Skip to content
CloudGuard Code Security

fix: upgrade org.jsoup:jsoup from 1.18.1 to 1.18.3 #16

Sign in to view logs

fix: upgrade org.jsoup:jsoup from 1.18.1 to 1.18.3

fix: upgrade org.jsoup:jsoup from 1.18.1 to 1.18.3 #16

Workflow file for this run

.github/workflows/scan.yml at bcec0d6
name: CloudGuard Code Security
on: push
env:
SPECTRAL_DSN: ${{ secrets.SPECTRAL_DSN }}
# JFrog platform url (for example: https://acme.jfrog.io)
JF_URL: ${{ vars.JF_URL }}
# JFrog Platform access token
JF_ACCESS_TOKEN: ${{ secrets.JF_ACCESS_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_TOKEN }}
jobs:
semgrep:
runs-on: ubuntu-latest
container:
image: semgrep/semgrep
steps:
- uses: actions/checkout@v4
- run: |
semgrep ci --code --secrets --supply-chain --no-suppress-errors
spectral:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: CloudGuard Code Security Scan
uses: checkpointsw/spectral-github-action@v4
with:
spectral-dsn: ${{ env.SPECTRAL_DSN }}
spectral-args: scan --fail-on-error --engines secrets,iac,oss --asset-mapping github.${{ github.repository_owner }}
jfrog-code:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: jfrog/setup-jfrog-cli@v4
- run: |
jf audit --iac --secrets --sast --format json | tee code
- uses: Teebra/JSON-to-HTML-table@v2.0.0
with:
json-file: path/to/your/jsonfile.json
jfrog-dependency:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: jfrog/setup-jfrog-cli@v4
- run: |
jf audit --sca
snyk-iac:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Snyk to check for code vulnerabilities
id: snyk_code
uses: snyk/actions/node@master
with:
command: code iac test
args: --sarif-file-output=snyk/iac.sarif
- if: always()
run: |
cat snyk/iac.sarif
- name: Upload sarif files
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'snyk/'
snyk-code:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Snyk to check for code vulnerabilities
id: snyk_code
uses: snyk/actions/node@master
with:
command: code test
args: --sarif-file-output=snyk/code.sarif
- if: always()
run: |
cat snyk/code.sarif
- name: Upload sarif files
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'snyk/'
snyk-dependency:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth:
- name: Run Snyk to check for dependency vulnerabilities
uses: snyk/actions/node@master
with:
command: test
args: --sarif-file-output=snyk/dependencies.sarif --all-projects
- if: always()
run: |
cat snyk/dependencies.sarif
- name: Upload sarif files
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'snyk/'