Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added initial veracode scan pipeline #84

Merged
merged 10 commits into from
Jul 27, 2023
Merged

added initial veracode scan pipeline #84

merged 10 commits into from
Jul 27, 2023

Conversation

steven-xu-lf
Copy link
Contributor

@steven-xu-lf steven-xu-lf commented Jul 18, 2023
edited
Loading

Note: already manually ran/tested the veracode scan pipeline

@github-actions
Copy link
Contributor



Veraocde SCA Scan failed with exit code 0

Veracode SCA Scan details

Veracode SCA agent scanning engine ready Searching for supported projects (this may take a minute)... [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src [Jar]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/cs [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/fr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/pl [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/zh-Hant [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/zh-Hans [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/ko [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/obj/Debug/net6.0/ref [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/cs [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/pl [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/ru [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/de [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/ko [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/tr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/it [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/fr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/cs [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/ru [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/zh-Hans [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/zh-Hant [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/es [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src/bin/Debug/netstandard2.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/pt-BR [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/fr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/ja [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/ko [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/ru [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/zh-Hans [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/zh-Hant [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/zh-Hans [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/fr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/zh-Hant [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src/obj/Debug/netstandard2.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/es [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/pt-BR [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/it [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/ja [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/es [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/pl [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/it [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/ja [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/tr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/ru [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/de [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/pt-BR [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/obj/Debug/netcoreapp3.1 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/pt-BR [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/obj/Debug/net6.0/refint [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/it [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/obj/Debug/net6.0/ref [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/es [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/obj/Debug/net6.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/obj/Debug/net6.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/ja [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/cs [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/de [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/tr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/obj/Debug/netcoreapp3.1 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/pl [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/de [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/ko [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/tr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/obj/Debug/net6.0/refint Processing results... Processing results complete

Summary Report
Scan ID                                        5db095bf-11c3-48aa-ad78-8c398c541761
Scan Date & Time                             Jul 18 2023 02:18PM UTC
Account type                                 ENTERPRISE
Scan engine                                    3.8.35 (latest 3.8.35)
Analysis time                                 40 seconds
User                                         runner
Project                                        /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet
Package Manager(s)                             DLL, Jar, MSBuildDotNet

Open-Source Libraries
Total Libraries                                118
Direct Libraries                             29
Transitive Libraries                         99
Vulnerable Libraries                         3

Vulnerable Methods
1 vulnerable method can be reached via the code's call graph

Call Source                                                                     Method Name                                                                                         Library
Laserfiche.Repository.Api.Client.BaseClient.UpdateJsonSerializerSettings         Newtonsoft.Json.JsonSerializerSettings.set_MaxDepth(System.Nullable`1<System.Int32>)System.Void     Newtonsoft.Json : 12.0.3

Security
With Vulnerable Methods                        1
Critical Risk Vulnerabilities                 0
High Risk Vulnerabilities                     2
Medium Risk Vulnerabilities                    1
Low Risk Vulnerabilities                     0

Vulnerabilities - Public Data
CVE-2019-0820                                 High Risk         Denial Of Service (DoS)     System.Text.RegularExpressions 4.3.0
CVE-2018-8292                                 High Risk         Information Disclosure     System.Net.Http 4.3.0

Vulnerabilities - Premium Data
NO-CVE                                         Medium Risk     Denial Of Service (DoS)     Newtonsoft.Json 12.0.3

Licenses
Unique Library Licenses                        8
Libraries Using GPL                            0
Libraries With High Risk License             0
Libraries With Medium Risk License             0
Libraries With Low Risk License                209
Libraries With Multiple Licenses             165
Libraries With Unassessable License            222
Libraries With Unrecognizable License         0

