Merge pull request #356 from catenax-ng/main #875
Annotations
58 errors, 37 warnings, and 8 notices
must-always-return-json-objects-as-top-level-data-structures:
docs/src/api/irs-api.yaml#L805
Top-level data structure must be an object
|
must-defined-format:
docs/src/api/irs-api.yaml#L2094
Must defined official format for type string
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2497
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
must-use-date-time-format:
docs/src/api/irs-api.yaml#L2094
Must use an official date-time format
|
integer-format:
docs/src/api/irs-api.yaml#L244
Schema of type number or integer must specify a format. #/paths/~1irs~1jobs/get/parameters/2/schema
|
must-use-date-format:
docs/src/api/irs-api.yaml#L1957
Must use an official date-time format
|
must-have-secure-endpoints:
docs/src/api/irs-api.yaml#L131
Missing 'security.BearerAuth'.
|
oas3-valid-media-example:
docs/src/api/irs-api.yaml#L1016
"batchId" property must match pattern "/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i"
|
integer-format:
docs/src/api/irs-api.yaml#L237
Schema of type number or integer must specify a format. #/paths/~1irs~1jobs/get/parameters/1/schema
|
oas3-valid-schema-example:
docs/src/api/irs-api.yaml#L1906
"example" property must match pattern "/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i"
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2009
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2345
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
oas3-valid-media-example:
docs/src/api/irs-api.yaml#L1274
Property "batchUrl" is not expected to be here
|
must-defined-format:
docs/src/api/irs-api.yaml#L1889
Must defined official format for type string
|
must-use-date-format:
docs/src/api/irs-api.yaml#L1920
Must use an official date-time format
|
should-use-name-date-and-time-properties-with-at-suffix:
docs/src/api/irs-api.yaml#L2203
SHOULD name date/time properties with On suffix
|
oas3-valid-media-example:
docs/src/api/irs-api.yaml#L1165
"id" property must match pattern "/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i"
|
must-defined-format:
docs/src/api/irs-api.yaml#L1914
Must defined official format for type string
|
must-use-date-time-format:
docs/src/api/irs-api.yaml#L1889
Must use an official date-time format
|
oas3-valid-media-example:
docs/src/api/irs-api.yaml#L1043
"id" property must match pattern "/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i"
|
oas3-valid-media-example:
docs/src/api/irs-api.yaml#L1338
"id" property must match pattern "/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i"
|
must-use-date-format:
docs/src/api/irs-api.yaml#L2094
Must use an official date-time format
|
should-use-name-date-and-time-properties-with-at-suffix:
docs/src/api/irs-api.yaml#L1953
SHOULD name date/time properties with On suffix
|
oas3-valid-media-example:
docs/src/api/irs-api.yaml#L978
"id" property must match pattern "/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i"
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2345
Property name has to be ASCII PascalCase or camelCase
|
should-use-name-date-and-time-properties-with-at-suffix:
docs/src/api/irs-api.yaml#L2212
SHOULD name date/time properties with On suffix
|
must-use-date-time-format:
docs/src/api/irs-api.yaml#L2110
Must use an official date-time format
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2392
Property name has to be ASCII PascalCase or camelCase
|
must-use-date-time-format:
docs/src/api/irs-api.yaml#L1920
Must use an official date-time format
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2095
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
must-use-date-format:
docs/src/api/irs-api.yaml#L1889
Must use an official date-time format
|
must-use-date-time-format:
docs/src/api/irs-api.yaml#L1914
Must use an official date-time format
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2126
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
must-defined-format:
docs/src/api/irs-api.yaml#L2110
Must defined official format for type string
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2126
Property name has to be ASCII PascalCase or camelCase
|
should-use-name-date-and-time-properties-with-at-suffix:
docs/src/api/irs-api.yaml#L1726
SHOULD name date/time properties with On suffix
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2497
Property name has to be ASCII PascalCase or camelCase
|
must-defined-format:
docs/src/api/irs-api.yaml#L1920
Must defined official format for type string
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2601
Property name has to be ASCII PascalCase or camelCase
|
must-defined-format:
docs/src/api/irs-api.yaml#L1893
Must defined official format for type string
|
must-use-date-format:
docs/src/api/irs-api.yaml#L1914
Must use an official date-time format
|
must-use-date-time-format:
docs/src/api/irs-api.yaml#L1893
Must use an official date-time format
|
must-defined-format:
docs/src/api/irs-api.yaml#L1957
Must defined official format for type string
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2443
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2514
Property name has to be ASCII PascalCase or camelCase
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2594
Property name has to be ASCII PascalCase or camelCase
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2514
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2594
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2095
Property name has to be ASCII PascalCase or camelCase
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2601
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
must-use-date-time-format:
docs/src/api/irs-api.yaml#L1957
Must use an official date-time format
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2009
Property name has to be ASCII PascalCase or camelCase
|
must-use-common-field-names-and-semantics-for-custom-field-names:
docs/src/api/irs-api.yaml#L2392
Object{} must match the pattern "^[a-z]+([A-Z][a-z0-9]+)*$"
|
oas3-valid-media-example:
docs/src/api/irs-api.yaml#L1466
"id" property must match pattern "/^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/i"
|
should-use-name-date-and-time-properties-with-at-suffix:
docs/src/api/irs-api.yaml#L2634
SHOULD name date/time properties with On suffix
|
must-use-pascal-or-camel-case-for-property-names:
docs/src/api/irs-api.yaml#L2443
Property name has to be ASCII PascalCase or camelCase
|
must-use-date-format:
docs/src/api/irs-api.yaml#L2110
Must use an official date-time format
|
must-use-date-format:
docs/src/api/irs-api.yaml#L1893
Must use an official date-time format
|
http-response-content-2xx:
docs/src/api/irs-api.yaml#L142
200, 201, 202, 203 and 206 responses usually have a content: "[200].content" property must exist.
