Skip to content

SCA PR #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jmagee70 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

SCA PR #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bed4c4b
SAST Update PRFiles
jmagee70 Feb 6, 2024
52014b1
IAC Update PR Files
jmagee70 Feb 6, 2024
acade8c
SAC Update PR Files
jmagee70 Feb 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 0 additions & 32 deletions IAC/ec2.tf
View file
Open in desktop

This file was deleted.

141 changes: 0 additions & 141 deletions IAC/s3.tf
View file
Open in desktop

This file was deleted.

24 changes: 0 additions & 24 deletions IAC/s3bucket.yaml
View file
Open in desktop

This file was deleted.

49 changes: 0 additions & 49 deletions IAC/storage.bicep
View file
Open in desktop

This file was deleted.

45 changes: 45 additions & 0 deletions SCA/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
apply plugin: "java"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

junit:junit 4.8.2 / build.gradle

LOW  Unknown License (Common Public License Version 1.0)

This package use a non-SPDX, unrecognized, or private open-source license. Ensure this package is compliant.

apply plugin: "eclipse"
apply plugin: "idea"

group = "com.mycompany.hadoopproject"
version = "1.0"

repositories {
mavenCentral()
maven {
url "https://repository.cloudera.com/artifactory/cloudera-repos/"
}
}

configurations {
provided
}
sourceSets {
main {
compileClasspath += configurations.provided
}
}

ext.hadoopVersion = "2.0.0-mr1-cdh4.0.1"
dependencies {
provided "org.apache.hadoop:hadoop-client:${hadoopVersion}"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

org.apache.hadoop:hadoop-client 2.0.0-mr1-cdh4.0.1 / build.gradle

Total vulnerabilities: 2

Critical: 0 High: 1 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2017-3162 HIGH HIGH 7.3 2.7.0 Open
CVE-2017-3161 MEDIUM MEDIUM 6.1 2.7.0 Open

Check warning

Code scanning / checkov

CVE-2017-3161 - org.apache.hadoop:hadoop-client: 2.0.0-mr1-cdh4.0.1

CVE-2017-3161 - org.apache.hadoop:hadoop-client: 2.0.0-mr1-cdh4.0.1

Check failure

Code scanning / checkov

CVE-2017-3162 - org.apache.hadoop:hadoop-client: 2.0.0-mr1-cdh4.0.1

CVE-2017-3162 - org.apache.hadoop:hadoop-client: 2.0.0-mr1-cdh4.0.1

compile "com.google.guava:guava:11.0.2"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

com.google.guava:guava 11.0.2 / build.gradle

Total vulnerabilities: 3

Critical: 0 High: 1 Medium: 1 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2023-2976 HIGH HIGH 7.1 32.0.0 Open
CVE-2018-10237 MEDIUM MEDIUM 5.9 24.1.1 Open
CVE-2020-8908 LOW LOW 3.3 32.0.0 Open

Check failure

Code scanning / checkov

CVE-2023-2976 - com.google.guava:guava: 11.0.2

CVE-2023-2976 - com.google.guava:guava: 11.0.2

Check warning

Code scanning / checkov

CVE-2018-10237 - com.google.guava:guava: 11.0.2

CVE-2018-10237 - com.google.guava:guava: 11.0.2

Check notice

Code scanning / checkov

CVE-2020-8908 - com.google.guava:guava: 11.0.2

CVE-2020-8908 - com.google.guava:guava: 11.0.2

testCompile "junit:junit:4.8.2"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

junit:junit 4.8.2 / build.gradle

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2020-15250 MEDIUM MEDIUM 4.4 4.13.1 Open

Check notice

Code scanning / checkov

License Common Public License Version 1.0 - junit:junit: 4.8.2

License Common Public License Version 1.0 - junit:junit: 4.8.2

Check warning

Code scanning / checkov

CVE-2020-15250 - junit:junit: 4.8.2

CVE-2020-15250 - junit:junit: 4.8.2
}

sourceCompatibility = 1.6
targetCompatibility = 1.6

eclipse {
classpath {
defaultOutputDir = file("${buildDir}/eclipse-classes")
plusConfigurations += configurations.provided
}
}

jar {
from configurations.compile.collect { it.isDirectory() ? it : zipTree(it) }
}
75 changes: 75 additions & 0 deletions SCA/goat-nuget.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
<Project Sdk="Microsoft.NET.Sdk">

