Skip to content

Integrating with Checkmarx One #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Integrating with Checkmarx One #4

wants to merge 1 commit into from

Conversation

@jruizcampos
Copy link
Owner

@jruizcampos jruizcampos commented Jun 1, 2023

This is an example of Pull Request with Checkmarx One integrated

@jruizcampos
Copy link
Owner Author

jruizcampos commented Jun 2, 2023

Logo
Checkmarx One – Scan Summary & Details9fa730c6-e423-45f4-bcca-bcfbc36d2879

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2021-3807 Npm-ansi-regex-2.1.1 Vulnerable Package
HIGH CVE-2022-24433 Npm-simple-git-2.48.0 Vulnerable Package
HIGH CVE-2023-32695 Npm-socket.io-parser-3.3.3 Vulnerable Package
HIGH Cx89601373-08db Npm-debug-3.1.0 Vulnerable Package
HIGH Cx89601373-08db Npm-debug-2.6.9 Vulnerable Package
HIGH Cx8bc4df28-fcf5 Npm-debug-4.3.4 Vulnerable Package
HIGH Cx8bc4df28-fcf5 Npm-debug-3.1.0 Vulnerable Package
HIGH Cx8bc4df28-fcf5 Npm-debug-2.6.9 Vulnerable Package
HIGH Cxdca8e59f-8bfe Npm-inflight-1.0.6 Vulnerable Package
HIGH Cxf6e7f2c1-dc59 Npm-yauzl-2.10.0 Vulnerable Package
HIGH Default Security Groups With Unrestricted Traffic /main.tf: 15 Check if default security group does not restrict all inbound and outbound traffic.
HIGH EC2 Instance Has Public IP /main.tf: 87 EC2 Instance should not have a public IP address.
HIGH S3 Bucket SSE Disabled /main.tf: 113 If algorithm is AES256 then the master key is null, empty or undefined, otherwise the master key is required
HIGH S3 Bucket SSE Disabled /main.tf: 98 If algorithm is AES256 then the master key is null, empty or undefined, otherwise the master key is required
HIGH S3 Bucket Without Enabled MFA Delete /main.tf: 113 S3 bucket without MFA Delete Enabled. MFA delete cannot be enabled through Terraform, it can be done by adding a MFA device (https://docs.aws.amazo...
HIGH S3 Bucket Without Enabled MFA Delete /main.tf: 98 S3 bucket without MFA Delete Enabled. MFA delete cannot be enabled through Terraform, it can be done by adding a MFA device (https://docs.aws.amazo...
HIGH Second_Order_SQL_Injection /todos/update.py: 12 Attack Vector
HIGH Serverless Function Environment Variables Not Encrypted /serverless.yml: 54 Serverless Function should encrypt environment variables
HIGH Serverless Function Environment Variables Not Encrypted /serverless.yml: 78 Serverless Function should encrypt environment variables
HIGH Serverless Function Environment Variables Not Encrypted /serverless.yml: 38 Serverless Function should encrypt environment variables
HIGH Serverless Function Environment Variables Not Encrypted /serverless.yml: 70 Serverless Function should encrypt environment variables
HIGH Serverless Function Environment Variables Not Encrypted /serverless.yml: 62 Serverless Function should encrypt environment variables
HIGH Serverless Function Environment Variables Not Encrypted /serverless.yml: 46 Serverless Function should encrypt environment variables
HIGH VPC Default Security Group Accepts All Traffic /main.tf: 18 Default Security Group attached to every VPC should restrict all traffic
HIGH VPC Default Security Group Accepts All Traffic /main.tf: 25 Default Security Group attached to every VPC should restrict all traffic
MEDIUM CVE-2021-23566 Npm-nanoid-2.1.11 Vulnerable Package
MEDIUM CVE-2022-33987 Npm-got-9.6.0 Vulnerable Package
MEDIUM CVE-2022-36313 Npm-file-type-6.2.0 Vulnerable Package
MEDIUM CVE-2022-36313 Npm-file-type-5.2.0 Vulnerable Package
MEDIUM CVE-2022-36313 Npm-file-type-4.4.0 Vulnerable Package
MEDIUM CVE-2022-36313 Npm-file-type-3.9.0 Vulnerable Package
MEDIUM Cx366abb53-9fde Npm-es5-ext-0.10.62 Vulnerable Package
MEDIUM Cx435a6fda-ca38 Npm-commander-2.19.0 Vulnerable Package
MEDIUM Cx65603961-769c Npm-debug-3.1.0 Vulnerable Package
MEDIUM Cx65603961-769c Npm-debug-2.6.9 Vulnerable Package
MEDIUM Default VPC Exists /main.tf: 9 It isn't recommended to use resources in default VPC
MEDIUM Instance With No VPC /main.tf: 87 EC2 Instances should be configured under a VPC network. AWS VPCs provide the controls to facilitate a formal process for approving and testing all ...
MEDIUM S3 Bucket Logging Disabled /main.tf: 98 Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
MEDIUM S3 Bucket Logging Disabled /main.tf: 113 Server Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
MEDIUM S3 Bucket Without Versioning /main.tf: 98 S3 bucket should have versioning enabled
MEDIUM S3 Bucket Without Versioning /main.tf: 113 S3 bucket should have versioning enabled
MEDIUM Serverless API Endpoint Config Not Private /serverless.yml: 7 Serverless should have endpointType set to 'PRIVATE'. This way, it's not exposed to the public internet
