{ "version": "15.0.0", "vulnerabilities": [ { "id": "1", "category": "sast", "name": "Predictable pseudorandom number generator", "message": "Predictable pseudorandom number generator", "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:47:PREDICTABLE_RANDOM", "severity": "Medium", "confidence": "Medium", "scanner": { "id": "find_sec_bugs", "name": "Find Security Bugs" }, "location": { "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "start_line": 47, "end_line": 47, "class": "com.gitlab.security_products.tests.App", "method": "generateSecretToken2" }, "identifiers": [ { "type": "find_sec_bugs_type", "name": "Find Security Bugs-PREDICTABLE_RANDOM", "value": "PREDICTABLE_RANDOM", "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM" } ] }, { "id": "2", "category": "sast", "name": "Predictable pseudorandom number generator", "message": "Predictable pseudorandom number generator", "cve": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy:41:PREDICTABLE_RANDOM", "severity": "Low", "confidence": "Low", "scanner": { "id": "find_sec_bugs", "name": "Find Security Bugs" }, "location": { "file": "groovy/src/main/java/com/gitlab/security_products/tests/App.groovy", "start_line": 41, "end_line": 41, "class": "com.gitlab.security_products.tests.App", "method": "generateSecretToken1" }, "identifiers": [ { "type": "find_sec_bugs_type", "name": "Find Security Bugs-PREDICTABLE_RANDOM", "value": "PREDICTABLE_RANDOM", "url": "https://find-sec-bugs.github.io/bugs.htm#PREDICTABLE_RANDOM" } ] }, { "id": "3", "category": "sast", "name": "ECB mode is insecure", "message": "ECB mode is insecure", "description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data", "cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:java-maven/src/main/java/com/gitlab/security_products/tests/App.java:29", "severity": "Medium", "confidence": "High", "scanner": { "id": "find_sec_bugs", "name": "Find Security Bugs" }, "location": { "file": "java-maven/src/main/java/com/gitlab/security_products/tests/App.java", "start_line": 29, "end_line": 29, "class": "com.gitlab.security_products.tests.App", "method": "insecureCypher" }, "identifiers": [ { "type": "find_sec_bugs_type", "name": "Find Security Bugs-ECB_MODE", "value": "ECB_MODE", "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE" }, { "type": "cwe", "name": "CWE-327", "value": "327", "url": "https://cwe.mitre.org/data/definitions/327.html" } ] }, { "id": "4", "category": "sast", "name": "Hard coded key", "message": "Hard coded key", "description": "Hard coded cryptographic key found", "cve": "102ac67e0975ecec02a056008e0faad8:HARD_CODE_KEY:scala-sbt/src/main/scala/example/Main.scala:12", "severity": "Medium", "confidence": "High", "scanner": { "id": "find_sec_bugs", "name": "Find Security Bugs" }, "location": { "file": "scala-sbt/src/main/scala/example/Main.scala", "start_line": 12, "end_line": 12, "class": "example.Main$", "method": "getBytes" }, "identifiers": [ { "type": "find_sec_bugs_type", "name": "Find Security Bugs-HARD_CODE_KEY", "value": "HARD_CODE_KEY", "url": "https://find-sec-bugs.github.io/bugs.htm#HARD_CODE_KEY" }, { "type": "cwe", "name": "CWE-321", "value": "321", "url": "https://cwe.mitre.org/data/definitions/321.html" } ] }, { "id": "5", "category": "sast", "name": "ECB mode is insecure", "message": "ECB mode is insecure", "description": "The cipher uses ECB mode, which provides poor confidentiality for encrypted data", "cve": "ea0f905fc76f2739d5f10a1fd1e37a10:ECB_MODE:app/src/main/groovy/com/gitlab/security_products/tests/App.groovy:29", "severity": "Medium", "confidence": "High", "scanner": { "id": "find_sec_bugs", "name": "Find Security Bugs" }, "location": { "file": "app/src/main/groovy/com/gitlab/security_products/tests/App.groovy", "start_line": 29, "end_line": 29, "class": "com.gitlab.security_products.tests.App", "method": "insecureCypher" }, "identifiers": [ { "type": "find_sec_bugs_type", "name": "Find Security Bugs-ECB_MODE", "value": "ECB_MODE", "url": "https://find-sec-bugs.github.io/bugs.htm#ECB_MODE" }, { "type": "cwe", "name": "CWE-327", "value": "327", "url": "https://cwe.mitre.org/data/definitions/327.html" } ] } ], "remediations": [ ], "scan": { "analyzer": { "id": "find_sec_bugs_analyzer", "name": "Find Security Bugs Analyzer", "url": "https://gitlab.com", "vendor": { "name": "GitLab" }, "version": "1.0.0" }, "scanner": { "id": "find_sec_bugs", "name": "Find Security Bugs", "url": "https://spotbugs.github.io", "vendor": { "name": "GitLab" }, "version": "4.0.2" }, "type": "sast", "status": "success", "start_time": "2022-08-10T22:37:00", "end_time": "2022-08-10T22:38:00" } }