<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net5.0</TargetFramework>
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.All" Version="2.2.8" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Core" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore" Version="2.1.7" />
<PackageReference Include="System.Text.RegularExpressions" Version="4.3.0" />
<PackageReference Include="System.Net.Security" Version="4.3.0" />
<PackageReference Include="System.Net.Http" Version="4.3.0" />
<PackageReference Include="Microsoft.AspNetCore.Server.IIS" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.Server.HttpSys" Version="2.2.0" />
<PackageReference Include="System.IO.Pipelines" Version="4.5.0" />
<PackageReference Include="System.Private.Uri" Version="4.3.0" />
<PackageReference Include="MessagePack" Version="1.7.3.4" />
<PackageReference Include="SharpZipLib" Version="0.86.0" />
<PackageReference Include="Microsoft.AspNetCore.Server.HttpSys" Version="2.1.0" />
<PackageReference Include="Microsoft.AspNetCore.Server.HttpSys" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Core" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Core" Version="2.1.3" />
<PackageReference Include="System.Net.Http" Version="4.3.2" />
<PackageReference Include="Microsoft.NETCore.App" Version="1.0.5" />
<PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore" Version="2.1.0" />
<PackageReference Include="MessagePack" Version="1.7.3.7" />
<PackageReference Include="Microsoft.AspNetCore" Version="1.1.4" />
<PackageReference Include="Microsoft.NETCore.App" Version="2.2.0" />
<PackageReference Include="Microsoft.NETCore.App" Version="2.0.0" />
<PackageReference Include="Microsoft.NETCore.App" Version="2.1.0" />
<PackageReference Include="jQuery" Version="1.10.2" />
<PackageReference Include="jQuery" Version="2.1.4" />
<PackageReference Include="Microsoft.AspNetCore.HttpOverrides" Version="2.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.1.0" />
<PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.1.1" />
<PackageReference Include="System.Net.Http" Version="4.1.0" />
<PackageReference Include="System.Security.Cryptography.Xml" Version="4.4.0" />
<PackageReference Include="System.Net.WebSockets.WebSocketProtocol" Version="4.5.0" />
<PackageReference Include="System.Net.WebSockets.WebSocketProtocol" Version="4.5.1" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv" Version="2.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions" Version="2.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Server.HttpSys" Version="2.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.0.1" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.1.0" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore.SpaServices" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.SpaServices" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore.SpaServices" Version="2.1.0" />
<PackageReference Include="Microsoft.AspNetCore.WebSockets" Version="2.1.0" />
<PackageReference Include="Microsoft.AspNetCore.WebSockets" Version="2.1.1" />
<PackageReference Include="Microsoft.AspNetCore.WebSockets" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="1.0.4" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Core" Version="1.1.4" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Cors" Version="1.1.4" />
<PackageReference Include="Microsoft.Data.OData" Version="5.8.2" />
<PackageReference Include="System.Net.Http" Version="4.3.3" />
<PackageReference Include="SharpZipLib" Version="1.1.0" />
<PackageReference Include="System.Net.Http" Version="4.1.2" />
<PackageReference Include="Microsoft.AspNetCore.All" Version="2.0.5" />
<PackageReference Include="Microsoft.AspNetCore.App" Version="2.2.0" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Core" Version="2.1.0" />
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Core" Version="2.0.1" />
<PackageReference Include="Microsoft.NETCore.App" Version="1.1.2" />
<PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.0" />
<PackageReference Include="Microsoft.AspNetCore" Version="2.0.1" />
<PackageReference Include="SharpZipLib" Version="1.2.0" />
</ItemGroup>

</Project>
Loading