vf5f-wrvj](https://github.com/advisories/GHSA-22wj-vf5f-wrvj)
|
|
CRITICAL: GHSA-3h6f-g5f3-gc4w critical vulnerability for spring-security-config package
Vulnerability GHSA-3h6f-g5f3-gc4w
Severity: critical
Package: spring-security-config
Version: 5.7.8
Fix Version: 5.7.10
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/spring-security-config-5.7.8.jar
Data Namespace: github:language:java
Link: [GHSA-3h6f-g5f3-gc4w](https://github.com/advisories/GHSA-3h6f-g5f3-gc4w)
|
|
HIGH: GHSA-3mc7-4q67-w48m high vulnerability for snakeyaml package
Vulnerability GHSA-3mc7-4q67-w48m
Severity: high
Package: snakeyaml
Version: 1.30
Fix Version: 1.31
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.30.jar
Data Namespace: github:language:java
Link: [GHSA-3mc7-4q67-w48m](https://github.com/advisories/GHSA-3mc7-4q67-w48m)
|
|
HIGH: GHSA-493p-pfq6-5258 high vulnerability for json-smart package
Vulnerability GHSA-493p-pfq6-5258
Severity: high
Package: json-smart
Version: 2.4.8
Fix Version: 2.4.9
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/nimbus-jose-jwt-9.22.jar
Data Namespace: github:language:java
Link: [GHSA-493p-pfq6-5258](https://github.com/advisories/GHSA-493p-pfq6-5258)
|
|
HIGH: GHSA-4jq9-2xhw-jpx7 high vulnerability for json package
Vulnerability GHSA-4jq9-2xhw-jpx7
Severity: high
Package: json
Version: 20230227
Fix Version: 20231013
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/json-20230227.jar
Data Namespace: github:language:java
Link: [GHSA-4jq9-2xhw-jpx7](https://github.com/advisories/GHSA-4jq9-2xhw-jpx7)
|
|
CRITICAL: GHSA-4wrc-f8pq-fpqp critical vulnerability for spring-web package
Vulnerability GHSA-4wrc-f8pq-fpqp
Severity: critical
Package: spring-web
Version: 5.3.27
Fix Version: 6.0.0
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/spring-web-5.3.27.jar
Data Namespace: github:language:java
Link: [GHSA-4wrc-f8pq-fpqp](https://github.com/advisories/GHSA-4wrc-f8pq-fpqp)
|
|
HIGH: GHSA-fccv-jmmp-qg76 high vulnerability for tomcat-embed-core package
Vulnerability GHSA-fccv-jmmp-qg76
Severity: high
Package: tomcat-embed-core
Version: 9.0.75
Fix Version: 9.0.83
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/tomcat-embed-core-9.0.75.jar
Data Namespace: github:language:java
Link: [GHSA-fccv-jmmp-qg76](https://github.com/advisories/GHSA-fccv-jmmp-qg76)
|
|
HIGH: GHSA-gm62-rw4g-vrc4 high vulnerability for logback-core package
Vulnerability GHSA-gm62-rw4g-vrc4
Severity: high
Package: logback-core
Version: 1.2.12
Fix Version: 1.2.13
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.2.12.jar
Data Namespace: github:language:java
Link: [GHSA-gm62-rw4g-vrc4](https://github.com/advisories/GHSA-gm62-rw4g-vrc4)
|
|
HIGH: GHSA-mjmj-j48q-9wg2 high vulnerability for snakeyaml package
Vulnerability GHSA-mjmj-j48q-9wg2
Severity: high
Package: snakeyaml
Version: 1.30
Fix Version: 2.0
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.30.jar
Data Namespace: github:language:java
Link: [GHSA-mjmj-j48q-9wg2](https://github.com/advisories/GHSA-mjmj-j48q-9wg2)
|
|
HIGH: GHSA-q24v-hpg3-v3jp high vulnerability for reactor-netty-http package
Vulnerability GHSA-q24v-hpg3-v3jp
Severity: high
Package: reactor-netty-http
Version: 1.0.32
Fix Version: 1.0.39
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/reactor-netty-http-1.0.32.jar
Data Namespace: github:language:java
Link: [GHSA-q24v-hpg3-v3jp](https://github.com/advisories/GHSA-q24v-hpg3-v3jp)
|
|
build_miranum_platform
Unexpected input(s) 'debug', 'acs-report-enable', valid inputs are ['image', 'path', 'sbom', 'fail-build', 'output-format', 'severity-cutoff', 'only-fixed', 'add-cpes-if-none', 'by-cve', 'grype-version', 'vex']
|
|
build_miranum_platform
Failed minimum severity level. Found vulnerabilities with level 'medium' or higher
|
|
HIGH: GHSA-vmq6-5m68-f53m high vulnerability for logback-classic package
Vulnerability GHSA-vmq6-5m68-f53m
Severity: high
Package: logback-classic
Version: 1.4.11
Fix Version: 1.4.12
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-classic-1.4.11.jar
Data Namespace: github:language:java
Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)
|
|
HIGH: GHSA-vmq6-5m68-f53m high vulnerability for logback-core package
Vulnerability GHSA-vmq6-5m68-f53m
Severity: high
Package: logback-core
Version: 1.4.11
Fix Version: 1.4.12
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.4.11.jar
Data Namespace: github:language:java
Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)
|
|
HIGH: CVE-2017-16932 high vulnerability for libxml2 package
Vulnerability CVE-2017-16932
Severity: high
Package: libxml2
Version: 2.9.4+dfsg1-7+deb10u2
Fix Version:
Type: deb
Location: /usr/share/doc/libxml2/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2017-16932](https://security-tracker.debian.org/tracker/CVE-2017-16932)
|
|
HIGH: CVE-2017-6363 high vulnerability for libgd3 package
Vulnerability CVE-2017-6363
Severity: high
Package: libgd3
Version: 2.2.5-5.2
Fix Version:
Type: deb
Location: /usr/share/doc/libgd3/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2017-6363](https://security-tracker.debian.org/tracker/CVE-2017-6363)
|
|
HIGH: CVE-2018-12886 high vulnerability for gcc-8-base package
Vulnerability CVE-2018-12886
Severity: high
Package: gcc-8-base
Version: 8.3.0-6
Fix Version:
Type: deb
Location: /usr/share/doc/gcc-8-base/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)
|
|
HIGH: CVE-2018-12886 high vulnerability for libgcc1 package
Vulnerability CVE-2018-12886
Severity: high
Package: libgcc1
Version: 1:8.3.0-6
Fix Version:
Type: deb
Location: /usr/share/doc/libgcc1/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)
|
|
HIGH: CVE-2018-12886 high vulnerability for libstdc++6 package
Vulnerability CVE-2018-12886
Severity: high
Package: libstdc++6
Version: 8.3.0-6
Fix Version:
Type: deb
Location: /usr/share/doc/libstdc++6/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)
|
|
HIGH: CVE-2018-25032 high vulnerability for zlib1g package
Vulnerability CVE-2018-25032
Severity: high
Package: zlib1g
Version: 1:1.2.11.dfsg-1
Fix Version: 1:1.2.11.dfsg-1+deb10u1
Type: deb
Location: /usr/share/doc/zlib1g/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2018-25032](https://security-tracker.debian.org/tracker/CVE-2018-25032)
|
|
HIGH: CVE-2019-12290 high vulnerability for libidn2-0 package
Vulnerability CVE-2019-12290
Severity: high
Package: libidn2-0
Version: 2.0.5-1+deb10u1
Fix Version:
Type: deb
Location: /usr/share/doc/libidn2-0/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2019-12290](https://security-tracker.debian.org/tracker/CVE-2019-12290)
|
|
HIGH: CVE-2019-13115 high vulnerability for libssh2-1 package
Vulnerability CVE-2019-13115
Severity: high
