Commit 077c7dd1 authored by Olivier Gonzalez's avatar Olivier Gonzalez

Merge branch 'update-reports' into 'master'

Update SAST reports

See merge request gitlab-examples/security/security-reports!10
parents cb44964c c9c6610d
image: alpine:latest
stages:
- test
- dast
before_script:
- export SRC_FOLDER=$([ "$CI_COMMIT_REF_SLUG" == master ] && echo "master" || echo "feature-branch")
sast:
script:
- cp -v "$CI_COMMIT_REF_SLUG"/gl-sast-report.json .
- echo "$SRC_FOLDER"
- cp -v "$SRC_FOLDER"/gl-sast-report.json .
artifacts:
paths: [gl-sast-report.json]
reports:
sast: gl-sast-report.json
dependency_scanning:
script:
- cp -v "$CI_COMMIT_REF_SLUG"/gl-dependency-scanning-report.json .
- cp -v "$SRC_FOLDER"/gl-dependency-scanning-report.json .
artifacts:
paths: [gl-dependency-scanning-report.json]
container_scanning:
script:
- cp -v "$CI_COMMIT_REF_SLUG"/gl-sast-container-report.json .
- cp -v "$SRC_FOLDER"/gl-sast-container-report.json .
artifacts:
paths: [gl-sast-container-report.json]
dast:
stage: dast
script:
- cp -v "$CI_COMMIT_REF_SLUG"/gl-dast-report.json .
- cp -v "$SRC_FOLDER"/gl-dast-report.json .
artifacts:
paths: [gl-dast-report.json]
except:
......@@ -33,6 +33,6 @@ dast:
license_management:
script:
- cp -v "$CI_COMMIT_REF_SLUG"/gl-license-management-report.json .
- cp -v "$SRC_FOLDER"/gl-license-management-report.json .
artifacts:
paths: [gl-license-management-report.json]
\ No newline at end of file
This diff is collapsed.
[
{
"priority": "High",
"line": "19",
"file": "subdir/src/main/java/com/gitlab/security_products/tests/App.java",
"cve": "234523453453243334fb4c0234534374:INSECURE_VARIABLE",
"message": "Insecure variable usage",
"category": "sast",
"name": "Cipher with no integrity",
"message": "Cipher with no integrity",
"description": "The cipher does not provide data integrity",
"cve": "e6449b89335daf53c0db4c0219bc1634:CIPHER_INTEGRITY",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-CIPHER_INTEGRITY",
"value": "CIPHER_INTEGRITY",
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY"
},
{
"type": "cwe",
"name": "CWE-353",
"value": "353",
"url": "https://cwe.mitre.org/data/definitions/353.html"
}
],
"priority": "Medium",
"file": "src/main/java/com/gitlab/security_products/tests/App.java",
"line": 29,
"url": "https://find-sec-bugs.github.io/bugs.htm#CIPHER_INTEGRITY",
"tool": "find_sec_bugs"
},
{
"category": "sast",
"name": "ECB mode is insecure",
"message": "ECB mode is insecure",
"description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data",
"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE",
"severity": "Medium",
"confidence": "High",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 29,
"end_line": 29,
"class": "com.gitlab.security_products.tests.App",
"method": "insecureCypher"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-ECB_MODE",
"value": "ECB_MODE",
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE"
},
{
"type": "cwe",
"name": "CWE-327",
"value": "327",
"url": "https://cwe.mitre.org/data/definitions/327.html"
}
],
"priority": "Medium",
"line": "29",
"file": "subdir/src/main/java/com/gitlab/security_products/tests/App.java",
"cve": "e6449b89335daf53c0db4c0219bc1634:CIPHER_INTEGRITY",
"message": "Cipher with no integrity",
"file": "src/main/java/com/gitlab/security_products/tests/App.java",
"line": 29,
"url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE",
"tool": "find_sec_bugs"
},
{
"category": "sast",
"name": "Predictable pseudorandom number generator",
"message": "Predictable pseudorandom number generator",
"description": "The use of java.util.Random is predictable",
"cve": "e8ff1d01f74cd372f78da8f5247d3e73:PREDICTABLE_RANDOM",
"severity": "Medium",
"confidence": "Medium",
"scanner": {
"id": "find_sec_bugs",
"name": "Find Security Bugs"
},
"location": {
"file": "src/main/java/com/gitlab/security_products/tests/App.java",
"start_line": 41,
"end_line": 41,
"class": "com.gitlab.security_products.tests.App",
"method": "generateSecretToken1"
},
"identifiers": [
{
"type": "find_sec_bugs_type",
"name": "Find Security Bugs-PREDICTABLE_RANDOM",
"value": "PREDICTABLE_RANDOM",
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM"
},
{
"type": "cwe",
"name": "CWE-330",
"value": "330",
"url": "https://cwe.mitre.org/data/definitions/330.html"
}
],
"priority": "Medium",
"line": "29",
"file": "subdir/src/main/java/com/gitlab/security_products/tests/App.java",
"cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE",
"message": "ECB mode is insecure",
"file": "src/main/java/com/gitlab/security_products/tests/App.java",
"line": 41,
"url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM",
"tool": "find_sec_bugs"
}
]
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment