-
-
Save AntonOellerer/d1b98c8ffe21be35c5e02e15ef5cc8dc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2023-01-25T15:38:33.6575712Z ##[group]Run dependency-check/Dependency-Check_Action@main | |
2023-01-25T15:38:33.6576216Z with: | |
2023-01-25T15:38:33.6576659Z project: s3-metadata-tagger | |
2023-01-25T15:38:33.6577079Z path: . | |
2023-01-25T15:38:33.6577467Z format: HTML | |
2023-01-25T15:38:33.6578009Z args: --failOnCVSS 6 --exclude '**/examples/*' | |
2023-01-25T15:38:33.6578348Z out: reports | |
2023-01-25T15:38:33.6578644Z env: | |
2023-01-25T15:38:33.6579167Z GITHUB_TOKEN: *** | |
2023-01-25T15:38:33.6581961Z pythonLocation: /opt/hostedtoolcache/Python/3.9.13/x64 | |
2023-01-25T15:38:33.6584241Z PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.9.13/x64/lib/pkgconfig | |
2023-01-25T15:38:33.6584792Z Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64 | |
2023-01-25T15:38:33.6585216Z Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64 | |
2023-01-25T15:38:33.6585798Z Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64 | |
2023-01-25T15:38:33.6586575Z LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.9.13/x64/lib | |
2023-01-25T15:38:33.6587000Z ##[endgroup] | |
2023-01-25T15:38:33.7009907Z ##[command]/usr/bin/docker run --name c3e3b23bedb264989a6a0edf2fff01210_d44b26 --label 49859c --workdir /github/workspace --rm -e "GITHUB_TOKEN" -e "pythonLocation" -e "PKG_CONFIG_PATH" -e "Python_ROOT_DIR" -e "Python2_ROOT_DIR" -e "Python3_ROOT_DIR" -e "LD_LIBRARY_PATH" -e "INPUT_PROJECT" -e "INPUT_PATH" -e "INPUT_FORMAT" -e "INPUT_ARGS" -e "INPUT_OUT" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/s3-metadata-tagger-lib/s3-metadata-tagger-lib":"/github/workspace" 49859c:3e3b23bedb264989a6a0edf2fff01210 "--project" "s3-metadata-tagger" "--scan" "." "--format" "HTML" "--out" "/github/workspace/reports" "--noupdate" "--failOnCVSS 6 --exclude '**/examples/*' | |
" | |
2023-01-25T15:38:36.4702464Z [INFO] | |
2023-01-25T15:38:36.4702762Z | |
2023-01-25T15:38:36.4706074Z Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. | |
2023-01-25T15:38:36.4707484Z | |
2023-01-25T15:38:36.4707494Z | |
2023-01-25T15:38:36.4707785Z About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html | |
2023-01-25T15:38:36.4708718Z False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html | |
2023-01-25T15:38:36.4709043Z | |
2023-01-25T15:38:36.4709366Z 💖 Sponsor: https://github.com/sponsors/jeremylong | |
2023-01-25T15:38:36.4709863Z | |
2023-01-25T15:38:36.4709880Z | |
2023-01-25T15:38:36.4710039Z [INFO] Analysis Started | |
2023-01-25T15:38:36.4841663Z [INFO] Finished File Name Analyzer (0 seconds) | |
2023-01-25T15:38:36.4916094Z [WARN] Analyzing `/github/workspace/examples/serverless-triggered/package-lock.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check | |
2023-01-25T15:38:36.4934168Z [INFO] Finished Node.js Package Analyzer (0 seconds) | |
2023-01-25T15:38:36.4985996Z [INFO] Finished Dependency Merging Analyzer (0 seconds) | |
2023-01-25T15:38:36.5007069Z [INFO] Finished Version Filter Analyzer (0 seconds) | |
2023-01-25T15:38:36.6410293Z [INFO] Finished Hint Analyzer (0 seconds) | |
2023-01-25T15:38:39.8486385Z [INFO] Created CPE Index (3 seconds) | |
2023-01-25T15:38:40.3106741Z [INFO] Finished CPE Analyzer (3 seconds) | |
2023-01-25T15:38:40.3231209Z [INFO] Finished False Positive Analyzer (0 seconds) | |
2023-01-25T15:38:40.3258829Z [INFO] Finished NVD CVE Analyzer (0 seconds) | |
2023-01-25T15:38:41.5069517Z [INFO] Finished Node Audit Analyzer (1 seconds) | |
2023-01-25T15:38:41.8499931Z [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) | |
2023-01-25T15:38:41.8620320Z [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) | |
2023-01-25T15:38:41.8895694Z [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) | |
2023-01-25T15:38:41.8920460Z [INFO] Finished Dependency Bundling Analyzer (0 seconds) | |
2023-01-25T15:38:41.8951846Z [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) | |
2023-01-25T15:38:41.9002380Z [INFO] Analysis Complete (5 seconds) | |
2023-01-25T15:38:42.0182273Z [INFO] Writing report to: /github/workspace/reports/dependency-check-report.html | |
2023-01-25T15:38:42.2878400Z [ERROR] | |
2023-01-25T15:38:42.2878712Z | |
2023-01-25T15:38:42.2879608Z One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '6.0': | |
2023-01-25T15:38:42.2880138Z | |
2023-01-25T15:38:42.2880495Z package-lock.json?cookiejar: CVE-2022-25901(7.5), 1088659(6.9) | |
2023-01-25T15:38:42.2881009Z package-lock.json?qs: 1088643(10.0), CVE-2022-24999(7.5) | |
2023-01-25T15:38:42.2881606Z package-lock.json?simple-git: 1085772(10.0), CVE-2022-25912(9.8) | |
2023-01-25T15:38:42.2881861Z | |
2023-01-25T15:38:42.2882143Z See the dependency-check report for more details. | |
2023-01-25T15:38:42.2882388Z | |
2023-01-25T15:38:42.2882395Z |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment