Skip to content

SCA PR#3

Open
jmagee70 wants to merge 3 commits intomainfrom
SCA-PR
Open

SCA PR#3
jmagee70 wants to merge 3 commits intomainfrom
SCA-PR

Conversation

@jmagee70
Copy link

@jmagee70 jmagee70 commented Feb 6, 2024

No description provided.

prisma-cloud-devsecops[bot]
prisma-cloud-devsecops bot reviewed Feb 6, 2024
View reviewed changes
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prisma Cloud has found errors in this PR ⬇️

SCA/build.gradle

compile "com.google.guava:guava:11.0.2"

testCompile "junit:junit:4.8.2"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

junit:junit 4.8.2 / build.gradle

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2020-15250 MEDIUM MEDIUM 4.4 4.13.1 Open

SCA/build.gradle

ext.hadoopVersion = "2.0.0-mr1-cdh4.0.1"
dependencies {
provided "org.apache.hadoop:hadoop-client:${hadoopVersion}"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

org.apache.hadoop:hadoop-client 2.0.0-mr1-cdh4.0.1 / build.gradle

Total vulnerabilities: 2

Critical: 0 High: 1 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2017-3162 HIGH HIGH 7.3 2.7.0 Open
CVE-2017-3161 MEDIUM MEDIUM 6.1 2.7.0 Open

SCA/build.gradle
dependencies {
provided "org.apache.hadoop:hadoop-client:${hadoopVersion}"

compile "com.google.guava:guava:11.0.2"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

com.google.guava:guava 11.0.2 / build.gradle

Total vulnerabilities: 3

Critical: 0 High: 1 Medium: 1 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2023-2976 HIGH HIGH 7.1 32.0.0 Open
CVE-2018-10237 MEDIUM MEDIUM 5.9 24.1.1 Open
CVE-2020-8908 LOW LOW 3.3 32.0.0 Open

SCA/build.gradle
@@ -0,0 +1,45 @@
apply plugin: "java"
Copy link

@prisma-cloud-devsecops prisma-cloud-devsecops bot Feb 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

junit:junit 4.8.2 / build.gradle

LOW  Unknown License (Common Public License Version 1.0)

This package use a non-SPDX, unrecognized, or private open-source license. Ensure this package is compliant.

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 6, 2024
View reviewed changes
SCA/build.gradle

compile "com.google.guava:guava:11.0.2"

testCompile "junit:junit:4.8.2"

Check notice

Code scanning / checkov

License Common Public License Version 1.0 - junit:junit: 4.8.2

License Common Public License Version 1.0 - junit:junit: 4.8.2
SCA/build.gradle
dependencies {
provided "org.apache.hadoop:hadoop-client:${hadoopVersion}"

compile "com.google.guava:guava:11.0.2"

Check failure

Code scanning / checkov

CVE-2023-2976 - com.google.guava:guava: 11.0.2

CVE-2023-2976 - com.google.guava:guava: 11.0.2
SCA/build.gradle
dependencies {
provided "org.apache.hadoop:hadoop-client:${hadoopVersion}"

compile "com.google.guava:guava:11.0.2"

Check warning

Code scanning / checkov

CVE-2018-10237 - com.google.guava:guava: 11.0.2

CVE-2018-10237 - com.google.guava:guava: 11.0.2
SCA/build.gradle
dependencies {
provided "org.apache.hadoop:hadoop-client:${hadoopVersion}"

compile "com.google.guava:guava:11.0.2"

Check notice

Code scanning / checkov

CVE-2020-8908 - com.google.guava:guava: 11.0.2

CVE-2020-8908 - com.google.guava:guava: 11.0.2
SCA/build.gradle

compile "com.google.guava:guava:11.0.2"

testCompile "junit:junit:4.8.2"

Check warning

Code scanning / checkov

CVE-2020-15250 - junit:junit: 4.8.2

CVE-2020-15250 - junit:junit: 4.8.2
SCA/build.gradle

ext.hadoopVersion = "2.0.0-mr1-cdh4.0.1"
dependencies {
provided "org.apache.hadoop:hadoop-client:${hadoopVersion}"

Check warning

Code scanning / checkov

CVE-2017-3161 - org.apache.hadoop:hadoop-client: 2.0.0-mr1-cdh4.0.1

CVE-2017-3161 - org.apache.hadoop:hadoop-client: 2.0.0-mr1-cdh4.0.1
SCA/build.gradle

ext.hadoopVersion = "2.0.0-mr1-cdh4.0.1"
dependencies {
provided "org.apache.hadoop:hadoop-client:${hadoopVersion}"

Check failure

Code scanning / checkov

CVE-2017-3162 - org.apache.hadoop:hadoop-client: 2.0.0-mr1-cdh4.0.1

CVE-2017-3162 - org.apache.hadoop:hadoop-client: 2.0.0-mr1-cdh4.0.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prisma-cloud-devsecops prisma-cloud-devsecops[bot] prisma-cloud-devsecops[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jmagee70