Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ASA-9110 #228

Merged
merged 9 commits into from
Sep 24, 2024

Update StaticAnalyzer.java

255d0bd
Select commit
Loading
Failed to load commit list.
Merged

ASA-9110 #228

Update StaticAnalyzer.java
255d0bd
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Jenkins Security Scan succeeded Sep 12, 2024 in 3s

4 new alerts

New alerts in code changed by this pull request

  • 4 warnings

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 68 in src/main/java/com/hcl/appscan/jenkins/plugin/scanners/SoftwareCompositionAnalyzer.java

See this annotation in the file changed.

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in DescriptorImpl#doCheckTarget

Check warning on line 68 in src/main/java/com/hcl/appscan/jenkins/plugin/scanners/SoftwareCompositionAnalyzer.java

See this annotation in the file changed.

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If DescriptorImpl#doCheckTarget connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST

Check warning on line 256 in src/main/java/com/hcl/appscan/jenkins/plugin/scanners/StaticAnalyzer.java

See this annotation in the file changed.

Code scanning / Jenkins Security Scan

Stapler: Missing permission check Warning

Potential missing permission check in DescriptorImpl#doCheckTarget

Check warning on line 256 in src/main/java/com/hcl/appscan/jenkins/plugin/scanners/StaticAnalyzer.java

See this annotation in the file changed.

Code scanning / Jenkins Security Scan

Stapler: Missing POST/RequirePOST annotation Warning

Potential CSRF vulnerability: If DescriptorImpl#doCheckTarget connects to user-specified URLs, modifies state, or is expensive to run, it should be annotated with @POST or @RequirePOST