Package: libssh2-1
Version: 1.8.0-2.1
Fix Version: 1.8.0-2.1+deb10u1
Type: deb
Location: /usr/share/doc/libssh2-1/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2019-13115](https://security-tracker.debian.org/tracker/CVE-2019-13115)
|
|
HIGH: CVE-2019-15847 high vulnerability for gcc-8-base package
Vulnerability CVE-2019-15847
Severity: high
Package: gcc-8-base
Version: 8.3.0-6
Fix Version:
Type: deb
Location: /usr/share/doc/gcc-8-base/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847)
|
|
HIGH: CVE-2019-15847 high vulnerability for libgcc1 package
Vulnerability CVE-2019-15847
Severity: high
Package: libgcc1
Version: 1:8.3.0-6
Fix Version:
Type: deb
Location: /usr/share/doc/libgcc1/copyright
Data Namespace: debian:distro:debian:10
Link: [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847)
|
|
HIGH: GHSA-22wj-vf5f-wrvj high vulnerability for h2 package
Vulnerability GHSA-22wj-vf5f-wrvj
Severity: high
Package: h2
Version: 2.1.214
Fix Version: 2.2.220
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/h2-2.1.214.jar
Data Namespace: github:language:java
Link: [GHSA-22wj-vf5f-wrvj](https://github.com/advisories/GHSA-22wj-vf5f-wrvj)
|
|
HIGH: GHSA-fccv-jmmp-qg76 high vulnerability for tomcat-embed-core package
Vulnerability GHSA-fccv-jmmp-qg76
Severity: high
Package: tomcat-embed-core
Version: 10.1.8
Fix Version: 10.1.16
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/tomcat-embed-core-10.1.8.jar
Data Namespace: github:language:java
Link: [GHSA-fccv-jmmp-qg76](https://github.com/advisories/GHSA-fccv-jmmp-qg76)
|
|
HIGH: GHSA-mjmj-j48q-9wg2 high vulnerability for snakeyaml package
Vulnerability GHSA-mjmj-j48q-9wg2
Severity: high
Package: snakeyaml
Version: 1.33
Fix Version: 2.0
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.33.jar
Data Namespace: github:language:java
Link: [GHSA-mjmj-j48q-9wg2](https://github.com/advisories/GHSA-mjmj-j48q-9wg2)
|
|
HIGH: GHSA-v94h-hvhg-mf9h high vulnerability for spring-webmvc package
Vulnerability GHSA-v94h-hvhg-mf9h
Severity: high
Package: spring-webmvc
Version: 6.0.9
Fix Version: 6.0.14
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/spring-webmvc-6.0.9.jar
Data Namespace: github:language:java
Link: [GHSA-v94h-hvhg-mf9h](https://github.com/advisories/GHSA-v94h-hvhg-mf9h)
|
|
HIGH: GHSA-vmq6-5m68-f53m high vulnerability for logback-classic package
Vulnerability GHSA-vmq6-5m68-f53m
Severity: high
Package: logback-classic
Version: 1.4.7
Fix Version: 1.4.12
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-classic-1.4.7.jar
Data Namespace: github:language:java
Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)
|
|
HIGH: GHSA-vmq6-5m68-f53m high vulnerability for logback-core package
Vulnerability GHSA-vmq6-5m68-f53m
Severity: high
Package: logback-core
Version: 1.4.7
Fix Version: 1.4.12
Type: java-archive
Location: /app/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.4.7.jar
Data Namespace: github:language:java
Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)
|
|
HIGH: GHSA-3mc7-4q67-w48m high vulnerability for snakeyaml package
Vulnerability GHSA-3mc7-4q67-w48m
Severity: high
Package: snakeyaml
Version: 1.30
Fix Version: 1.31
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.30.jar
Data Namespace: github:language:java
Link: [GHSA-3mc7-4q67-w48m](https://github.com/advisories/GHSA-3mc7-4q67-w48m)
|
|
