diff --git a/IaC_scan_output.json b/IaC_scan_output.json new file mode 100644 index 00000000..5564beaa --- /dev/null +++ b/IaC_scan_output.json @@ -0,0 +1,6549 @@ +[ + { + "check_type": "terraform_plan", + "results": { + "passed_checks": [], + "failed_checks": [], + "skipped_checks": [], + "parsing_errors": [ + "/tmp/ws-scm/vonage-python-sdk/tests/data/null.json", + "/tmp/ws-scm/vonage-python-sdk/tests/data/no_content.json", + "/tmp/ws-scm/vonage-python-sdk/tests/data/account/secret_management/delete.json" + ] + }, + "summary": { + "passed": 0, + "failed": 0, + "skipped": 0, + "parsing_errors": 3, + "resource_count": 0, + "checkov_version": "2.3.298" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" + }, + { + "check_type": "secrets", + "results": { + "passed_checks": [], + "failed_checks": [ + { + "check_id": "CKV_SECRET_13", + "bc_check_id": "BC_GIT_13", + "check_name": "Private Key", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 1, + "{\n" + ] + ], + "file_path": "/tests/data/applications/create_application.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/applications/create_application.json", + "repo_file_path": "/tests/data/applications/create_application.json", + "file_line_range": [ + 1, + 2 + ], + "resource": "bd1860c5e4498f4c8a777c88522bc5262232d641", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-13.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 17, + " \"href\": \"https://meetings.vonage.com/updated_company_url/?room_token=613804614&participant_token=eyJhbG**********************************************************************************************************************************************************************************************46AYaDgMu_IdNPkmToKFGB_CqWYKM2xFpKU0vc3-E_E\"\n" + ] + ], + "file_path": "/tests/data/meetings/list_rooms_with_theme_id.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/list_rooms_with_theme_id.json", + "repo_file_path": "/tests/data/meetings/list_rooms_with_theme_id.json", + "file_line_range": [ + 17, + 18 + ], + "resource": "d23f225c962db6277e19cff73f4f73da9aeeb89a", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 14, + " \"href\": \"https://meetings.vonage.com/?room_token=613804614&participant_token=eyJhbG**********************************************************************************************************************************************************************************************fm7q551LKnZaUcvZ30AmU62jRnvL94Do2sJKU0mHUmE\"\n" + ] + ], + "file_path": "/tests/data/meetings/long_term_room.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/long_term_room.json", + "repo_file_path": "/tests/data/meetings/long_term_room.json", + "file_line_range": [ + 14, + 15 + ], + "resource": "c2b09dabce864c4418d6b5b1eadd6d5d7b4b74f1", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 14, + " \"href\": \"https://meetings.vonage.com/updated_company_url/?room_token=613804614&participant_token=eyJhbG**********************************************************************************************************************************************************************************************XFjcJFNZU9Ez_4x-uGIj079TTvttNHkkfA54JTDqglM\"\n" + ] + ], + "file_path": "/tests/data/meetings/long_term_room_with_theme.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/long_term_room_with_theme.json", + "repo_file_path": "/tests/data/meetings/long_term_room_with_theme.json", + "file_line_range": [ + 14, + 15 + ], + "resource": "511e252f656ba53d54a38015d4e6772fcd7f1757", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 14, + " \"href\": \"https://meetings.vonage.com/?room_token=412958792&participant_token=eyJhbG**********************************************************************************************************************************************************************************************Q0BPbu3ZyISYf1QaW2bLVNOrZ1tjQJCQ7nsOP_0us1E\"\n" + ] + ], + "file_path": "/tests/data/meetings/meeting_room.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/meeting_room.json", + "repo_file_path": "/tests/data/meetings/meeting_room.json", + "file_line_range": [ + 14, + 15 + ], + "resource": "6f31e90660fbf3e7212b3278d5229ca70da6c0ad", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 17, + " \"href\": \"https://meetings.vonage.com/?room_token=697975707&participant_token=eyJhbG**********************************************************************************************************************************************************************************************qOmyuJL1eVqUzdTlAGKZX-h5Q-dTZnoKG4Jto5AzWHs\"\n" + ] + ], + "file_path": "/tests/data/meetings/multiple_fewer_rooms.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/multiple_fewer_rooms.json", + "repo_file_path": "/tests/data/meetings/multiple_fewer_rooms.json", + "file_line_range": [ + 17, + 18 + ], + "resource": "7e47fbe66820f1c24a730dcbb0bbd96e5439609b", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 54, + " \"href\": \"https://meetings.vonage.com/?room_token=254629696&participant_token=eyJhbG**********************************************************************************************************************************************************************************************LOyItIhYtKHvhlGNmGFoE6diMH-dODckBVI0OraLB6A\"\n" + ] + ], + "file_path": "/tests/data/meetings/multiple_fewer_rooms.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/multiple_fewer_rooms.json", + "repo_file_path": "/tests/data/meetings/multiple_fewer_rooms.json", + "file_line_range": [ + 54, + 55 + ], + "resource": "d5b1332db1942da44cf569791f5960b76ad6c85a", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 17, + " \"href\": \"https://meetings.vonage.com/?room_token=697975707&participant_token=eyJhbG**********************************************************************************************************************************************************************************************qOmyuJL1eVqUzdTlAGKZX-h5Q-dTZnoKG4Jto5AzWHs\"\n" + ] + ], + "file_path": "/tests/data/meetings/multiple_rooms.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/multiple_rooms.json", + "repo_file_path": "/tests/data/meetings/multiple_rooms.json", + "file_line_range": [ + 17, + 18 + ], + "resource": "7e47fbe66820f1c24a730dcbb0bbd96e5439609b", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 54, + " \"href\": \"https://meetings.vonage.com/?room_token=254629696&participant_token=eyJhbG**********************************************************************************************************************************************************************************************LOyItIhYtKHvhlGNmGFoE6diMH-dODckBVI0OraLB6A\"\n" + ] + ], + "file_path": "/tests/data/meetings/multiple_rooms.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/multiple_rooms.json", + "repo_file_path": "/tests/data/meetings/multiple_rooms.json", + "file_line_range": [ + 54, + 55 + ], + "resource": "d5b1332db1942da44cf569791f5960b76ad6c85a", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 91, + " \"href\": \"https://meetings.vonage.com/?room_token=659359326&participant_token=eyJhbG**********************************************************************************************************************************************************************************************TYjAbWOYdlt7UsjyQh-Y7Qr0hfWElIDrJQTNrOQuLSg\"\n" + ] + ], + "file_path": "/tests/data/meetings/multiple_rooms.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/multiple_rooms.json", + "repo_file_path": "/tests/data/meetings/multiple_rooms.json", + "file_line_range": [ + 91, + 92 + ], + "resource": "fea225f2d75ec00a5871e34cb6332a23ef30a088", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 128, + " \"href\": \"https://meetings.vonage.com/?room_token=752928832&participant_token=eyJhbG**********************************************************************************************************************************************************************************************afMtFPyLAgZvGsR66pPj0op7sgnNjfj4BHxhU1OP8_w\"\n" + ] + ], + "file_path": "/tests/data/meetings/multiple_rooms.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/multiple_rooms.json", + "repo_file_path": "/tests/data/meetings/multiple_rooms.json", + "file_line_range": [ + 128, + 129 + ], + "resource": "1d8865bc4f73f2dc339fb0d70b73424680d7bb28", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 165, + " \"href\": \"https://meetings.vonage.com/?room_token=412958792&participant_token=eyJhbG**********************************************************************************************************************************************************************************************hCAmGR3dxnV7LkSyCXYyUXlXYr-LBfAANMjipm6PumM\"\n" + ] + ], + "file_path": "/tests/data/meetings/multiple_rooms.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/multiple_rooms.json", + "repo_file_path": "/tests/data/meetings/multiple_rooms.json", + "file_line_range": [ + 165, + 166 + ], + "resource": "0bcd72330e1d0b6e96d789cfe6c5d05f66bd1970", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 14, + " \"href\": \"https://meetings.vonage.com/?room_token=613804614&participant_token=eyJhbG**********************************************************************************************************************************************************************************************fm7q551LKnZaUcvZ30AmU62jRnvL94Do2sJKU0mHUmE\"\n" + ] + ], + "file_path": "/tests/data/meetings/update_room.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/meetings/update_room.json", + "repo_file_path": "/tests/data/meetings/update_room.json", + "file_line_range": [ + 14, + 15 + ], + "resource": "c2b09dabce864c4418d6b5b1eadd6d5d7b4b74f1", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-9.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_6", + "bc_check_id": "BC_GIT_6", + "check_name": "Base64 High Entropy String", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 3, + " \"secret\": \"Pa*********\",\n" + ] + ], + "file_path": "/tests/data/subaccounts/subaccount.json", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/tests/data/subaccounts/subaccount.json", + "repo_file_path": "/tests/data/subaccounts/subaccount.json", + "file_line_range": [ + 3, + 4 + ], + "resource": "b2e98ad6f6eb8508dd6a14cfa704bad7f05f6fb1", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + } + ], + "skipped_checks": [], + "parsing_errors": [] + }, + "summary": { + "passed": 0, + "failed": 14, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 14, + "checkov_version": "2.3.298" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" + }, + { + "check_type": "github_actions", + "results": { + "passed_checks": [ + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Test", + "runs-on": "${{ matrix.os }}", + "strategy": { + "fail-fast": false, + "matrix": { + "python": [ + "3.8", + "3.9", + "3.10", + "3.11" + ], + "os": [ + "ubuntu-latest", + "macos-latest" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + }, + { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + }, + { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + ], + "__startline__": 19, + "__endline__": 38 + } + }, + "code_block": [ + [ + 19, + " name: Test\n" + ], + [ + 20, + " runs-on: ${{ matrix.os }}\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: false\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python: [\"3.8\", \"3.9\", \"3.10\", \"3.11\"]\n" + ], + [ + 25, + " os: [\"ubuntu-latest\", \"macos-latest\"]\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 19, + 39 + ], + "resource": "jobs(test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_5", + "bc_check_id": "BC_REPO_GITHUB_ACTION_5", + "check_name": "Found artifact build without evidence of cosign sign execution in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "test": { + "name": "Test", + "runs-on": "${{ matrix.os }}", + "strategy": { + "fail-fast": false, + "matrix": { + "python": [ + "3.8", + "3.9", + "3.10", + "3.11" + ], + "os": [ + "ubuntu-latest", + "macos-latest" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + }, + { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + }, + { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + ], + "__startline__": 19, + "__endline__": 38 + }, + "__startline__": 18, + "__endline__": 38 + } + }, + "code_block": [ + [ + 18, + " test:\n" + ], + [ + 19, + " name: Test\n" + ], + [ + 20, + " runs-on: ${{ matrix.os }}\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: false\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python: [\"3.8\", \"3.9\", \"3.10\", \"3.11\"]\n" + ], + [ + 25, + " os: [\"ubuntu-latest\", \"macos-latest\"]\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 18, + 39 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignArtifacts", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/no-evidence-of-signing.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_6", + "bc_check_id": "BC_REPO_GITHUB_ACTION_6", + "check_name": "Found artifact build without evidence of cosign sbom attestation in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "test": { + "name": "Test", + "runs-on": "${{ matrix.os }}", + "strategy": { + "fail-fast": false, + "matrix": { + "python": [ + "3.8", + "3.9", + "3.10", + "3.11" + ], + "os": [ + "ubuntu-latest", + "macos-latest" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + }, + { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + }, + { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + ], + "__startline__": 19, + "__endline__": 38 + }, + "__startline__": 18, + "__endline__": 38 + } + }, + "code_block": [ + [ + 18, + " test:\n" + ], + [ + 19, + " name: Test\n" + ], + [ + 20, + " runs-on: ${{ matrix.os }}\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: false\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python: [\"3.8\", \"3.9\", \"3.10\", \"3.11\"]\n" + ], + [ + 25, + " os: [\"ubuntu-latest\", \"macos-latest\"]\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 18, + 39 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignSBOM", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/found-artifact-build-without-evidence-of-cosign-sbom-attestation-in-pipeline.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Test", + "runs-on": "${{ matrix.os }}", + "strategy": { + "fail-fast": false, + "matrix": { + "python": [ + "3.8", + "3.9", + "3.10", + "3.11" + ], + "os": [ + "ubuntu-latest", + "macos-latest" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + }, + { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + }, + { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + ], + "__startline__": 19, + "__endline__": 38 + } + }, + "code_block": [ + [ + 19, + " name: Test\n" + ], + [ + 20, + " runs-on: ${{ matrix.os }}\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: false\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python: [\"3.8\", \"3.9\", \"3.10\", \"3.11\"]\n" + ], + [ + 25, + " os: [\"ubuntu-latest\", \"macos-latest\"]\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 19, + 39 + ], + "resource": "jobs(test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Test", + "runs-on": "${{ matrix.os }}", + "strategy": { + "fail-fast": false, + "matrix": { + "python": [ + "3.8", + "3.9", + "3.10", + "3.11" + ], + "os": [ + "ubuntu-latest", + "macos-latest" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + }, + { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + }, + { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + ], + "__startline__": 19, + "__endline__": 38 + } + }, + "code_block": [ + [ + 19, + " name: Test\n" + ], + [ + 20, + " runs-on: ${{ matrix.os }}\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: false\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python: [\"3.8\", \"3.9\", \"3.10\", \"3.11\"]\n" + ], + [ + 25, + " os: [\"ubuntu-latest\", \"macos-latest\"]\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 19, + 39 + ], + "resource": "jobs(test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Test", + "runs-on": "${{ matrix.os }}", + "strategy": { + "fail-fast": false, + "matrix": { + "python": [ + "3.8", + "3.9", + "3.10", + "3.11" + ], + "os": [ + "ubuntu-latest", + "macos-latest" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + }, + { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + }, + { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + ], + "__startline__": 19, + "__endline__": 38 + } + }, + "code_block": [ + [ + 19, + " name: Test\n" + ], + [ + 20, + " runs-on: ${{ matrix.os }}\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: false\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python: [\"3.8\", \"3.9\", \"3.10\", \"3.11\"]\n" + ], + [ + 25, + " os: [\"ubuntu-latest\", \"macos-latest\"]\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 19, + 39 + ], + "resource": "jobs(test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + } + }, + "code_block": [ + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 27, + 31 + ], + "resource": "jobs(test).