leaky-repo

trivy-results.sarif
161 строка · 13.3 Кб
Перенос по словам
1
{
2
  "version": "2.1.0",
3
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
4
  "runs": [
5
    {
6
      "tool": {
7
        "driver": {
8
          "fullName": "Trivy Vulnerability Scanner",
9
          "informationUri": "https://github.com/aquasecurity/trivy",
10
          "name": "Trivy",
11
          "rules": [
12
            {
13
              "id": "slack-access-token",
14
              "name": "Secret",
15
              "shortDescription": {
16
                "text": "Slack token"
17
              },
18
              "fullDescription": {
19
                "text": "8f74\u0026#39;\nexport SLACK_API_TOKEN=\u0026#39;*****************-581481478633-908968"
20
              },
21
              "defaultConfiguration": {
22
                "level": "error"
23
              },
24
              "helpUri": "https://github.com/aquasecurity/trivy/blob/main/pkg/fanal/secret/builtin-rules.go",
25
              "help": {
26
                "text": "Secret Slack token\nSeverity: HIGH\nMatch: 8f74'\nexport SLACK_API_TOKEN='*****************-581481478633-908968",
27
                "markdown": "**Secret Slack token**\n| Severity | Match |\n| --- | --- |\n|HIGH|8f74'\nexport SLACK_API_TOKEN='*****************-581481478633-908968|"
28
              },
29
              "properties": {
30
                "precision": "very-high",
31
                "security-severity": "8.0",
32
                "tags": [
33
                  "secret",
34
                  "security",
35
                  "HIGH"
36
                ]
37
              }
38
            },
39
            {
40
              "id": "private-key",
41
              "name": "Secret",
42
              "shortDescription": {
43
                "text": "Asymmetric Private Key"
44
              },
45
              "fullDescription": {
46
                "text": "-----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY"
47
              },
48
              "defaultConfiguration": {
49
                "level": "error"
50
              },
51
              "helpUri": "https://github.com/aquasecurity/trivy/blob/main/pkg/fanal/secret/builtin-rules.go",
52
              "help": {
53
                "text": "Secret Asymmetric Private Key\nSeverity: HIGH\nMatch: -----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY",
54
                "markdown": "**Secret Asymmetric Private Key**\n| Severity | Match |\n| --- | --- |\n|HIGH|-----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY|"
55
              },
56
              "properties": {
57
                "precision": "very-high",
58
                "security-severity": "8.0",
59
                "tags": [
60
                  "secret",
61
                  "security",
62
                  "HIGH"
63
                ]
64
              }
65
            }
66
          ],
67
          "version": "0.51.1"
68
        }
69
      },
70
      "results": [
71
        {
72
          "ruleId": "slack-access-token",
73
          "ruleIndex": 0,
74
          "level": "error",
75
          "message": {
76
            "text": "Artifact: .bash_profile\nType: \nSecret Slack token\nSeverity: HIGH\nMatch: 8f74'\nexport SLACK_API_TOKEN='*****************-581481478633-908968"
77
          },
78
          "locations": [
79
            {
80
              "physicalLocation": {
81
                "artifactLocation": {
82
                  "uri": ".bash_profile",
83
                  "uriBaseId": "ROOTPATH"
84
                },
85
                "region": {
86
                  "startLine": 23,
87
                  "startColumn": 1,
88
                  "endLine": 23,
89
                  "endColumn": 1
90
                }
91
              },
92
              "message": {
93
                "text": ".bash_profile"
94
              }
95
            }
96
          ]
97
        },
98
        {
99
          "ruleId": "private-key",
100
          "ruleIndex": 1,
101
          "level": "error",
102
          "message": {
103
            "text": "Artifact: .ssh/id_rsa\nType: \nSecret Asymmetric Private Key\nSeverity: HIGH\nMatch: ----BEGIN RSA PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE"
104
          },
105
          "locations": [
106
            {
107
              "physicalLocation": {
108
                "artifactLocation": {
109
                  "uri": ".ssh/id_rsa",
110
                  "uriBaseId": "ROOTPATH"
111
                },
112
                "region": {
113
                  "startLine": 1,
114
                  "startColumn": 1,
115
                  "endLine": 1,
116
                  "endColumn": 1
117
                }
118
              },
119
              "message": {
120
                "text": ".ssh/id_rsa"
121
              }
122
            }
123
          ]
124
        },
125
        {
126
          "ruleId": "private-key",
127
          "ruleIndex": 1,
128
          "level": "error",
129
          "message": {
130
            "text": "Artifact: misc-keys/cert-key.pem\nType: \nSecret Asymmetric Private Key\nSeverity: HIGH\nMatch: -----BEGIN PRIVATE KEY-----*******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END PRIVATE KEY"
131
          },
132
          "locations": [
133
            {
134
              "physicalLocation": {
135
                "artifactLocation": {
136
                  "uri": "misc-keys/cert-key.pem",
137
                  "uriBaseId": "ROOTPATH"
138
                },
139
                "region": {
140
                  "startLine": 1,
141
                  "startColumn": 1,
142
                  "endLine": 1,
143
                  "endColumn": 1
144
                }
145
              },
146
              "message": {
147
                "text": "misc-keys/cert-key.pem"
148
              }
149
            }
150
          ]
151
        }
152
      ],
153
      "columnKind": "utf16CodeUnits",
154
      "originalUriBaseIds": {
155
        "ROOTPATH": {
156
          "uri": "file:///workspace/olegzhr/leaky-repo/"
157
        }
158
      }
159
    }
160
  ]
161
}
leaky-repo

Использование cookies
