Skip to content

Instantly share code, notes, and snippets.

@AntonOellerer
Created January 30, 2023 10:49
Show Gist options
  • Save AntonOellerer/d1b98c8ffe21be35c5e02e15ef5cc8dc to your computer and use it in GitHub Desktop.
Save AntonOellerer/d1b98c8ffe21be35c5e02e15ef5cc8dc to your computer and use it in GitHub Desktop.
2023-01-25T15:38:33.6575712Z ##[group]Run dependency-check/Dependency-Check_Action@main
2023-01-25T15:38:33.6576216Z with:
2023-01-25T15:38:33.6576659Z project: s3-metadata-tagger
2023-01-25T15:38:33.6577079Z path: .
2023-01-25T15:38:33.6577467Z format: HTML
2023-01-25T15:38:33.6578009Z args: --failOnCVSS 6 --exclude '**/examples/*'
2023-01-25T15:38:33.6578348Z out: reports
2023-01-25T15:38:33.6578644Z env:
2023-01-25T15:38:33.6579167Z GITHUB_TOKEN: ***
2023-01-25T15:38:33.6581961Z pythonLocation: /opt/hostedtoolcache/Python/3.9.13/x64
2023-01-25T15:38:33.6584241Z PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.9.13/x64/lib/pkgconfig
2023-01-25T15:38:33.6584792Z Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
2023-01-25T15:38:33.6585216Z Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
2023-01-25T15:38:33.6585798Z Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
2023-01-25T15:38:33.6586575Z LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.9.13/x64/lib
2023-01-25T15:38:33.6587000Z ##[endgroup]
2023-01-25T15:38:33.7009907Z ##[command]/usr/bin/docker run --name c3e3b23bedb264989a6a0edf2fff01210_d44b26 --label 49859c --workdir /github/workspace --rm -e "GITHUB_TOKEN" -e "pythonLocation" -e "PKG_CONFIG_PATH" -e "Python_ROOT_DIR" -e "Python2_ROOT_DIR" -e "Python3_ROOT_DIR" -e "LD_LIBRARY_PATH" -e "INPUT_PROJECT" -e "INPUT_PATH" -e "INPUT_FORMAT" -e "INPUT_ARGS" -e "INPUT_OUT" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/s3-metadata-tagger-lib/s3-metadata-tagger-lib":"/github/workspace" 49859c:3e3b23bedb264989a6a0edf2fff01210 "--project" "s3-metadata-tagger" "--scan" "." "--format" "HTML" "--out" "/github/workspace/reports" "--noupdate" "--failOnCVSS 6 --exclude '**/examples/*'
"
2023-01-25T15:38:36.4702464Z [INFO]
2023-01-25T15:38:36.4702762Z
2023-01-25T15:38:36.4706074Z Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
2023-01-25T15:38:36.4707484Z
2023-01-25T15:38:36.4707494Z
2023-01-25T15:38:36.4707785Z About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
2023-01-25T15:38:36.4708718Z False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
2023-01-25T15:38:36.4709043Z
2023-01-25T15:38:36.4709366Z 💖 Sponsor: https://github.com/sponsors/jeremylong
2023-01-25T15:38:36.4709863Z
2023-01-25T15:38:36.4709880Z
2023-01-25T15:38:36.4710039Z [INFO] Analysis Started
2023-01-25T15:38:36.4841663Z [INFO] Finished File Name Analyzer (0 seconds)
2023-01-25T15:38:36.4916094Z [WARN] Analyzing `/github/workspace/examples/serverless-triggered/package-lock.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
2023-01-25T15:38:36.4934168Z [INFO] Finished Node.js Package Analyzer (0 seconds)
2023-01-25T15:38:36.4985996Z [INFO] Finished Dependency Merging Analyzer (0 seconds)
2023-01-25T15:38:36.5007069Z [INFO] Finished Version Filter Analyzer (0 seconds)
2023-01-25T15:38:36.6410293Z [INFO] Finished Hint Analyzer (0 seconds)
2023-01-25T15:38:39.8486385Z [INFO] Created CPE Index (3 seconds)
2023-01-25T15:38:40.3106741Z [INFO] Finished CPE Analyzer (3 seconds)
2023-01-25T15:38:40.3231209Z [INFO] Finished False Positive Analyzer (0 seconds)
2023-01-25T15:38:40.3258829Z [INFO] Finished NVD CVE Analyzer (0 seconds)
2023-01-25T15:38:41.5069517Z [INFO] Finished Node Audit Analyzer (1 seconds)
2023-01-25T15:38:41.8499931Z [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
2023-01-25T15:38:41.8620320Z [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
2023-01-25T15:38:41.8895694Z [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
2023-01-25T15:38:41.8920460Z [INFO] Finished Dependency Bundling Analyzer (0 seconds)
2023-01-25T15:38:41.8951846Z [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
2023-01-25T15:38:41.9002380Z [INFO] Analysis Complete (5 seconds)
2023-01-25T15:38:42.0182273Z [INFO] Writing report to: /github/workspace/reports/dependency-check-report.html
2023-01-25T15:38:42.2878400Z [ERROR]
2023-01-25T15:38:42.2878712Z
2023-01-25T15:38:42.2879608Z One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '6.0':
2023-01-25T15:38:42.2880138Z
2023-01-25T15:38:42.2880495Z package-lock.json?cookiejar: CVE-2022-25901(7.5), 1088659(6.9)
2023-01-25T15:38:42.2881009Z package-lock.json?qs: 1088643(10.0), CVE-2022-24999(7.5)
2023-01-25T15:38:42.2881606Z package-lock.json?simple-git: 1085772(10.0), CVE-2022-25912(9.8)
2023-01-25T15:38:42.2881861Z
2023-01-25T15:38:42.2882143Z See the dependency-check report for more details.
2023-01-25T15:38:42.2882388Z
2023-01-25T15:38:42.2882395Z
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment