debian-mirror-gitlab/spec/fixtures/security_reports/master/gl-sast-report-bandit.json

{
  "version": "14.0.4",
  "vulnerabilities": [
    {
      "id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864",
      "category": "sast",
      "message": "Deserialization of Untrusted Data",
      "description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n",
      "cve": "",
      "severity": "Critical",
      "scanner": {
        "id": "bandit",
        "name": "Bandit"
      },
      "location": {
        "file": "app/app.py",
        "start_line": 39
      },
      "identifiers": [
        {
          "type": "bandit_test_id",
          "name": "Bandit Test ID B506",
          "value": "B506"
        }
      ]
    }
  ],
  "scan": {
    "scanner": {
      "id": "bandit",
      "name": "Bandit",
      "url": "https://github.com/PyCQA/bandit",
      "vendor": {
        "name": "GitLab"
      },
      "version": "1.7.1"
    },
    "type": "sast",
    "start_time": "2022-03-11T00:21:49",
    "end_time": "2022-03-11T00:21:50",
    "status": "success"
  }
}
New upstream version 14.10.4+ds1 2022-06-21 17:19:12 +05:30			`{`
			`"version": "14.0.4",`
			`"vulnerabilities": [`
			`{`
			`"id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864",`
			`"category": "sast",`
			`"message": "Deserialization of Untrusted Data",`
			"description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n",
			`"cve": "",`
			`"severity": "Critical",`
			`"scanner": {`
			`"id": "bandit",`
			`"name": "Bandit"`
			`},`
			`"location": {`
			`"file": "app/app.py",`
			`"start_line": 39`
			`},`
			`"identifiers": [`
			`{`
			`"type": "bandit_test_id",`
			`"name": "Bandit Test ID B506",`
			`"value": "B506"`
			`}`
			`]`
			`}`
			`],`
			`"scan": {`
			`"scanner": {`
			`"id": "bandit",`
			`"name": "Bandit",`
			`"url": "https://github.com/PyCQA/bandit",`
			`"vendor": {`
			`"name": "GitLab"`
			`},`
			`"version": "1.7.1"`
			`},`
			`"type": "sast",`
			`"start_time": "2022-03-11T00:21:49",`
			`"end_time": "2022-03-11T00:21:50",`
			`"status": "success"`
			`}`
New upstream version 15.4.2+ds1 2022-10-11 01:57:18 +05:30			`}`