Issues
Issue ID     Issue Type         Severity    Description                                     Library Name & Version In Use
197387149    Vulnerability     5.0         NO-CVE: Denial Of Service (DoS)                 Newtonsoft.Json 12.0.3
197387150    Vulnerability     5.0         CVE-2018-8292: Information Disclosure             System.Net.Http 4.3.0
197387151    Vulnerability     5.0         CVE-2019-0820: Denial Of Service (DoS)            System.Text.RegularExpressions 4.3.0
197387152    Outdated Library    3.0         Latest version at scan: 5.1.1                     Castle.Core 4.4.0
197387153    Outdated Library    3.0         Latest version at scan: 6.0.0                     coverlet.collector 3.1.0
197387154    Outdated Library    3.0         Latest version at scan: 2.5.0                     DotNetEnv 2.3.0
197387155    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1    Microsoft.CodeCoverage 17.0.0
197387156    Outdated Library    3.0         Latest version at scan: 7.0.0-preview             Microsoft.IdentityModel.JsonWebTokens 6.13.1
197387157    Outdated Library    3.0         Latest version at scan: 7.0.0-preview             Microsoft.IdentityModel.Logging 6.13.1
197387158    Outdated Library    3.0         Latest version at scan: 7.0.0-preview             Microsoft.IdentityModel.Tokens 6.13.1
197387159    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1    Microsoft.NET.Test.Sdk 17.0.0
197387160    Outdated Library    3.0         Latest version at scan: 17.6.2                    Microsoft.TestPlatform.AdapterUtilities 16.11.0
197387161    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1    Microsoft.TestPlatform.ObjectModel 17.0.0
197387162    Outdated Library    3.0         Latest version at scan: 17.6.2                    Microsoft.TestPlatform.Portable 17.0.0
197387163    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1    Microsoft.TestPlatform.TestHost 17.0.0
197387164    Outdated Library    3.0         Latest version at scan: 4.18.4                    Moq 4.16.1
197387165    Outdated Library    3.0         Latest version at scan: 3.1.1                     MSTest.TestAdapter 2.2.7
197387166    Outdated Library    3.0         Latest version at scan: 3.1.1                     MSTest.TestFramework 2.2.7
197387167    Outdated Library    3.0         Latest version at scan: 13.0.3                    Newtonsoft.Json 12.0.3
197387168    Outdated Library    3.0         Latest version at scan: 6.6.1                     NuGet.Frameworks 5.0.0
197387169    Outdated Library    3.0         Latest version at scan: 3.0.0-develop-00049     Sprache 2.3.1
197387170    Outdated Library    3.0         Latest version at scan: 0.0.2                     xpntek.webapi 0.0.1
197387171    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.assert 2.4.1
197387172    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.extensibility.execution 2.4.1
197387173    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.runner.reporters 2.4.1
197387174    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.runner.utility 2.4.1
197387175    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.runner.visualstudio 2.4.3
197387176    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit 2.4.1

Full Report Details                            https://sca.analysiscenter.veracode.com/teams/700tzxWR/scans/52585109

@github-actions
Copy link
Contributor



Veraocde SCA Scan failed with exit code 0

Veracode SCA Scan details

Veracode SCA agent scanning engine ready Searching for supported projects (this may take a minute)... [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src [Jar]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/cs [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/fr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/pl [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/zh-Hant [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/zh-Hans [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/ko [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/obj/Debug/net6.0/ref [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/cs [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/pl [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/ru [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/de [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/ko [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/tr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/it [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/fr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/cs [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/ru [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/zh-Hans [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/zh-Hant [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/es [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src/bin/Debug/netstandard2.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/pt-BR [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/fr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/ja [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/ko [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/ru [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/zh-Hans [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/zh-Hant [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/zh-Hans [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/fr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/zh-Hant [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src/obj/Debug/netstandard2.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/es [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/pt-BR [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/it [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/ja [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/es [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/pl [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/it [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/ja [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/tr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/ru [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/de [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/pt-BR [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/obj/Debug/netcoreapp3.1 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/pt-BR [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/obj/Debug/net6.0/refint [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/it [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/obj/Debug/net6.0/ref [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/es [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/obj/Debug/net6.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/obj/Debug/net6.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/netcoreapp3.1/ja [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/cs [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/de [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/tr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/obj/Debug/netcoreapp3.1 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/net6.0/pl [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/de [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit/bin/Debug/net6.0/ko [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/bin/Debug/netcoreapp3.1/tr [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration/obj/Debug/net6.0/refint Processing results... Processing results complete

Summary Report
Scan ID                                        198b0a60-12b3-4847-bf4f-9d9b9ff480a0
Scan Date & Time                             Jul 18 2023 02:38PM UTC
Account type                                 ENTERPRISE
Scan engine                                    3.8.35 (latest 3.8.35)
Analysis time                                 39 seconds
User                                         runner
Project                                        /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet
Package Manager(s)                             DLL, Jar, MSBuildDotNet

Open-Source Libraries
Total Libraries                                118
Direct Libraries                             29
Transitive Libraries                         99
Vulnerable Libraries                         3

Vulnerable Methods
1 vulnerable method can be reached via the code's call graph

Call Source                                                                     Method Name                                                                                         Library
Laserfiche.Repository.Api.Client.BaseClient.UpdateJsonSerializerSettings         Newtonsoft.Json.JsonSerializerSettings.set_MaxDepth(System.Nullable`1<System.Int32>)System.Void     Newtonsoft.Json : 12.0.3