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + } + }, + "code_block": [ + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 30, + 33 + ], + "resource": "jobs(test).steps[2](Clone repo)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + } + }, + "code_block": [ + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 32, + 35 + ], + "resource": "jobs(test).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + } + }, + "code_block": [ + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 34, + 37 + ], + "resource": "jobs(test).steps[4](Run tests)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + }, + "code_block": [ + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 36, + 39 + ], + "resource": "jobs(test).steps[5](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + } + }, + "code_block": [ + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 27, + 31 + ], + "resource": "jobs(test).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + } + }, + "code_block": [ + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 30, + 33 + ], + "resource": "jobs(test).steps[2](Clone repo)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + } + }, + "code_block": [ + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 32, + 35 + ], + "resource": "jobs(test).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + } + }, + "code_block": [ + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 34, + 37 + ], + "resource": "jobs(test).steps[4](Run tests)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + }, + "code_block": [ + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 36, + 39 + ], + "resource": "jobs(test).steps[5](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + } + }, + "code_block": [ + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 27, + 31 + ], + "resource": "jobs(test).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + } + }, + "code_block": [ + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 30, + 33 + ], + "resource": "jobs(test).steps[2](Clone repo)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + } + }, + "code_block": [ + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 32, + 35 + ], + "resource": "jobs(test).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + } + }, + "code_block": [ + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 34, + 37 + ], + "resource": "jobs(test).steps[4](Run tests)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + }, + "code_block": [ + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 36, + 39 + ], + "resource": "jobs(test).steps[5](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python }}", + "__startline__": 29, + "__endline__": 30 + }, + "__startline__": 27, + "__endline__": 30 + } + }, + "code_block": [ + [ + 27, + " - uses: actions/setup-python@v4\n" + ], + [ + 28, + " with:\n" + ], + [ + 29, + " python-version: ${{ matrix.python }}\n" + ], + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 27, + 31 + ], + "resource": "jobs(test).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Clone repo", + "uses": "actions/checkout@v3", + "__startline__": 30, + "__endline__": 32 + } + }, + "code_block": [ + [ + 30, + " - name: Clone repo\n" + ], + [ + 31, + " uses: actions/checkout@v3\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 30, + 33 + ], + "resource": "jobs(test).steps[2](Clone repo)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "make install", + "__startline__": 32, + "__endline__": 34 + } + }, + "code_block": [ + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: make install\n" + ], + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 32, + 35 + ], + "resource": "jobs(test).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run tests", + "run": "make coverage", + "__startline__": 34, + "__endline__": 36 + } + }, + "code_block": [ + [ + 34, + " - name: Run tests\n" + ], + [ + 35, + " run: make coverage\n" + ], + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 34, + 37 + ], + "resource": "jobs(test).steps[4](Run tests)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v3", + "__startline__": 36, + "__endline__": 38 + } + }, + "code_block": [ + [ + 36, + " - name: Run codecov\n" + ], + [ + 37, + " uses: codecov/codecov-action@v3\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 36, + 39 + ], + "resource": "jobs(test).steps[5](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "test" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "run mutation test", + "runs-on": "ubuntu-latest", + "strategy": { + "fail-fast": true, + "matrix": { + "python-version": [ + "3.10" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "continue-on-error": true, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + }, + { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + }, + { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + }, + { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + ], + "__startline__": 19, + "__endline__": 49 + } + }, + "code_block": [ + [ + 19, + " name: run mutation test\n" + ], + [ + 20, + " runs-on: ubuntu-latest\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: true\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: [\"3.10\"]\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " continue-on-error: true\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 19, + 50 + ], + "resource": "jobs(mutation)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_5", + "bc_check_id": "BC_REPO_GITHUB_ACTION_5", + "check_name": "Found artifact build without evidence of cosign sign execution in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "mutation": { + "name": "run mutation test", + "runs-on": "ubuntu-latest", + "strategy": { + "fail-fast": true, + "matrix": { + "python-version": [ + "3.10" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "continue-on-error": true, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + }, + { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + }, + { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + }, + { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + ], + "__startline__": 19, + "__endline__": 49 + }, + "__startline__": 18, + "__endline__": 49 + } + }, + "code_block": [ + [ + 18, + " mutation:\n" + ], + [ + 19, + " name: run mutation test\n" + ], + [ + 20, + " runs-on: ubuntu-latest\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: true\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: [\"3.10\"]\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " continue-on-error: true\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 18, + 50 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignArtifacts", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/no-evidence-of-signing.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_6", + "bc_check_id": "BC_REPO_GITHUB_ACTION_6", + "check_name": "Found artifact build without evidence of cosign sbom attestation in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "mutation": { + "name": "run mutation test", + "runs-on": "ubuntu-latest", + "strategy": { + "fail-fast": true, + "matrix": { + "python-version": [ + "3.10" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "continue-on-error": true, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + }, + { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + }, + { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + }, + { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + ], + "__startline__": 19, + "__endline__": 49 + }, + "__startline__": 18, + "__endline__": 49 + } + }, + "code_block": [ + [ + 18, + " mutation:\n" + ], + [ + 19, + " name: run mutation test\n" + ], + [ + 20, + " runs-on: ubuntu-latest\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: true\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: [\"3.10\"]\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " continue-on-error: true\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 18, + 50 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignSBOM", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/found-artifact-build-without-evidence-of-cosign-sbom-attestation-in-pipeline.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "run mutation test", + "runs-on": "ubuntu-latest", + "strategy": { + "fail-fast": true, + "matrix": { + "python-version": [ + "3.10" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "continue-on-error": true, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + }, + { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + }, + { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + }, + { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + ], + "__startline__": 19, + "__endline__": 49 + } + }, + "code_block": [ + [ + 19, + " name: run mutation test\n" + ], + [ + 20, + " runs-on: ubuntu-latest\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: true\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: [\"3.10\"]\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " continue-on-error: true\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 19, + 50 + ], + "resource": "jobs(mutation)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "run mutation test", + "runs-on": "ubuntu-latest", + "strategy": { + "fail-fast": true, + "matrix": { + "python-version": [ + "3.10" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "continue-on-error": true, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + }, + { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + }, + { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + }, + { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + ], + "__startline__": 19, + "__endline__": 49 + } + }, + "code_block": [ + [ + 19, + " name: run mutation test\n" + ], + [ + 20, + " runs-on: ubuntu-latest\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: true\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: [\"3.10\"]\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " continue-on-error: true\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 19, + 50 + ], + "resource": "jobs(mutation)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "run mutation test", + "runs-on": "ubuntu-latest", + "strategy": { + "fail-fast": true, + "matrix": { + "python-version": [ + "3.10" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 22, + "__endline__": 26 + }, + "continue-on-error": true, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + }, + { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + }, + { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + }, + { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + ], + "__startline__": 19, + "__endline__": 49 + } + }, + "code_block": [ + [ + 19, + " name: run mutation test\n" + ], + [ + 20, + " runs-on: ubuntu-latest\n" + ], + [ + 21, + " strategy:\n" + ], + [ + 22, + " fail-fast: true\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: [\"3.10\"]\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " continue-on-error: true\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 19, + 50 + ], + "resource": "jobs(mutation)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_7", + "bc_check_id": "BC_REPO_GITHUB_ACTION_7", + "check_name": "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. ", + "check_result": { + "result": "PASSED", + "results_configuration": "workflow_dispatch" + }, + "code_block": [], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 0, + 1 + ], + "resource": "on(Mutation Test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.EmptyWorkflowDispatch", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/github-actions-contain-workflow-dispatch-input-parameters", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + } + }, + "code_block": [ + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 29, + 31 + ], + "resource": "jobs(mutation).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + } + }, + "code_block": [ + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 30, + 35 + ], + "resource": "jobs(mutation).steps[2](Set up Python ${{ matrix.python-version }})", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + } + }, + "code_block": [ + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 34, + 40 + ], + "resource": "jobs(mutation).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + } + }, + "code_block": [ + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 39, + 43 + ], + "resource": "jobs(mutation).steps[4](Run mutation test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + } + }, + "code_block": [ + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 42, + 46 + ], + "resource": "jobs(mutation).steps[5](Save HTML output)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": "BC_REPO_GITHUB_ACTION_1", + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + }, + "code_block": [ + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 45, + 50 + ], + "resource": "jobs(mutation).steps[6]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-actions-allow-unsecure-commands-isnt-true-on-environment-variables", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + } + }, + "code_block": [ + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 29, + 31 + ], + "resource": "jobs(mutation).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + } + }, + "code_block": [ + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 30, + 35 + ], + "resource": "jobs(mutation).steps[2](Set up Python ${{ matrix.python-version }})", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + } + }, + "code_block": [ + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 34, + 40 + ], + "resource": "jobs(mutation).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + } + }, + "code_block": [ + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 39, + 43 + ], + "resource": "jobs(mutation).steps[4](Run mutation test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + } + }, + "code_block": [ + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 42, + 46 + ], + "resource": "jobs(mutation).steps[5](Save HTML output)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": "BC_REPO_GITHUB_ACTION_4", + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + }, + "code_block": [ + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 45, + 50 + ], + "resource": "jobs(mutation).steps[6]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-netcat-with-ip-address.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + } + }, + "code_block": [ + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 29, + 31 + ], + "resource": "jobs(mutation).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + } + }, + "code_block": [ + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 30, + 35 + ], + "resource": "jobs(mutation).steps[2](Set up Python ${{ matrix.python-version }})", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + } + }, + "code_block": [ + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 34, + 40 + ], + "resource": "jobs(mutation).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + } + }, + "code_block": [ + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 39, + 43 + ], + "resource": "jobs(mutation).steps[4](Run mutation test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + } + }, + "code_block": [ + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 42, + 46 + ], + "resource": "jobs(mutation).steps[5](Save HTML output)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": "BC_REPO_GITHUB_ACTION_2", + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + }, + "code_block": [ + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 45, + 50 + ], + "resource": "jobs(mutation).steps[6]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/ensure-run-commands-are-not-vulnerable-to-shell-injection.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/checkout@v3", + "__startline__": 29, + "__endline__": 30 + } + }, + "code_block": [ + [ + 29, + " - uses: actions/checkout@v3\n" + ], + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 29, + 31 + ], + "resource": "jobs(mutation).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 33, + "__endline__": 34 + }, + "__startline__": 30, + "__endline__": 34 + } + }, + "code_block": [ + [ + 30, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 31, + " uses: actions/setup-python@v4\n" + ], + [ + 32, + " with:\n" + ], + [ + 33, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 30, + 35 + ], + "resource": "jobs(mutation).steps[2](Set up Python ${{ matrix.python-version }})", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\nif [ -f requirements.txt ]; then pip install -r requirements.txt; fi\npython -m pip install mutmut\n", + "__startline__": 34, + "__endline__": 39 + } + }, + "code_block": [ + [ + 34, + " - name: Install dependencies\n" + ], + [ + 35, + " run: |\n" + ], + [ + 36, + " python -m pip install --upgrade pip\n" + ], + [ + 37, + " if [ -f requirements.txt ]; then pip install -r requirements.txt; fi\n" + ], + [ + 38, + " python -m pip install mutmut\n" + ], + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 34, + 40 + ], + "resource": "jobs(mutation).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run mutation test", + "run": "mutmut run --no-progress --CI\n", + "__startline__": 39, + "__endline__": 42 + } + }, + "code_block": [ + [ + 39, + " - name: Run mutation test\n" + ], + [ + 40, + " run: |\n" + ], + [ + 41, + " mutmut run --no-progress --CI\n" + ], + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 39, + 43 + ], + "resource": "jobs(mutation).steps[4](Run mutation test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Save HTML output", + "run": "mutmut html\n", + "__startline__": 42, + "__endline__": 45 + } + }, + "code_block": [ + [ + 42, + " - name: Save HTML output\n" + ], + [ + 43, + " run: |\n" + ], + [ + 44, + " mutmut html\n" + ], + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 42, + 46 + ], + "resource": "jobs(mutation).steps[5](Save HTML output)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": "BC_REPO_GITHUB_ACTION_3", + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/upload-artifact@v3", + "with": { + "name": "mutation-test-report", + "path": "html/", + "__startline__": 47, + "__endline__": 49 + }, + "__startline__": 45, + "__endline__": 49 + } + }, + "code_block": [ + [ + 45, + " - uses: actions/upload-artifact@v3\n" + ], + [ + 46, + " with:\n" + ], + [ + 47, + " name: mutation-test-report\n" + ], + [ + 48, + " path: html/\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 45, + 50 + ], + "resource": "jobs(mutation).steps[6]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/build-integrity-policies/github-actions-policies/suspicious-use-of-curl-with-secrets.html", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "mutation" + ], + "workflow_name": "Mutation Test" + }, + { + "check_id": "CKV2_GHA_1", + "bc_check_id": null, + "check_name": "Ensure top-level permissions are not set to write-all", + "check_result": { + "result": "PASSED", + "evaluated_keys": [ + "permissions" + ] + }, + "code_block": [ + [ + 5, + " actions: write\n" + ], + [ + 6, + " checks: write\n" + ], + [ + 7, + " contents: read\n" + ], + [ + 8, + " deployments: read\n" + ], + [ + 9, + " issues: write\n" + ], + [ + 10, + " discussions: write\n" + ], + [ + 11, + " packages: read\n" + ], + [ + 12, + " pages: write\n" + ], + [ + 13, + " pull-requests: write\n" + ], + [ + 14, + " security-events: write\n" + ], + [ + 15, + " statuses: write\n" + ], + [ + 16, + "\n" + ], + [ + 17, + "jobs:\n" + ], + [ + 18, + " test:\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 5, + 18 + ], + "resource": "on(Build)", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "push" + ] + ], + "job": [ + "" + ], + "workflow_name": "Build" + }, + { + "check_id": "CKV2_GHA_1", + "bc_check_id": null, + "check_name": "Ensure top-level permissions are not set to write-all", + "check_result": { + "result": "PASSED", + "evaluated_keys": [ + "permissions" + ] + }, + "code_block": [ + [ + 5, + " actions: write\n" + ], + [ + 6, + " checks: write\n" + ], + [ + 7, + " contents: read\n" + ], + [ + 8, + " deployments: read\n" + ], + [ + 9, + " issues: write\n" + ], + [ + 10, + " discussions: write\n" + ], + [ + 11, + " packages: read\n" + ], + [ + 12, + " pages: write\n" + ], + [ + 13, + " pull-requests: write\n" + ], + [ + 14, + " security-events: write\n" + ], + [ + 15, + " statuses: write\n" + ], + [ + 16, + "\n" + ], + [ + 17, + "jobs:\n" + ], + [ + 18, + " mutation:\n" + ] + ], + "file_path": "/.github/workflows/mutation-test.yml", + "file_abs_path": "/tmp/ws-scm/vonage-python-sdk/.github/workflows/mutation-test.yml", + "repo_file_path": "/.github/workflows/mutation-test.yml", + "file_line_range": [ + 5, + 18 + ], + "resource": "on(Mutation Test)", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "workflow_dispatch" + ] + ], + "job": [ + "" + ], + "workflow_name": "Mutation Test" + } + ], + "failed_checks": [], + "skipped_checks": [], + "parsing_errors": [] + }, + "summary": { + "passed": 59, + "failed": 0, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 0, + "checkov_version": "2.3.298" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" + } +]