@eurekadevsecops/radar 1.8.1 → 1.8.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eurekadevsecops/radar",
-  "version": "1.8.1",
+  "version": "1.8.2",
   "description": "Radar is an open-source orchestrator of security scanners.",
   "homepage": "https://www.eurekadevsecops.com/radar",
   "keywords": [

package/src/commands/scan.js

@@ -180,7 +180,7 @@ module.exports = {
     SARIF.transforms.normalize(results.sarif, target, metadata, git.root(target))
 
     // Write findings to the destination SARIF file.
-    if (outfile) fs.writeFileSync(outfile, JSON.stringify(results.sarif))
+    if (outfile) fs.writeFileSync(outfile, JSON.stringify(results.sarif, null, 2))
 
     // Send telemetry: scan results.
     if (telemetry.enabled && scanID) {

package/report.sarif

@@ -1 +0,0 @@
-{"version":"2.1.0","$schema":"https://json.schemastore.org/sarif-2.1.0.json","runs":[{"tool":{"driver":{"name":"gitleaks","semanticVersion":"v8.0.0","informationUri":"https://github.com/gitleaks/gitleaks","properties":{"officialName":"gitleaks"},"rules":[{"id":"generic-api-key","shortDescription":{"text":"Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}},{"id":"stripe-access-token","shortDescription":{"text":"Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data."}}]}},"results":[{"message":{"text":"stripe-access-token has detected secret for file apps/backend/.env."},"ruleId":"stripe-access-token","locations":[{"physicalLocation":{"artifactLocation":{"uri":"apps/backend/.env"},"region":{"startLine":30,"startColumn":24,"endLine":30,"endColumn":130,"snippet":{"text":"sk_test_51RYvkf2YG6fO9qlhtYIIbnGSXSr6xpzqdqryyPk58EVMgZMjIviKEXde8r55HE4vbVgzKwNb7owr74qRMEHUKakC007aUEcU3n"}}}}],"properties":{"tags":[]}},{"message":{"text":"generic-api-key has detected secret for file apps/backend/.env."},"ruleId":"generic-api-key","locations":[{"physicalLocation":{"artifactLocation":{"uri":"apps/backend/.env"},"region":{"startLine":5,"startColumn":2,"endLine":5,"endColumn":26,"snippet":{"text":"0123456789abcdxyz"}}}}],"properties":{"tags":[]}},{"message":{"text":"generic-api-key has detected secret for file apps/backend/.env."},"ruleId":"generic-api-key","locations":[{"physicalLocation":{"artifactLocation":{"uri":"apps/backend/.env"},"region":{"startLine":10,"startColumn":2,"endLine":10,"endColumn":62,"snippet":{"text":"e78b1199d5bc447bd36ecea679727578a9d5b0dd"}}}}],"properties":{"tags":[]}},{"message":{"text":"generic-api-key has detected secret for file apps/backend/.env."},"ruleId":"generic-api-key","locations":[{"physicalLocation":{"artifactLocation":{"uri":"apps/backend/.env"},"region":{"startLine":18,"startColumn":2,"endLine":18,"endColumn":54,"snippet":{"text":"0c8615f7-c7b2-4f45-adc3-dfeb67d967b4"}}}}],"properties":{"tags":[]}},{"message":{"text":"generic-api-key has detected secret for file apps/backend/.env."},"ruleId":"generic-api-key","locations":[{"physicalLocation":{"artifactLocation":{"uri":"apps/backend/.env"},"region":{"startLine":29,"startColumn":2,"endLine":29,"endColumn":58,"snippet":{"text":"whsec_PkjJVdKoCWMNnQMuw4mANbfMxfQnjj63"}}}}],"properties":{"tags":[]}}],"properties":{"repository":{"type":"git","url":"https://github.com/EurekaDevSecOps/app.git"},"includedirs":["apps/backend"]}},{"tool":{"driver":{"name":"grype","informationUri":"https://github.com/anchore/grype","properties":{"officialName":"grype"},"rules":[]}},"results":[],"properties":{"repository":{"type":"git","url":"https://github.com/EurekaDevSecOps/app.git"},"includedirs":["apps/backend"]}},{"tool":{"driver":{"name":"opengrep","semanticVersion":"1.5.0","properties":{"officialName":"Opengrep OSS"},"rules":[{"defaultConfiguration":{"level":"error"},"fullDescription":{"text":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'."},"help":{"markdown":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.\n\n<b>References:</b>\n - [Semgrep Rule](https://semgrep.dev/r/dockerfile.security.missing-user.missing-user)\n - [https://owasp.org/Top10/A04_2021-Insecure_Design](https://owasp.org/Top10/A04_2021-Insecure_Design)\n","text":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'."