Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Policy violation Binary Artifacts #1458

Open
google-allstar-prod bot opened this issue Dec 15, 2022 · 29 comments
Open

Security Policy violation Binary Artifacts #1458

google-allstar-prod bot opened this issue Dec 15, 2022 · 29 comments
Labels

Comments

@google-allstar-prod
Copy link

This issue was automatically created by Allstar.

Security Policy Violation
Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.


Allstar has been installed on all Google managed GitHub orgs. Policies are gradually being rolled out and enforced by the GOSST and OSPO teams. Learn more at http://go/allstar

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

1 similar comment
@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@johnynek
Copy link
Member

This is rather annoying since those jars are there to test the rules.

It would be a bit annoying to hack around this lint by renaming the extensions and then have some rule apply the extension before running the tests.

@srdo
Copy link

srdo commented Dec 19, 2022

Would have been nice if whoever enabled this also sent out communication about it. The http://go/allstar link is dead, am assuming it's an internal Google link?

Do jars used only in tests matter, or should they be considered false positives? If they don't matter, I think specific files can be excluded from the check.

https://github.com/ossf/allstar/#policies

https://pkg.go.dev/github.com/ossf/allstar/pkg/policies/binary#RepoConfig

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

22 similar comments
@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

@meisam
Copy link
Contributor

meisam commented Jan 22, 2023

Is it possible to build the jars from source?

@google-allstar-prod
Copy link
Author

Updating issue after ping interval. See its status below.


Project is out of compliance with Binary Artifacts policy: binaries present in source code

Rule Description
Binary Artifacts are an increased security risk in your repository. Binary artifacts cannot be reviewed, allowing the introduction of possibly obsolete or maliciously subverted executables. For more information see the Security Scorecards Documentation for Binary Artifacts.

Remediation Steps
To remediate, remove the generated executable artifacts from the repository.

First 10 Artifacts Found

  • test/example_jars/example_jar1.jar
  • test/example_jars/example_jar2.jar
  • test/fake_sig.jar
  • test/src/main/resources/scalarules/test/hellos-and-byes.jar
  • test/src/main/scala/scalarules/test/scala_import/nl/scala_import_never_link.jar
  • test/src/main/scala/scalarules/test/scala_import/relate_2.11-2.1.1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare-thrift.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_1/bare-thrift-1.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/bare_jar_thrifts/bare_jar_2/bare-thrift-2.jar
  • test/src/main/scala/scalarules/test/twitter_scrooge/thrift/thrift2/thrift3/thrift3_scrooge.jar
  • Run a Scorecards scan to see full list.

Additional Information
This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants