Regular workflows #24
An automation triggered a pipeline warning
Found 5 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.
Output from Automations
4 rules were checked:
If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email
📤 The rule triggered for the following dependencies, causing an email notification. Manage rule
| Dependency | Dependency Licenses |
|---|---|
| OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) | GPL-1.0-or-later, GPL-2.0-only |
If there is a dependency where the license risk is at least high
then send a pipeline warning
| Dependency | Dependency Licenses |
|---|---|
| OPCFoundation.NetStandard.Opc.Ua.Core (NuGet) | GPL-1.0-or-later, GPL-2.0-only |
If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning
| Vulnerability | CVSS2 | CVSS3 | Dependency | Dependency Licenses |
|---|---|---|---|---|
| CVE-2019-0820 | 5 | 7.5 | System.Text.RegularExpressions (NuGet) | MICROSOFT .NET LIBRARY LICENSE |
| CVE-2018-8292 | 5 | 7.5 | System.Net.Http (NuGet) | MICROSOFT .NET LIBRARY LICENSE |
| CVE-2024-29857 | N/A | N/A | BouncyCastle.Cryptography (NuGet) | MIT |
| CVE-2024-30171 | N/A | N/A | BouncyCastle.Cryptography (NuGet) | MIT |
| CVE-2024-30172 | N/A | N/A | BouncyCastle.Cryptography (NuGet) | MIT |