test

RyosukeDTomita · Dec 16, 2023 · d7d59ec · d7d59ec
1 parent f8ad3a7
commit d7d59ec
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 2 deletions.
diff --git a/.github/workflows/react-dependency-check.yaml b/.github/workflows/react-dependency-check.yaml
@@ -19,8 +19,8 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           scan-type: 'fs'
-          exit-code: 1
-          scanners: 'vuln'
+          #exit-code: 1
+          #scanners: 'vuln'
           vuln-type: 'library'
           #hide-progress: true
           format: 'sarif'

diff --git a/sca-report.sarif b/sca-report.sarif
@@ -0,0 +1,80 @@
+{
+  "version": "2.1.0",
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "fullName": "Trivy Vulnerability Scanner",
+          "informationUri": "https://github.com/aquasecurity/trivy",
+          "name": "Trivy",
+          "rules": [
+            {
+              "id": "CVE-2021-3803",
+              "name": "LanguageSpecificPackageVulnerability",
+              "shortDescription": {
+                "text": "inefficient regular expression complexity"
+              },
+              "fullDescription": {
+                "text": "nth-check is vulnerable to Inefficient Regular Expression Complexity"
+              },
+              "defaultConfiguration": {
+                "level": "error"
+              },
+              "helpUri": "https://avd.aquasec.com/nvd/cve-2021-3803",
+              "help": {
+                "text": "Vulnerability CVE-2021-3803\nSeverity: HIGH\nPackage: nth-check\nFixed Version: 2.0.1\nLink: [CVE-2021-3803](https://avd.aquasec.com/nvd/cve-2021-3803)\nnth-check is vulnerable to Inefficient Regular Expression Complexity",
+                "markdown": "**Vulnerability CVE-2021-3803**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|nth-check|2.0.1|[CVE-2021-3803](https://avd.aquasec.com/nvd/cve-2021-3803)|\n\nnth-check is vulnerable to Inefficient Regular Expression Complexity"
+              },
+              "properties": {
+                "precision": "very-high",
+                "security-severity": "7.5",
+                "tags": [
+                  "vulnerability",
+                  "security",
+                  "HIGH"
+                ]
+              }
+            }
+          ],
+          "version": "0.47.0"
+        }
+      },
+      "results": [
+        {
+          "ruleId": "CVE-2021-3803",
+          "ruleIndex": 0,
+          "level": "error",
+          "message": {
+            "text": "Package: nth-check\nInstalled Version: 1.0.2\nVulnerability CVE-2021-3803\nSeverity: HIGH\nFixed Version: 2.0.1\nLink: [CVE-2021-3803](https://avd.aquasec.com/nvd/cve-2021-3803)"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "package-lock.json",
+                  "uriBaseId": "ROOTPATH"
+                },
+                "region": {
+                  "startLine": 15755,
+                  "startColumn": 1,
+                  "endLine": 15762,
+                  "endColumn": 1
+                }
+              },
+              "message": {
+                "text": "package-lock.json: nth-check@1.0.2"
+              }
+            }
+          ]
+        }
+      ],
+      "columnKind": "utf16CodeUnits",
+      "originalUriBaseIds": {
+        "ROOTPATH": {
+          "uri": "file:///home/tomita/devsecops-demo-aws-ecs/"
+        }
+      }
+    }
+  ]
+}