Security
With Vulnerable Methods                        1
Critical Risk Vulnerabilities                 0
High Risk Vulnerabilities                     2
Medium Risk Vulnerabilities                    1
Low Risk Vulnerabilities                     0

Vulnerabilities - Public Data
CVE-2019-0820                                 High Risk         Denial Of Service (DoS)     System.Text.RegularExpressions 4.3.0
CVE-2018-8292                                 High Risk         Information Disclosure     System.Net.Http 4.3.0

Vulnerabilities - Premium Data
NO-CVE                                         Medium Risk     Denial Of Service (DoS)     Newtonsoft.Json 12.0.3

Licenses
Unique Library Licenses                        8
Libraries Using GPL                            0
Libraries With High Risk License             0
Libraries With Medium Risk License             0
Libraries With Low Risk License                209
Libraries With Multiple Licenses             165
Libraries With Unassessable License            222
Libraries With Unrecognizable License         0

Issues
Issue ID     Issue Type         Severity    Description                                     Library Name & Version In Use
197387149    Vulnerability     5.0         NO-CVE: Denial Of Service (DoS)                 Newtonsoft.Json 12.0.3
197387150    Vulnerability     5.0         CVE-2018-8292: Information Disclosure             System.Net.Http 4.3.0
197387151    Vulnerability     5.0         CVE-2019-0820: Denial Of Service (DoS)            System.Text.RegularExpressions 4.3.0
197387152    Outdated Library    3.0         Latest version at scan: 5.1.1                     Castle.Core 4.4.0
197387153    Outdated Library    3.0         Latest version at scan: 6.0.0                     coverlet.collector 3.1.0
197387154    Outdated Library    3.0         Latest version at scan: 2.5.0                     DotNetEnv 2.3.0
197387155    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1    Microsoft.CodeCoverage 17.0.0
197387156    Outdated Library    3.0         Latest version at scan: 7.0.0-preview             Microsoft.IdentityModel.JsonWebTokens 6.13.1
197387157    Outdated Library    3.0         Latest version at scan: 7.0.0-preview             Microsoft.IdentityModel.Logging 6.13.1
197387158    Outdated Library    3.0         Latest version at scan: 7.0.0-preview             Microsoft.IdentityModel.Tokens 6.13.1
197387159    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1    Microsoft.NET.Test.Sdk 17.0.0
197387160    Outdated Library    3.0         Latest version at scan: 17.6.2                    Microsoft.TestPlatform.AdapterUtilities 16.11.0
197387161    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1    Microsoft.TestPlatform.ObjectModel 17.0.0
197387162    Outdated Library    3.0         Latest version at scan: 17.6.2                    Microsoft.TestPlatform.Portable 17.0.0
197387163    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1    Microsoft.TestPlatform.TestHost 17.0.0
197387164    Outdated Library    3.0         Latest version at scan: 4.18.4                    Moq 4.16.1
197387165    Outdated Library    3.0         Latest version at scan: 3.1.1                     MSTest.TestAdapter 2.2.7
197387166    Outdated Library    3.0         Latest version at scan: 3.1.1                     MSTest.TestFramework 2.2.7
197387167    Outdated Library    3.0         Latest version at scan: 13.0.3                    Newtonsoft.Json 12.0.3
197387168    Outdated Library    3.0         Latest version at scan: 6.6.1                     NuGet.Frameworks 5.0.0
197387169    Outdated Library    3.0         Latest version at scan: 3.0.0-develop-00049     Sprache 2.3.1
197387170    Outdated Library    3.0         Latest version at scan: 0.0.2                     xpntek.webapi 0.0.1
197387171    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.assert 2.4.1
197387172    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.extensibility.execution 2.4.1
197387173    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.runner.reporters 2.4.1
197387174    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.runner.utility 2.4.1
197387175    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.runner.visualstudio 2.4.3
197387176    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit 2.4.1

Full Report Details                            https://sca.analysiscenter.veracode.com/teams/700tzxWR/scans/52586197

@steven-xu-lf steven-xu-lf requested a review from lf-dfc July 25, 2023 17:02
@github-actions
Copy link
Contributor



Veraocde SCA Scan failed with exit code 0

Veracode SCA Scan details

Veracode SCA agent scanning engine ready Searching for supported projects (this may take a minute)... [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src/obj/Debug/netstandard2.0 [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src/bin/Debug/netstandard2.0/publish [DLL]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src/bin/Debug/netstandard2.0 [Jar]         Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/integration [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/tests/unit [MSBuildDotNet]Scanning /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet/src Processing results... Processing results complete

