Add Critical Severity - AST 21466 #644
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pedrompflopes
requested review from
a team,
pedrompflopes and
hmmachadocx
and removed request for
a team
|
Policy Management Violations
No New Or Fixed Issues Found |
hmmachadocx
approved these changes
Jan 23, 2024
* adding minio feature flag (#646) * Rename gpt fix (#648) * Add "*.cmp" extension (#647) * Bump github.com/google/uuid from 1.5.0 to 1.6.0 (#650) Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](google/uuid@v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Sast results analysis (#645) * Add result show --prioritize-sast flag & implementation * Fix linter errors * Add tests and fix linter * Change prioritize-sast help text and priority values * Fix line-too-long lint issue * Update result integration test for --prioritize-sast * Change prioritize-sast to sast-prioritization * Change UnknownReference to a more informational value * Chage sast-prioritization to sast-redundancy * Add newlines to response if necessary * Fix lint errors in new code * Refactor for better coverage on chat-sast code * initialize array (#651) * AST-35649 | fix ast-cli vulnerabilities (#655) * fix vulnerabilities * fix vulnerabilities * fix vulnerabilities * fix vulnerabilities * fix vulnerabilities * alpine:3.17.0 * 19 * sha * kics vulnerabilities * kics and lint problems * delete if * ignore 0666 number * fix vulnerabilities * permission const * 666 * AST-34271 | improve result summary table in cli (#656) * AST-34271 | improve result summary table in cli * AST-34271 | fixing pr decoration test * AST-34271 | fixing triage test, removing uneeded project remove * AST-34271 | solve getRoot function test bugs * Update release.yml (#660) * remove sca optin from scan log description (#661) * remove sca option from scan log description * AST-35664 | Enhance AI Guided Remediation answers (#662) * AST-35664 | Enhance AI Guided Remediation answers * AST-35664 | improved test readability * Encode client ID and secret (#654) * Add policy violation to PR/MR decoration (#643) * AST-35640 | Create Groups Assignment (#663) * create groups assignment * lint * lint issues * import order * import order * do not send groups when FF = on * code review * lint issues * load feature flags * Or review fixes * Integration Tests * Integration Tests-update project * groups.go * lint * fix PrintIfVerbose * fix PrintfIfVerbose * findGroupByName fix * fix nul error in find group * fixing linter --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> Co-authored-by: tiagobcx <[email protected]> * CLI | Support the application-name flag and add association to the project (AST-35636 , AST-35637) (#664) * Add application name flag * fixes * AST-35637 | add project association to application functionality * Renamed integration test * AST-35637 | added create project with app-name test * added NoPermissionApp case * Added constants to mock flags and error messages * added test * passing application Id to project * AST-35637 | added unit tests for create scan/project under application * Added integration tests + handling of forbidden status * extracted fail message to const + handled error model * AST-35637 | handle 403 status code in update and create project * AST-35637 | fix github linter applicationId param * AST-35637 | initialize projModel applicationIds in updateProject func * AST-35637 | fix github linter problem - change Id to ID * AST-35637 | fix github linter problem - change Id to ID * removed ErroModelUsage + formatting errors * AST-35637 | fix github linter problem - shadowing errors * AST-35637 | fix github linter problem - shadowing errors * AST-35637 | fix github linter problem - change package applicationErrors to applicationerrors * AST-35637 | fix github linter problem - change FakeHttpStatus to FakeHTTPStatus * AST-35637 | fix github linter problem * AST-35637 | fix integration tests * AST-35637 | add checked returned error when deffering * AST-35637 | fix tests * AST-35637 | go linter imports order * AST-35637 | make createApplicationIds func more readable * reduced the limit count * fix * fixes * AST-35637 | change prameter type of applicationId from string to []string * AST-35637 | resolved conflict * AST-35637 | resolved github linter errors --------- Co-authored-by: checkmarx-kobi-hagmi <[email protected]> Co-authored-by: AlvoBen <[email protected]> * AST-36339 | enable Ai Guided Remediation only if the tenant has permission (#666) * enable Ai Guided Remediation only if the tenant has permission * trigger unit test * fix test * hide chat command from help (#668) * Update Get Application by Name with Exact Match and Update Permissions Log Message (AST-36823) (#669) * the application name passed to application-name flag must match application name exactly * Changed ApplicationDoesntExist and ApplicationNoPermission to ApplicationDoesntExistOrNoPermission * Fixed lint error --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> * AST-36690 | cleanup integration test (#671) * fix test * fix test * names * crypto * crypto * adding assert * adding application ids to project creation print --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> * Update