sett-and-hive / sarif-to-issue-action Goto Github PK
View Code? Open in Web Editor NEWA GitHub action for @security-alert/sarif-to-issue
License: MIT License
A GitHub action for @security-alert/sarif-to-issue
License: MIT License
Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
Nothing here.
- js/xss [error]
> Client-side cross-site scripting
Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
Nothing here.
- js/xss [error]
> Client-side cross-site scripting
Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
Nothing here.
- js/xss [error]
> Client-side cross-site scripting
Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
Nothing here.
- js/xss [error]
> Client-side cross-site scripting
Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
Nothing here.
- js/xss [error]
> Client-side cross-site scripting
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are awaiting their schedule. Click on a checkbox to get an update now.
Could not determine new digest for update (datasource: github-tags)
.Files affected: .github/workflows/trivy.yml
Dockerfile
node 20-bullseye-slim@sha256:77360666adb6622d13d0f32786185b7ddc5e5cd4a9c4140097ee7fdd9b3db527
.github/workflows/ci-test.yaml
step-security/harden-runner aa817ef3512b39bbe179e1c24cc63b4a421ab219
actions/checkout 96f53100ba2a5449eb71d2e6604bbcd94b9449b5
juliangruber/read-file-action cc341ded5e6547edbdf30bf7b4138a940433641b
thollander/actions-comment-pull-request 8c77f42bbcc27c832a3a5962c8f9a60e34b594f3
.github/workflows/close-stale-issues.yaml
step-security/harden-runner aa817ef3512b39bbe179e1c24cc63b4a421ab219
actions/stale 47ab9e7777a63d02560d90177905c411b30fe684
.github/workflows/issue-test.yaml
step-security/harden-runner aa817ef3512b39bbe179e1c24cc63b4a421ab219
actions/checkout 96f53100ba2a5449eb71d2e6604bbcd94b9449b5
.github/workflows/scorecards.yml
step-security/harden-runner aa817ef3512b39bbe179e1c24cc63b4a421ab219
actions/checkout v3.3.0@ac593985615ec2ede58e132d2e21d2b1cbd6127c
ossf/scorecard-action v2.1.3@80e868c13c90f172d68d1f4501dee99e2479f7af
actions/upload-artifact v3.1.2@0b7f8abb1508181956e8e162db84b466c27e18ce
github/codeql-action v2.2.12@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db
.github/workflows/sonarcloud.yaml
step-security/harden-runner v2.2.1@1f99358870fe1c846a3ccba386cc2b2246836776
actions/checkout v3.3.0@ac593985615ec2ede58e132d2e21d2b1cbd6127c
SonarSource/sonarcloud-github-action 9c0534dd12d09f22d69fbb301a1955249e49d910
.github/workflows/trivy.yml
step-security/harden-runner aa817ef3512b39bbe179e1c24cc63b4a421ab219
actions/cache v3.3.1@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
actions/checkout v3.3.0@ac593985615ec2ede58e132d2e21d2b1cbd6127c
aquasecurity/trivy-action 0.9.2@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee
github/codeql-action v21.3@959cbb7472c4d4ad70cdfe6f4976053fe48ab394
.pre-commit-config.yaml
pre-commit/pre-commit-hooks v4.4.0
hadolint/hadolint v2.12.1-beta
rhysd/actionlint v1.6.25
igorshubovych/markdownlint-cli v0.35.0
shellcheck-py/shellcheck-py v0.9.0.5
scop/pre-commit-shfmt v3.7.0-1
zricethezav/gitleaks v8.17.0
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Location: renovate.json
Error type: Invalid JSON (parsing failed)
Message: Syntax error: expecting String near e, },
Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
Nothing here.
- js/xss [error]
> Client-side cross-site scripting
CVE-2022-24823 - Netty is an open-source, asynchronous event-driven network application framework. The package
io.netty:netty-codec-httpprior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own
java.io.tmpdir when starting the JVM or use DefaultHttpDataFactory.setBaseDir\(...\) to set the directory to something that is only readable by the current user.
Nothing here.
- CVE-2022-24823 [undefined]
> Medium severity - CVE-2022-24823 Exposure of Resource to Wrong Sphere vulnerability in pkg:maven/io.netty/[email protected]
The issues created when the issue-test.yaml
workflow runs are needed for testing purposes but will clutter the issues.
These issues should be removed automatically within a short time.
Keep the issues list from getting cluttered with the expected output of the issues generation tests.
Use a popular existing action solution with good reviews.
No response
No response
No response
As an OWASP Dependency Check user,
So that I can see vulnerability issues found by scheduled GitHub actions that run OWASP Dependency Check,
I want to have an action that will post SARIF results to an issue in my repo.
No response
No response
Cross-site scripting vulnerability due to \[user-provided value\]\(1\).
Nothing here.
- js/xss [error]
> Client-side cross-site scripting
As an engineer using OWASP Dependency Check (ODC) in my CI system,
So that I can see what vulnerability findings are in my repository,
I want to see ODC findings in an issue.
To make an OWASP dependency-check SARIF file work for the converter,
you need to add an expected defaultConfiguration
element to each rules
object.
jq '.runs[].tool.driver.rules[] |= . +
{"defaultConfiguration": { "level": "error"}}' test/fixtures/odc.sarif >odc-mod.sarif
No response
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.