Summary Report
Scan ID                                        d4aa0898-1b88-4db7-97a8-80111fdd23e5
Scan Date & Time                             Jul 26 2023 08:34PM UTC
Account type                                 ENTERPRISE
Scan engine                                    3.8.36 (latest 3.8.36)
Analysis time                                 18 seconds
User                                         runner
Project                                        /home/runner/work/lf-repository-api-client-dotnet/lf-repository-api-client-dotnet
Package Manager(s)                             DLL, Jar, MSBuildDotNet

Open-Source Libraries
Total Libraries                                110
Direct Libraries                             17
Transitive Libraries                         99
Vulnerable Libraries                         3

Vulnerable Methods
1 vulnerable method can be reached via the code's call graph

Call Source                                                                     Method Name                                                                                         Library
Laserfiche.Repository.Api.Client.BaseClient.UpdateJsonSerializerSettings         Newtonsoft.Json.JsonSerializerSettings.set_MaxDepth(System.Nullable`1<System.Int32>)System.Void     Newtonsoft.Json : 12.0.3

Security
With Vulnerable Methods                        1
Critical Risk Vulnerabilities                 0
High Risk Vulnerabilities                     2
Medium Risk Vulnerabilities                    1
Low Risk Vulnerabilities                     0

Vulnerabilities - Public Data
CVE-2019-0820                                 High Risk         Denial Of Service (DoS)     System.Text.RegularExpressions 4.3.0
CVE-2018-8292                                 High Risk         Information Disclosure     System.Net.Http 4.3.0

Vulnerabilities - Premium Data
NO-CVE                                         Medium Risk     Denial Of Service (DoS)     Newtonsoft.Json 12.0.3

Licenses
Unique Library Licenses                        8
Libraries Using GPL                            0
Libraries With High Risk License             0
Libraries With Medium Risk License             0
Libraries With Low Risk License                118
Libraries With Multiple Licenses             89
Libraries With Unassessable License            146
Libraries With Unrecognizable License         0

Issues
Issue ID     Issue Type         Severity    Description                                        Library Name & Version In Use
197387149    Vulnerability     5.0         NO-CVE: Denial Of Service (DoS)                    Newtonsoft.Json 12.0.3
197387150    Vulnerability     5.0         CVE-2018-8292: Information Disclosure             System.Net.Http 4.3.0
197387151    Vulnerability     5.0         CVE-2019-0820: Denial Of Service (DoS)             System.Text.RegularExpressions 4.3.0
197387153    Outdated Library    3.0         Latest version at scan: 6.0.0                     coverlet.collector 3.1.0
197387154    Outdated Library    3.0         Latest version at scan: 2.5.0                     DotNetEnv 2.3.0
197387159    Outdated Library    3.0         Latest version at scan: 17.7.0-preview.23280.1     Microsoft.NET.Test.Sdk 17.0.0
197387164    Outdated Library    3.0         Latest version at scan: 4.18.4                     Moq 4.16.1
197387165    Outdated Library    3.0         Latest version at scan: 3.1.1                     MSTest.TestAdapter 2.2.7
197387166    Outdated Library    3.0         Latest version at scan: 3.1.1                     MSTest.TestFramework 2.2.7
197387167    Outdated Library    3.0         Latest version at scan: 13.0.3                     Newtonsoft.Json 12.0.3
197387175    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit.runner.visualstudio 2.4.3
197387176    Outdated Library    3.0         Latest version at scan: 2.5.0                     xunit 2.4.1
199298973    Outdated Library    3.0         Latest version at scan: 4.7.0                     Microsoft.CSharp 4.5.0
199298974    Outdated Library    3.0         Latest version at scan: 7.1.0-preview             Microsoft.IdentityModel.JsonWebTokens 6.13.1
199298975    Outdated Library    3.0         Latest version at scan: 7.1.0-preview             Microsoft.IdentityModel.Logging 6.13.1
199298976    Outdated Library    3.0         Latest version at scan: 7.1.0-preview             Microsoft.IdentityModel.Tokens 6.13.1
199298977    Outdated Library    3.0         Latest version at scan: 6.0.0-preview.4.21253.7    System.Security.Cryptography.Cng 4.5.0

Full Report Details                            https://sca.analysiscenter.veracode.com/teams/700tzxWR/scans/52948353

@steven-xu-lf steven-xu-lf merged commit 5c33beb into 1.x Jul 27, 2023
7 checks passed
@steven-xu-lf steven-xu-lf deleted the story/469678-add-veracode-scan-pipeline branch July 27, 2023 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lf-dfc lf-dfc lf-dfc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@steven-xu-lf @lf-dfc