debian-mirror-gitlab/spec/fixtures/security_reports/master/gl-sast-report-gosec.json
2022-06-21 17:19:12 +05:30

68 lines
1.8 KiB
JSON

{
"version": "14.0.4",
"vulnerabilities": [
{
"id": "2e5656ff30e2e7cc93c36b4845c8a689ddc47fdbccf45d834c67442fbaa89be0",
"category": "sast",
"name": "Key Exchange without Entity Authentication",
"message": "Use of ssh InsecureIgnoreHostKey should be audited",
"description": "The software performs a key exchange with an actor without verifying the identity of that actor.",
"cve": "og.go:8:7: func foo() {\n8: \t_ = ssh.InsecureIgnoreHostKey()\n9: }\n:CWE-322",
"severity": "Medium",
"confidence": "High",
"raw_source_code_extract": "7: func foo() {\n8: \t_ = ssh.InsecureIgnoreHostKey()\n9: }\n",
"scanner": {
"id": "gosec",
"name": "Gosec"
},
"location": {
"file": "og.go",
"start_line": 8
},
"identifiers": [
{
"type": "gosec_rule_id",
"name": "Gosec Rule ID G106",
"value": "G106"
},
{
"type": "CWE",
"name": "CWE-322",
"value": "322",
"url": "https://cwe.mitre.org/data/definitions/322.html"
}
],
"tracking": {
"type": "source",
"items": [
{
"file": "og.go",
"line_start": 8,
"line_end": 8,
"signatures": [
{
"algorithm": "scope_offset",
"value": "og.go|foo[0]:1"
}
]
}
]
}
}
],
"scan": {
"scanner": {
"id": "gosec",
"name": "Gosec",
"url": "https://github.com/securego/gosec",
"vendor": {
"name": "GitLab"
},
"version": "2.10.0"
},
"type": "sast",
"start_time": "2022-03-15T20:33:12",
"end_time": "2022-03-15T20:33:17",
"status": "success"
}
}