Skip to content

Update shiftleft.yml #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nishfath wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update shiftleft.yml #18

nishfath wants to merge 1 commit into from

Conversation

@nishfath
Copy link
Owner

@nishfath nishfath commented May 1, 2025

No description provided.

@github-actions
Copy link

github-actions bot commented May 1, 2025

Qwiet LogoQwiet Logo

Checking analysis of application java-sec-code-test against 1 build rules.

Using sl version 0.9.3220 (feb27a4e847a651a8bb46636d00a78f324dd62e3).

Checking findings on scan 9.

Results per rule:

  • report: FAIL
    (557 matched vulnerabilities; configured threshold is 0).

    First 5 findings:

        ID   CVSS    Rating    CVE              Title                                                                                                                                                     
     255   10.0   critical   CVE-2018-14721   FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to b…
     547   10.0   critical   CVE-2021-44228   Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser.                                             
     554   10.0   critical   CVE-2021-44228   Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser.                                             
     661   10.0   critical   GMS-2022-559     Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework:spring-core.                            
     663   10.0   critical   GMS-2022-558     Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework:spring-beans.                           
     Severity rating   Count 
     Critical             93 
     High                205 
     Medium              149 
     Low                 108 
     Finding Type   Count 
     Oss_vuln         338 
     Vuln             217 
     Secret             2 
     OWASP 2021 Category                              Count 
     A09-Security-Logging-And-Monitoring-Failures        53 
     A03-Injection                                       52 
     A01-Broken-Access-Control                           48 
     A05-Security-Misconfiguration                       32 
     A10-Server-Side-Request-Forgery-(Ssrf)              25 
     A08-Software-And-Data-Integrity-Failures             5 
     A07-Identification-And-Authentication-Failures       1 
     A02-Cryptographic-Failures                           1 

1 rule failed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nishfath