},"helpUri":"https://semgrep.dev/r/dockerfile.security.missing-user.missing-user","id":"assets.dockerfile.security.missing-user.missing-user","name":"assets.dockerfile.security.missing-user.missing-user","properties":{"precision":"very-high","tags":["CWE-250: Execution with Unnecessary Privileges","MEDIUM CONFIDENCE","OWASP-A04:2021 - Insecure Design","security"]},"shortDescription":{"text":"Opengrep Finding: assets.dockerfile.security.missing-user.missing-user"}},{"defaultConfiguration":{"level":"error"},"fullDescription":{"text":"Generic Secret detected"},"help":{"markdown":"Generic Secret detected\n\n<b>References:</b>\n - [Semgrep Rule](https://semgrep.dev/r/generic.secrets.security.detected-generic-secret.detected-generic-secret)\n - [https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures](https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures)\n","text":"Generic Secret detected"},"helpUri":"https://semgrep.dev/r/generic.secrets.security.detected-generic-secret.detected-generic-secret","id":"assets.generic.secrets.security.detected-generic-secret.detected-generic-secret","name":"assets.generic.secrets.security.detected-generic-secret.detected-generic-secret","properties":{"precision":"very-high","tags":["CWE-798: Use of Hard-coded Credentials","LOW CONFIDENCE","OWASP-A07:2021 - Identification and Authentication Failures","security"]},"shortDescription":{"text":"Opengrep Finding: assets.generic.secrets.security.detected-generic-secret.detected-generic-secret"}}]}},"invocations":[{"executionSuccessful":true,"toolExecutionNotifications":[{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/auth/guards/agent.ts:190:\n `let jwt: Awaited<ReturnType<typeof keys.verifyJWT<(typeof requiredClaims)[number]>>>` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/controllers/about_controller.ts:3:\n `pkg from '#package' with { type:` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/controllers/application_membership_controller.ts:181:\n `'APP_ADMIN' satisfies` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/controllers/membership_controller.ts:179:\n `'ORG_ADMIN' satisfies` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/controllers/stripe_webhook_controller.ts:425:\n `satisfies Stripe` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/policies/policy_helpers.ts:165:\n `'ORG_ADMIN' satisfies` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/services/jwk_cache.ts:77:\n `satisfies` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/utils/application_access.ts:65:\n `'ORG_ADMIN' satisfies` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/validators/application_membership.ts:20:\n `satisfies readonly ApplicationRole[]` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/validators/invitations.ts:29:\n `satisfies readonly OrganizationRole[]` was unexpected"}},{"descriptor":{"id":"Syntax error"},"level":"warning","message":{"text":"Syntax error at line /app/app/validators/org_membership.ts:7:\n `satisfies readonly OrganizationRole[]` was unexpected"}}]}],"results":[{"fingerprints":{"matchBasedId/v1":"05ce98718277fa686170ef7202a0768f043200190754f695c68c8815181eaf4e805f2e061b8f99e37d4553530db1e3622cf715741ca54a62549bc291272af4a3_0"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"apps/backend/.env","uriBaseId":"%SRCROOT%"},"region":{"endColumn":62,"endLine":10,"snippet":{"text":"GITHUB_CLIENT_SECRET=e78b1199d5bc447bd36ecea679727578a9d5b0dd"},"startColumn":15,"startLine":10}}}],"message":{"text":"Generic Secret detected"},"properties":{},"ruleId":"assets.generic.secrets.security.detected-generic-secret.detected-generic-secret"},{"fingerprints":{"matchBasedId/v1":"108f493d284212513046232eea055f6677464e9392d15dc19d73b5d83e1601b23b8ad7c2a631d8c1a23ee682fe0b76f316193556c656e743cb244b55f5a6b82b_0"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"apps/backend/Dockerfile","uriBaseId":"%SRCROOT%"},"region":{"endColumn":28,"endLine":35,"snippet":{"text":"CMD [ \"npm\", \"run\", \"dev\" ]"},"startColumn":1,"startLine":35}}}],"message":{"text":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'."},"properties":{},"ruleId":"assets.dockerfile.security.missing-user.missing-user"}],"properties":{"repository":{"type":"git","url":"https://github.com/EurekaDevSecOps/app.git"},"includedirs":["apps/backend"]}}]}