MEDIUM Serverless Function Without Tags /serverless.yml: 54 Serverless Function should be have associated tags
MEDIUM Serverless Function Without Tags /serverless.yml: 46 Serverless Function should be have associated tags
MEDIUM Serverless Function Without Tags /serverless.yml: 38 Serverless Function should be have associated tags
MEDIUM Serverless Function Without Tags /serverless.yml: 62 Serverless Function should be have associated tags
MEDIUM Serverless Function Without Tags /serverless.yml: 78 Serverless Function should be have associated tags
MEDIUM Serverless Function Without Tags /serverless.yml: 70 Serverless Function should be have associated tags
MEDIUM Serverless Function Without Unique IAM Role /serverless.yml: 78 Serverless Function should not share IAM Role to ensure it will have the minimum privileges needed to perform the required tasks
MEDIUM Serverless Function Without Unique IAM Role /serverless.yml: 54 Serverless Function should not share IAM Role to ensure it will have the minimum privileges needed to perform the required tasks
MEDIUM Serverless Function Without Unique IAM Role /serverless.yml: 70 Serverless Function should not share IAM Role to ensure it will have the minimum privileges needed to perform the required tasks
MEDIUM Serverless Function Without Unique IAM Role /serverless.yml: 62 Serverless Function should not share IAM Role to ensure it will have the minimum privileges needed to perform the required tasks
MEDIUM Serverless Function Without Unique IAM Role /serverless.yml: 46 Serverless Function should not share IAM Role to ensure it will have the minimum privileges needed to perform the required tasks
MEDIUM Serverless Function Without Unique IAM Role /serverless.yml: 38 Serverless Function should not share IAM Role to ensure it will have the minimum privileges needed to perform the required tasks
LOW Cxda14f253-4e52 Npm-bluebird-3.7.2 Vulnerable Package
LOW IAM Access Analyzer Not Enabled /main.tf: 9 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
LOW Serverless Function Without Dead Letter Queue /serverless.yml: 54 Serverless Function should be configured for a Dead Letter Queue(DLQ). A Dead Letter Queue(DLQ) can be set up in 'onError' config parameter
LOW Serverless Function Without Dead Letter Queue /serverless.yml: 70 Serverless Function should be configured for a Dead Letter Queue(DLQ). A Dead Letter Queue(DLQ) can be set up in 'onError' config parameter
LOW Serverless Function Without Dead Letter Queue /serverless.yml: 62 Serverless Function should be configured for a Dead Letter Queue(DLQ). A Dead Letter Queue(DLQ) can be set up in 'onError' config parameter
LOW Serverless Function Without Dead Letter Queue /serverless.yml: 46 Serverless Function should be configured for a Dead Letter Queue(DLQ). A Dead Letter Queue(DLQ) can be set up in 'onError' config parameter
LOW Serverless Function Without Dead Letter Queue /serverless.yml: 78 Serverless Function should be configured for a Dead Letter Queue(DLQ). A Dead Letter Queue(DLQ) can be set up in 'onError' config parameter
LOW Serverless Function Without Dead Letter Queue /serverless.yml: 38 Serverless Function should be configured for a Dead Letter Queue(DLQ). A Dead Letter Queue(DLQ) can be set up in 'onError' config parameter
LOW Serverless Function Without X-Ray Tracing /serverless.yml: 54 Serverless Function should have Tracing enabled. For this, property 'tracing' should have the value 'Active'
LOW Serverless Function Without X-Ray Tracing /serverless.yml: 62 Serverless Function should have Tracing enabled. For this, property 'tracing' should have the value 'Active'
LOW Serverless Function Without X-Ray Tracing /serverless.yml: 46 Serverless Function should have Tracing enabled. For this, property 'tracing' should have the value 'Active'
LOW Serverless Function Without X-Ray Tracing /serverless.yml: 38 Serverless Function should have Tracing enabled. For this, property 'tracing' should have the value 'Active'
LOW Serverless Function Without X-Ray Tracing /serverless.yml: 78 Serverless Function should have Tracing enabled. For this, property 'tracing' should have the value 'Active'
LOW Serverless Function Without X-Ray Tracing /serverless.yml: 70 Serverless Function should have Tracing enabled. For this, property 'tracing' should have the value 'Active'

@jruizcampos jruizcampos self-assigned this Jun 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jruizcampos jruizcampos

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jruizcampos