AntonOellerer/6_Run owasp dependency check.txt Secret

## 6_Run owasp dependency check.txt
2023-01-25T15:38:33.6575712Z ##[group]Run dependency-check/Dependency-Check_Action@main
2023-01-25T15:38:33.6576216Z with:
2023-01-25T15:38:33.6576659Z   project: s3-metadata-tagger
2023-01-25T15:38:33.6577079Z   path: .
2023-01-25T15:38:33.6577467Z   format: HTML
2023-01-25T15:38:33.6578009Z   args: --failOnCVSS 6 --exclude '**/examples/*'

2023-01-25T15:38:33.6578348Z   out: reports
2023-01-25T15:38:33.6578644Z env:
2023-01-25T15:38:33.6579167Z   GITHUB_TOKEN: ***
2023-01-25T15:38:33.6581961Z   pythonLocation: /opt/hostedtoolcache/Python/3.9.13/x64
2023-01-25T15:38:33.6584241Z   PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.9.13/x64/lib/pkgconfig
2023-01-25T15:38:33.6584792Z   Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
2023-01-25T15:38:33.6585216Z   Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
2023-01-25T15:38:33.6585798Z   Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
2023-01-25T15:38:33.6586575Z   LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.9.13/x64/lib
2023-01-25T15:38:33.6587000Z ##[endgroup]
2023-01-25T15:38:33.7009907Z ##[command]/usr/bin/docker run --name c3e3b23bedb264989a6a0edf2fff01210_d44b26 --label 49859c --workdir /github/workspace --rm -e "GITHUB_TOKEN" -e "pythonLocation" -e "PKG_CONFIG_PATH" -e "Python_ROOT_DIR" -e "Python2_ROOT_DIR" -e "Python3_ROOT_DIR" -e "LD_LIBRARY_PATH" -e "INPUT_PROJECT" -e "INPUT_PATH" -e "INPUT_FORMAT" -e "INPUT_ARGS" -e "INPUT_OUT" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/s3-metadata-tagger-lib/s3-metadata-tagger-lib":"/github/workspace" 49859c:3e3b23bedb264989a6a0edf2fff01210  "--project" "s3-metadata-tagger" "--scan" "." "--format" "HTML" "--out" "/github/workspace/reports" "--noupdate" "--failOnCVSS 6 --exclude '**/examples/*'
"
2023-01-25T15:38:36.4702464Z [INFO]
2023-01-25T15:38:36.4702762Z
2023-01-25T15:38:36.4706074Z Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
2023-01-25T15:38:36.4707484Z
2023-01-25T15:38:36.4707494Z
2023-01-25T15:38:36.4707785Z    About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
2023-01-25T15:38:36.4708718Z    False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
2023-01-25T15:38:36.4709043Z
2023-01-25T15:38:36.4709366Z 💖 Sponsor: https://github.com/sponsors/jeremylong
2023-01-25T15:38:36.4709863Z
2023-01-25T15:38:36.4709880Z
2023-01-25T15:38:36.4710039Z [INFO] Analysis Started
2023-01-25T15:38:36.4841663Z [INFO] Finished File Name Analyzer (0 seconds)
2023-01-25T15:38:36.4916094Z [WARN] Analyzing `/github/workspace/examples/serverless-triggered/package-lock.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
2023-01-25T15:38:36.4934168Z [INFO] Finished Node.js Package Analyzer (0 seconds)
2023-01-25T15:38:36.4985996Z [INFO] Finished Dependency Merging Analyzer (0 seconds)
2023-01-25T15:38:36.5007069Z [INFO] Finished Version Filter Analyzer (0 seconds)
2023-01-25T15:38:36.6410293Z [INFO] Finished Hint Analyzer (0 seconds)
2023-01-25T15:38:39.8486385Z [INFO] Created CPE Index (3 seconds)
2023-01-25T15:38:40.3106741Z [INFO] Finished CPE Analyzer (3 seconds)
2023-01-25T15:38:40.3231209Z [INFO] Finished False Positive Analyzer (0 seconds)
2023-01-25T15:38:40.3258829Z [INFO] Finished NVD CVE Analyzer (0 seconds)
2023-01-25T15:38:41.5069517Z [INFO] Finished Node Audit Analyzer (1 seconds)
2023-01-25T15:38:41.8499931Z [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
2023-01-25T15:38:41.8620320Z [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
2023-01-25T15:38:41.8895694Z [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
2023-01-25T15:38:41.8920460Z [INFO] Finished Dependency Bundling Analyzer (0 seconds)
2023-01-25T15:38:41.8951846Z [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
2023-01-25T15:38:41.9002380Z [INFO] Analysis Complete (5 seconds)
2023-01-25T15:38:42.0182273Z [INFO] Writing report to: /github/workspace/reports/dependency-check-report.html
2023-01-25T15:38:42.2878400Z [ERROR]
2023-01-25T15:38:42.2878712Z
2023-01-25T15:38:42.2879608Z One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '6.0':
2023-01-25T15:38:42.2880138Z
2023-01-25T15:38:42.2880495Z package-lock.json?cookiejar: CVE-2022-25901(7.5), 1088659(6.9)
2023-01-25T15:38:42.2881009Z package-lock.json?qs: 1088643(10.0), CVE-2022-24999(7.5)
2023-01-25T15:38:42.2881606Z package-lock.json?simple-git: 1085772(10.0), CVE-2022-25912(9.8)
2023-01-25T15:38:42.2881861Z
2023-01-25T15:38:42.2882143Z See the dependency-check report for more details.
2023-01-25T15:38:42.2882388Z
2023-01-25T15:38:42.2882395Z
	2023-01-25T15:38:33.6575712Z ##[group]Run dependency-check/Dependency-Check_Action@main
	2023-01-25T15:38:33.6576216Z with:
	2023-01-25T15:38:33.6576659Z project: s3-metadata-tagger
	2023-01-25T15:38:33.6577079Z path: .
	2023-01-25T15:38:33.6577467Z format: HTML
	2023-01-25T15:38:33.6578009Z args: --failOnCVSS 6 --exclude '*/examples/'

	2023-01-25T15:38:33.6578348Z out: reports
	2023-01-25T15:38:33.6578644Z env:
	2023-01-25T15:38:33.6579167Z GITHUB_TOKEN: ***
	2023-01-25T15:38:33.6581961Z pythonLocation: /opt/hostedtoolcache/Python/3.9.13/x64
	2023-01-25T15:38:33.6584241Z PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.9.13/x64/lib/pkgconfig
	2023-01-25T15:38:33.6584792Z Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
	2023-01-25T15:38:33.6585216Z Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
	2023-01-25T15:38:33.6585798Z Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.13/x64
	2023-01-25T15:38:33.6586575Z LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.9.13/x64/lib
	2023-01-25T15:38:33.6587000Z ##[endgroup]
	2023-01-25T15:38:33.7009907Z ##[command]/usr/bin/docker run --name c3e3b23bedb264989a6a0edf2fff01210_d44b26 --label 49859c --workdir /github/workspace --rm -e "GITHUB_TOKEN" -e "pythonLocation" -e "PKG_CONFIG_PATH" -e "Python_ROOT_DIR" -e "Python2_ROOT_DIR" -e "Python3_ROOT_DIR" -e "LD_LIBRARY_PATH" -e "INPUT_PROJECT" -e "INPUT_PATH" -e "INPUT_FORMAT" -e "INPUT_ARGS" -e "INPUT_OUT" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/s3-metadata-tagger-lib/s3-metadata-tagger-lib":"/github/workspace" 49859c:3e3b23bedb264989a6a0edf2fff01210 "--project" "s3-metadata-tagger" "--scan" "." "--format" "HTML" "--out" "/github/workspace/reports" "--noupdate" "--failOnCVSS 6 --exclude '*/examples/'
	"
	2023-01-25T15:38:36.4702464Z [INFO]
	2023-01-25T15:38:36.4702762Z
	2023-01-25T15:38:36.4706074Z Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
	2023-01-25T15:38:36.4707484Z
	2023-01-25T15:38:36.4707494Z
	2023-01-25T15:38:36.4707785Z About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
	2023-01-25T15:38:36.4708718Z False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
	2023-01-25T15:38:36.4709043Z
	2023-01-25T15:38:36.4709366Z 💖 Sponsor: https://github.com/sponsors/jeremylong
	2023-01-25T15:38:36.4709863Z
	2023-01-25T15:38:36.4709880Z
	2023-01-25T15:38:36.4710039Z [INFO] Analysis Started
	2023-01-25T15:38:36.4841663Z [INFO] Finished File Name Analyzer (0 seconds)
	2023-01-25T15:38:36.4916094Z [WARN] Analyzing `/github/workspace/examples/serverless-triggered/package-lock.json` - however, the node_modules directory does not exist. Please run `npm install` prior to running dependency-check
	2023-01-25T15:38:36.4934168Z [INFO] Finished Node.js Package Analyzer (0 seconds)
	2023-01-25T15:38:36.4985996Z [INFO] Finished Dependency Merging Analyzer (0 seconds)
	2023-01-25T15:38:36.5007069Z [INFO] Finished Version Filter Analyzer (0 seconds)
	2023-01-25T15:38:36.6410293Z [INFO] Finished Hint Analyzer (0 seconds)
	2023-01-25T15:38:39.8486385Z [INFO] Created CPE Index (3 seconds)
	2023-01-25T15:38:40.3106741Z [INFO] Finished CPE Analyzer (3 seconds)
	2023-01-25T15:38:40.3231209Z [INFO] Finished False Positive Analyzer (0 seconds)
	2023-01-25T15:38:40.3258829Z [INFO] Finished NVD CVE Analyzer (0 seconds)
	2023-01-25T15:38:41.5069517Z [INFO] Finished Node Audit Analyzer (1 seconds)
	2023-01-25T15:38:41.8499931Z [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
	2023-01-25T15:38:41.8620320Z [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
	2023-01-25T15:38:41.8895694Z [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
	2023-01-25T15:38:41.8920460Z [INFO] Finished Dependency Bundling Analyzer (0 seconds)
	2023-01-25T15:38:41.8951846Z [INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
	2023-01-25T15:38:41.9002380Z [INFO] Analysis Complete (5 seconds)
	2023-01-25T15:38:42.0182273Z [INFO] Writing report to: /github/workspace/reports/dependency-check-report.html
	2023-01-25T15:38:42.2878400Z [ERROR]
	2023-01-25T15:38:42.2878712Z
	2023-01-25T15:38:42.2879608Z One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '6.0':
	2023-01-25T15:38:42.2880138Z
	2023-01-25T15:38:42.2880495Z package-lock.json?cookiejar: CVE-2022-25901(7.5), 1088659(6.9)
	2023-01-25T15:38:42.2881009Z package-lock.json?qs: 1088643(10.0), CVE-2022-24999(7.5)
	2023-01-25T15:38:42.2881606Z package-lock.json?simple-git: 1085772(10.0), CVE-2022-25912(9.8)
	2023-01-25T15:38:42.2881861Z
	2023-01-25T15:38:42.2882143Z See the dependency-check report for more details.
	2023-01-25T15:38:42.2882388Z
	2023-01-25T15:38:42.2882395Z