.github/workflows/test-fs-action-sarif.yaml #17
Annotations
10 errors
test/samples/my-secrets.tf#L1
Details:
Access keys are long-term credentials for an IAM user or the AWS account root
user. You can use access keys to sign programmatic requests to the AWS CLI or AWS
API (directly or using the AWS SDK).
Recommendation:ֿ
Take immediate action to mitigate the risk of the identified hard-coded secret by
locating where it is used, revoking it, and ensuring it is update in all
dependent systems.
|
test/samples/poetry.lock#L1
Severity: CRITICAL
CVSS3 Score: 9.8
Installed version: 3.2.14
Fixed version: 3.2.19, 4.1.9, 4.2.1
|
test/samples/poetry.lock#L1
Severity: CRITICAL
CVSS3 Score: 9.8
Installed version: 1.1.0
Fixed version: 1.2.0
|
test/samples/poetry.lock#L1
Severity: CRITICAL
CVSS2 Score: 7.5
CVSS3 Score: 9.8
Installed version: 2.0.3
Fixed version: 2.1.1
|
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 2021.10.8
Fixed version: 2022.12.7
|
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.4
Installed version: 3.4.7
Fixed version: 39.0.1
|
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 8.8
Installed version: 3.2.14
Fixed version: 3.2.15, 4.0.7
|
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 3.2.14
Fixed version: 3.2.16, 4.0.8, 4.1.2
|
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 3.2.14
Fixed version: 3.2.17, 4.0.9, 4.1.6
|
test/samples/poetry.lock#L1
Severity: HIGH
CVSS3 Score: 7.5
Installed version: 3.2.14
Fixed version: 3.2.18, 4.0.10, 4.1.7
|
The logs for this run have expired and are no longer available.
Loading