Confidence Description (AST-37132) (#676) * Update Confidence Description (AST-37132) * Update Confidence Description (AST-37132) * fix tests * Fix "About this vulnerability" link Fix "About this vulnerability" link * Update result.go * Update result.go * Add Directory.Packages.props for Nuget Central Package Management (#652) * Update filters.go Added Directory.Packages.props file used by Nuget Central Package Management for dependency management in SCA * Fixed linting issue --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> * Update CI.yml to Use GitLab Env Vars (#681) * Update CI.yml to Use GitLab Env Vars * Update CI.yml to Use GitLab Env Vars * Update CI.yml to Use GitLab Env Vars * AST-37225 Shared Containers Constants (#684) * AST-37225 const * containers type --------- Co-authored-by: Or Shamir Checkmarx <[email protected]> * Bump alpine from 3.19.0 to 3.19.1 (#649) Bumps alpine from 3.19.0 to 3.19.1. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pedro Lopes <[email protected]> Co-authored-by: Or Shamir Checkmarx <[email protected]> * update-gon-test (#686) * Update gonMac.hcl * Update release.yml * Update gonMac.hcl * Update gonMac.hcl * Update gonMac.hcl * Update gonMac.hcl * Update gonMac.hcl * Update gonMac.hcl * Update result_test.go fix test * Update result_test.go * CLI | Add Missing PackageManager Types (AST-38138) (#691) * add package manager types * add unit test * Change createDependencyMapFromDependencyResolution signature to fix linter errors * fix lint errors * Resolve pr review conversation --------- Co-authored-by: AlvoBen <[email protected]> * changes after merge and testcases --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Tiago Baptista <[email protected]> Co-authored-by: Margarita <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ittai Gilat <[email protected]> Co-authored-by: Pedro Lopes <[email protected]> Co-authored-by: tamarleviCm <[email protected]> Co-authored-by: AlvoBen <[email protected]> Co-authored-by: Or Shamir Checkmarx <[email protected]> Co-authored-by: tiagobcx <[email protected]> Co-authored-by: checkmarx-kobi-hagmi <[email protected]> Co-authored-by: AlvoBen <[email protected]> Co-authored-by: checkmarx-kobi-hagmi <[email protected]> Co-authored-by: elchananarb <[email protected]> Co-authored-by: Phillip Dade <[email protected]> Co-authored-by: elchananarb <[email protected]>
This reverts commit 9aab42e.
OrShamirCM
reviewed
May 28, 2024
OrShamirCM
changed the title
OrShamirCM
reviewed
May 29, 2024
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 11482443 | Triggered | Generic Password | 362f464 | test/integration/data/python-vul-file.py | View secret |
| 11482443 | Triggered | Generic Password | 362f464 | internal/commands/data/python-vul-file.py | View secret |
| 11482444 | Triggered | Username Password | 362f464 | internal/commands/data/python-vul-file.py | View secret |
| 11482444 | Triggered | Username Password | 362f464 | test/integration/data/python-vul-file.py | View secret |
| 11482445 | Triggered | Generic Password | 362f464 | test/integration/data/python-vul-file.py | View secret |
| 11482445 | Triggered | Generic Password | 362f464 | internal/commands/data/python-vul-file.py | View secret |
| 11482446 | Triggered | Generic Password | 362f464 | internal/commands/data/python-vul-file.py | View secret |
| 11482446 | Triggered | Generic Password | 362f464 | test/integration/data/python-vul-file.py | View secret |
| 11482448 | Triggered | Generic Password | 362f464 | test/integration/data/python-vul-file.py | View secret |
| 11482448 | Triggered | Generic Password | 362f464 | internal/commands/data/python-vul-file.py | View secret |
| 11482449 | Triggered | Generic Password | 362f464 | test/integration/data/python-vul-file.py | View secret |
| 11482449 | Triggered | Generic Password | 362f464 | internal/commands/data/python-vul-file.py | View secret |
| 11482450 | Triggered | Generic Password | 362f464 | internal/commands/data/python-vul-file.py | View secret |
| 11482450 | Triggered | Generic Password | 362f464 | test/integration/data/python-vul-file.py | View secret |
| 11482451 | Triggered | Generic Password | 362f464 | test/integration/data/python-vul-file.py | View secret |
| 11482451 | Triggered | Generic Password | 362f464 | internal/commands/data/python-vul-file.py | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
tamarleviCm
requested changes
Jul 17, 2024
tamarleviCm
reviewed
Jul 18, 2024
OrShamirCM
reviewed
Jul 25, 2024
| @@ -614,7 +625,7 @@ func summaryReport( | |||
| summary.Policies = filterViolatedRules(*policies) | |||
| } | |||
|
|
|||
| enhanceWithScanSummary(summary, results) | |||
| enhanceWithScanSummary(summary, results, featureFlagsWrapper) | |||
|
|
|||
There was a problem hiding this comment.
do we count api security critical severity? i saw that we found it in line 659, right?
OrShamirCM
reviewed
Jul 25, 2024
There was a problem hiding this comment.
?Do we need to support thershold with critical severity too?
@pedrompflopes @tiagobcx
tamarleviCm
approved these changes
Jul 31, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
References
Testing
Checklist