Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Security Report: 124 total findings [main] #32

Open
1 task
mend-for-github-com bot opened this issue Jan 31, 2025 · 0 comments
Open
1 task

Code Security Report: 124 total findings [main] #32

mend-for-github-com bot opened this issue Jan 31, 2025 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@mend-for-github-com
Copy link
Contributor

Code Security Report

Scan Metadata

Latest Scan: 2025-01-31 09:28am
Total Findings: 124 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 490
Detected Programming Languages: 1 (Go)

  • Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

SeverityVulnerability TypeCWEFileData FlowsDetected
MediumHeap Inspection

CWE-244

model_provision_vdb_from_bookmark_parameters.go:140

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_provision_vdb_from_bookmark_parameters.go

Line 140 in be2b1ce

CdbTdeKeystorePassword *string `json:"cdb_tde_keystore_password,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_oracle_d_source_link_source_parameters_all_of.go:72

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_oracle_d_source_link_source_parameters_all_of.go

Line 72 in be2b1ce

NonSysHashicorpVaultSecretPath *string `json:"non_sys_hashicorp_vault_secret_path,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_environment_update_parameters.go:42

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_environment_update_parameters.go

Line 42 in be2b1ce

AseDbHashicorpVaultSecretPath *string `json:"ase_db_hashicorp_vault_secret_path,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_ased_source_link_source_parameters.go:80

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_ased_source_link_source_parameters.go

Line 80 in be2b1ce

DbAzureVaultSecretKey *string `json:"db_azure_vault_secret_key,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_connectivity_check_parameters.go:44

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_connectivity_check_parameters.go

Line 44 in be2b1ce

HashicorpVaultSecretPath *string `json:"hashicorp_vault_secret_path,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_oracle_d_source_link_source_parameters.go:116

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_oracle_d_source_link_source_parameters.go

Line 116 in be2b1ce

FallbackHashicorpVaultSecretPath *string `json:"fallback_hashicorp_vault_secret_path,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_base_provision_vdb_parameters_all_of.go:40

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_base_provision_vdb_parameters_all_of.go

Line 40 in be2b1ce

OsPassword *string `json:"os_password,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_validate_java_parameters.go:44

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_validate_java_parameters.go

Line 44 in be2b1ce

HashicorpVaultSecretKey *string `json:"hashicorp_vault_secret_key,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_oracle_d_source_link_source_parameters.go:126

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_oracle_d_source_link_source_parameters.go

Line 126 in be2b1ce

FallbackAzureVaultSecretKey *string `json:"fallback_azure_vault_secret_key,omitempty"`

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

model_connectivity_check_parameters.go:54

12025-01-31 09:29am
Vulnerable Code

dct-sdk-go/model_connectivity_check_parameters.go

Line 54 in be2b1ce

AzureVaultSecretKey *string `json:"azure_vault_secret_key,omitempty"`

Secure Code Warrior Training Material

Findings Overview

Severity Vulnerability Type CWE Language Count
Medium Heap Inspection CWE-244 Go 123
Medium Insecure TLS Configuration CWE-295 Go 1
@mend-for-github-com mend-for-github-com bot added the Mend: code security findings Code security findings detected by Mend label Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Milestone
No milestone
Development

No branches or pull requests
0 participants