CRITICAL: GHSA-4wrc-f8pq-fpqp critical vulnerability for spring-web package
Vulnerability GHSA-4wrc-f8pq-fpqp
Severity: critical
Package: spring-web
Version: 5.3.27
Fix Version: 6.0.0
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/spring-web-5.3.27.jar
Data Namespace: github:language:java
Link: [GHSA-4wrc-f8pq-fpqp](https://github.com/advisories/GHSA-4wrc-f8pq-fpqp)
|
|
HIGH: GHSA-55g7-9cwv-5qfv high vulnerability for snappy-java package
Vulnerability GHSA-55g7-9cwv-5qfv
Severity: high
Package: snappy-java
Version: 1.1.10.1
Fix Version: 1.1.10.4
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/snappy-java-1.1.10.1.jar
Data Namespace: github:language:java
Link: [GHSA-55g7-9cwv-5qfv](https://github.com/advisories/GHSA-55g7-9cwv-5qfv)
|
|
HIGH: GHSA-crqf-q9fp-hwjw high vulnerability for spring-kafka package
Vulnerability GHSA-crqf-q9fp-hwjw
Severity: high
Package: spring-kafka
Version: 2.8.11
Fix Version: 2.9.11
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/spring-kafka-2.8.11.jar
Data Namespace: github:language:java
Link: [GHSA-crqf-q9fp-hwjw](https://github.com/advisories/GHSA-crqf-q9fp-hwjw)
|
|
HIGH: GHSA-fccv-jmmp-qg76 high vulnerability for tomcat-embed-core package
Vulnerability GHSA-fccv-jmmp-qg76
Severity: high
Package: tomcat-embed-core
Version: 9.0.75
Fix Version: 9.0.83
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/tomcat-embed-core-9.0.75.jar
Data Namespace: github:language:java
Link: [GHSA-fccv-jmmp-qg76](https://github.com/advisories/GHSA-fccv-jmmp-qg76)
|
|
HIGH: GHSA-gm62-rw4g-vrc4 high vulnerability for logback-core package
Vulnerability GHSA-gm62-rw4g-vrc4
Severity: high
Package: logback-core
Version: 1.2.12
Fix Version: 1.2.13
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.2.12.jar
Data Namespace: github:language:java
Link: [GHSA-gm62-rw4g-vrc4](https://github.com/advisories/GHSA-gm62-rw4g-vrc4)
|
|
HIGH: GHSA-mjmj-j48q-9wg2 high vulnerability for snakeyaml package
Vulnerability GHSA-mjmj-j48q-9wg2
Severity: high
Package: snakeyaml
Version: 1.30
Fix Version: 2.0
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/snakeyaml-1.30.jar
Data Namespace: github:language:java
Link: [GHSA-mjmj-j48q-9wg2](https://github.com/advisories/GHSA-mjmj-j48q-9wg2)
|
|
HIGH: GHSA-vmq6-5m68-f53m high vulnerability for logback-classic package
Vulnerability GHSA-vmq6-5m68-f53m
Severity: high
Package: logback-classic
Version: 1.2.12
Fix Version: 1.2.13
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/logback-classic-1.2.12.jar
Data Namespace: github:language:java
Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)
|
|
HIGH: GHSA-vmq6-5m68-f53m high vulnerability for logback-core package
Vulnerability GHSA-vmq6-5m68-f53m
Severity: high
Package: logback-core
Version: 1.2.12
Fix Version: 1.2.13
Type: java-archive
Location: /deployments/spring-boot-application.jar:BOOT-INF/lib/logback-core-1.2.12.jar
Data Namespace: github:language:java
Link: [GHSA-vmq6-5m68-f53m](https://github.com/advisories/GHSA-vmq6-5m68-f53m)
|
|
build_miranum_platform
Unexpected input(s) 'debug', 'acs-report-enable', valid inputs are ['image', 'path', 'sbom', 'fail-build', 'output-format', 'severity-cutoff', 'only-fixed', 'add-cpes-if-none', 'by-cve', 'grype-version', 'vex']
|
|
build_miranum_platform
Failed minimum severity level. Found vulnerabilities with level 'medium' or higher
|