|
http-response-content-2xx:
docs/src/api/irs-api.yaml#L843
200, 201, 202, 203 and 206 responses usually have a content: "[201].content" property must exist.
|
http-response-content-2xx:
docs/src/api/irs-api.yaml#L142
200, 201, 202, 203 and 206 responses usually have a content: "[200].content" property must be truthy.
|
http-response-content-2xx:
docs/src/api/irs-api.yaml#L888
200, 201, 202, 203 and 206 responses usually have a content: "[200].content" property must exist.
|
http-response-content-2xx:
docs/src/api/irs-api.yaml#L938
200, 201, 202, 203 and 206 responses usually have a content: "[200].content" property must exist.
|
http-response-content-2xx:
docs/src/api/irs-api.yaml#L888
200, 201, 202, 203 and 206 responses usually have a content: "[200].content" property must be truthy.
|
http-response-content-2xx:
docs/src/api/irs-api.yaml#L938
200, 201, 202, 203 and 206 responses usually have a content: "[200].content" property must be truthy.
|
http-response-content-2xx:
docs/src/api/irs-api.yaml#L843
200, 201, 202, 203 and 206 responses usually have a content: "[201].content" property must be truthy.
|
info-contact:
docs/src/api/irs-api.yaml#L2
Info object must have "contact" object.
|
license-url:
docs/src/api/irs-api.yaml#L2
License object must include "url".
|
info-license:
docs/src/api/irs-api.yaml#L2
Info object must have "license" object.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L433
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L876
Operation tags must be defined in global tags.
|
oas3-parameter-description:
docs/src/api/irs-api.yaml#L882
Parameter objects must have "description".
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L129
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L589
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L65
Operation tags must be defined in global tags.
|
openapi-tags:
docs/src/api/irs-api.yaml#L1
OpenAPI object must have non-empty "tags" array.
|
should-use-well-understood-http-status-codes:
docs/src/api/irs-api.yaml#L383
206 is not a well-understood HTTP status code
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L155
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L498
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L209
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L298
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L832
Operation tags must be defined in global tags.
|
oas3-parameter-description:
docs/src/api/irs-api.yaml#L926
Parameter objects must have "description".
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L535
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L971
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L720
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L655
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L921
Operation tags must be defined in global tags.
|
oas3-unused-component:
docs/src/api/irs-api.yaml#L982
Potentially unused component has been detected.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L796
Operation tags must be defined in global tags.
|
operation-tag-defined:
docs/src/api/irs-api.yaml#L349
Operation tags must be defined in global tags.
|
oas3-unused-component:
docs/src/api/irs-api.yaml#L1305
Potentially unused component has been detected.
|
oas3-unused-component:
docs/src/api/irs-api.yaml#L1339
Potentially unused component has been detected.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/dependencies-update.yaml#L51
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/irs-build.yml#L171
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/changelog-changes.yaml#L49
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/veracode.yaml#L41
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/swagger-editor-validate.yml#L20
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/update-registry-library.yaml#L71
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/helm-upgrade.yaml#L19
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/publish-documentation.yaml#L117
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/trivy-image-scan.yml#L55
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
[MEDIUM] Unpinned Actions Full Length Commit SHA:
.github/workflows/trivy.yml#L34
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
Artifacts
Produced during runtime
Name | Size | |
---|---|---|
kicsResults.json
Expired
|
33.3 KB |
|