Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cleaning of CVE exceptions + manual upgrades (Java 21, PMD7, Powershell) #3518

Merged
merged 29 commits into from
Apr 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
c230e2c
Draft: cleaning
nvuillam Apr 27, 2024
7331e77
Remove useless package-lock.json
nvuillam Apr 27, 2024
7819c7c
trivy exceptions
nvuillam Apr 27, 2024
54c2347
Upgrade PMD to 7.1.0
nvuillam Apr 27, 2024
0200d4e
Undowngrade kubescape
nvuillam Apr 27, 2024
9010586
Upgrade powershell
nvuillam Apr 27, 2024
ce717dd
trivy ignore
nvuillam Apr 27, 2024
f9ed60c
trivy exceptions
nvuillam Apr 27, 2024
a1edb77
Upgrade java to openjdk21
nvuillam Apr 27, 2024
83e536f
Upgrade terrascan
nvuillam Apr 27, 2024
8e6961d
trivyignore
nvuillam Apr 27, 2024
38c18ad
Downgrade terrascan
nvuillam Apr 27, 2024
b8e57a0
upgrade exceptions
nvuillam Apr 27, 2024
ebe7b43
Fix PMD7 install
nvuillam Apr 27, 2024
31ebf63
powershell exceptions
nvuillam Apr 27, 2024
0043bcc
Fix pmd7 install
nvuillam Apr 27, 2024
309daca
Test setup disable sarif by default
nvuillam Apr 28, 2024
349a786
sfdx-scanner exceptions
nvuillam Apr 28, 2024
60e1de1
Fix pmd install
nvuillam Apr 28, 2024
9d0e8cd
Fix pmd installation & class
nvuillam Apr 28, 2024
a1ae829
Update groovy test files
nvuillam Apr 28, 2024
fd6a32a
[MegaLinter] Apply linters fixes
nvuillam Apr 28, 2024
cc360db
Merge branch 'fixes/cleaning' of https://github.com/oxsecurity/megali…
nvuillam Apr 28, 2024
004e1a1
Force java17 for npm-groovy-lint
nvuillam Apr 28, 2024
3a1e236
tsql-lint exceptions
nvuillam Apr 28, 2024
f392e79
Downgrade kubescape
nvuillam Apr 28, 2024
1d9d36e
Downgrade kubescape
nvuillam Apr 28, 2024
48d6aaa
Changelog
nvuillam Apr 28, 2024
f027ac6
Exceptions for kubescape
nvuillam Apr 28, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .automation/test/groovy/groovy_fix_01.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
class Example {

static void main(String[] args){
File file = new File('E:/Example.txt')
File file = new File('E:/Example.txt');
println "The file ${file.absolutePath} has ${file.length()} bytes"
}

Expand Down
2 changes: 1 addition & 1 deletion .automation/test/groovy/groovy_fix_02.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ class Example{

static void main(String[] args) {
File file = new File('E:/Example.txt')
println "The file ${file.absolutePath} has ${file.length()} bytes"
println "The file ${file.absolutePath} has ${file.length()} bytes" ;
}

}
253 changes: 57 additions & 196 deletions .trivyignore
Original file line number Diff line number Diff line change
@@ -1,216 +1,77 @@
CVE-2017-18640
CVE-2018-1098
CVE-2018-25032
# .NET sdk
# https://github.com/dotnet/sdk/issues/37790#issuecomment-1918068016
CVE-2024-0057
CVE-2018-8292
CVE-2023-29331
CVE-2019-0820
CVE-2019-0980
CVE-2019-0981
CVE-2019-11253
CVE-2020-13949
CVE-2020-14040
CVE-2020-14343
CVE-2020-16250
CVE-2022-24450
CVE-2020-26521
CVE-2020-26892
CVE-2020-28469
CVE-2020-28477
CVE-2020-29529
CVE-2020-29529
CVE-2020-29651
CVE-2020-29652
CVE-2020-36242
CVE-2020-36518
CVE-2020-7219
CVE-2020-7219
CVE-2020-8203
CVE-2020-8558
CVE-2020-9283
CVE-2021-22569
CVE-2021-23337
CVE-2021-23358
CVE-2021-23406
CVE-2021-23436
CVE-2021-23566
CVE-2021-23807

# editorconfig-checker
# https://github.com/editorconfig-checker/editorconfig-checker/issues/342
CVE-2023-39325

# gitleaks
# Solved in next gitleaks release: https://github.com/gitleaks/gitleaks/pull/1342
CVE-2021-38561
CVE-2022-32149

# grype & syft
# https://github.com/anchore/grype/issues/1834
CVE-2024-3154

# KICS & tflint & terragrunt & terraform-fmt
# https://github.com/Checkmarx/kics/issues/7029
CVE-2024-3817

# Kubescape
# https://github.com/oxsecurity/megalinter/issues/3519
GHSA-9763-4f94-gfch
CVE-2023-49569
CVE-2023-49568

# powershell
CVE-2024-21907
CVE-2021-24112
CVE-2021-25741
CVE-2021-28918
CVE-2021-29482
CVE-2021-3121
CVE-2021-32803
CVE-2021-32804
CVE-2021-32810
CVE-2021-32923

# protolint
# https://github.com/yoheimuta/protolint/issues/380
CVE-2021-33194
CVE-2021-33503
CVE-2021-35065
CVE-2021-3538
CVE-2021-35515
CVE-2021-35516
CVE-2021-35517
CVE-2021-36090
CVE-2021-36159
CVE-2021-36222
CVE-2021-3711
CVE-2021-3712
CVE-2021-37136
CVE-2021-37219
CVE-2021-3757
CVE-2021-37701
CVE-2021-37712
CVE-2021-37713
CVE-2021-37714
CVE-2021-3538
CVE-2021-3807
CVE-2021-38561
CVE-2021-3918
CVE-2021-41092
CVE-2021-41103
CVE-2021-42374
CVE-2021-42375
CVE-2021-42378
CVE-2021-42379
CVE-2021-4238
CVE-2021-42380
CVE-2021-42381
CVE-2021-42382
CVE-2021-42383
CVE-2021-42384
CVE-2021-42385
CVE-2021-42386
CVE-2021-43138
CVE-2021-43816
CVE-2021-44716
CVE-2021-44906
CVE-2021-43565
CVE-2021-45960
CVE-2021-46143
CVE-2021-46828
CVE-2021-46877
CVE-2022-0235
CVE-2022-0778
CVE-2022-1271
CVE-2022-1304
CVE-2022-1471
CVE-2022-1996
CVE-2022-2097
CVE-2022-3510
CVE-2022-21680
CVE-2022-21681
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
CVE-2022-23524
CVE-2022-23525
CVE-2022-23526
CVE-2022-23529
CVE-2022-23639
CVE-2022-23648
CVE-2022-23852
CVE-2022-23990
CVE-2022-24433
CVE-2022-24713
CVE-2022-25235
CVE-2022-25236
CVE-2022-25314
CVE-2022-25315
CVE-2022-25647
CVE-2022-25857
CVE-2022-25881
CVE-2022-25883
CVE-2022-26945
CVE-2022-27191
CVE-2022-27664
CVE-2022-28391
CVE-2022-28946
CVE-2022-28948
CVE-2022-29458
CVE-2022-30065
CVE-2022-30321
CVE-2022-30322
CVE-2022-30323
CVE-2022-3171
CVE-2022-32149
CVE-2022-33082
CVE-2022-33980
CVE-2022-3509
CVE-2022-3517
CVE-2022-36067
CVE-2022-36085
CVE-2022-36944
CVE-2022-37434
CVE-2022-37616
CVE-2022-38013
CVE-2022-39286
CVE-2022-39353
CVE-2022-40674
CVE-2022-40897
CVE-2022-40898
CVE-2022-41032
CVE-2022-41721
CVE-2022-41723
CVE-2022-41881
CVE-2023-39325
CVE-2021-38561
CVE-2022-32149
GHSA-m425-mq94-257g

# sfdx-scanner
CVE-2023-6378
CVE-2020-36518
CVE-2021-46877
CVE-2022-42003
CVE-2022-42004
CVE-2022-42898
CVE-2022-33980
CVE-2022-42889
CVE-2022-43680
CVE-2022-46175
CVE-2023-0286
CVE-2023-0842
CVE-2023-2253
CVE-2023-2650
CVE-2023-6378
CVE-2023-26115
CVE-2023-28840
CVE-2023-2976
CVE-2023-29017
CVE-2023-29199
CVE-2023-29331
CVE-2023-29337
CVE-2023-29491
CVE-2023-30547
CVE-2023-30551
CVE-2023-32309
CVE-2023-32314
CVE-2023-33170
CVE-2023-34104
CVE-2023-36414
CVE-2023-36665
CVE-2023-39325
CVE-2023-4759
CVE-2023-42282
CVE-2023-43646
CVE-2023-45133
CVE-2023-49568
CVE-2023-49569
CVE-2023-52425
CVE-2024-0056
CVE-2024-0057
CVE-2024-21508
CVE-2024-21626
CVE-2024-21907
CVE-2024-23651
CVE-2022-1471
CVE-2022-25857

# terrascan
# https://github.com/tenable/terrascan/issues/1674
CVE-2024-23652
CVE-2024-23653
CVE-2024-23651
CVE-2024-26147
CVE-2024-28757
CVE-2024-28863
CVE-2024-3154
CVE-2024-3817

# tsql-lint
# https://github.com/tsqllint/tsqllint/issues/333
CVE-2023-36414
CVE-2024-0056

# Dockerfile
DS001
DS002
DS003
DS004
DS013
DS014
DS026
GHSA-5crp-9r3c-p9vr
GHSA-8x6c-cv3v-vp6g
GHSA-9763-4f94-gfch
GHSA-m425-mq94-257g


4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l

- Core
- Add new logs (at debug level) on each linter activation/deactivation
- Clean MegaLinter own CVE exceptions and order the remaining ones with links to related issues
- Upgrade to Java 21 except for npm-groovy-lint that requires Java 17

- Media

Expand All @@ -28,6 +30,8 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l

- CI
- Build: take in account disabled linters for workflow auto-update
- Remove useless package-lock.json that was in python tests folder
- Fix SARIF_REPORTER that was wrongly sent to `true` to format & fix test methods

- Linter versions upgrades
- [phpcs](https://github.com/PHPCSStandards/PHP_CodeSniffer) from 3.9.1 to **3.9.2** on 2024-04-23
Expand Down
Loading
Loading