Code development platform for open source projects from the European Union institutions :large_blue_circle: EU Login authentication by SMS will be completely phased out by mid-2025. To see alternatives please check here

Skip to content
Snippets Groups Projects

semgrep-sast

Passed Started by
Joze RIHTARSIC
@rihtajo
1Running with gitlab-runner 15.6.1 (133d7e76)
2 on edelquality docker runner without Docker in docker mode ZcvQMEgp
3 Resolving secrets 00:00
4 Preparing the "docker" executor 00:43
5Using Docker executor with image registry.gitlab.com/security-products/semgrep:4 ...
6Pulling docker image registry.gitlab.com/security-products/semgrep:4 ...
7Using docker image sha256:a44cb188fdf80535943508ef9674bb25a3881e9cf53ea3151653881cf0db3dcf for registry.gitlab.com/security-products/semgrep:4 with digest registry.gitlab.com/security-products/semgrep@sha256:651a50fca7348922afe3e956ad8a39718db1ee127e0a46e3cc8da6cfb23b17ad ...
8 Preparing environment 00:02
9Running on runner-zcvqmegp-project-162-concurrent-1 via edelquality...
10 Getting source from Git repository 00:08
11Fetching changes with git depth set to 20...
12Reinitialized existing Git repository in /tmp/builds/ZcvQMEgp/1/edelivery/smp/.git/
13Checking out e553b985 as EDELIVERY-12247-Automate_new_SMP_UI_testcases-part_4...
14Removing smp-aggregator/target/
15Removing smp-server-library/target/
16Removing smp-webapp/target/
17Removing target/
18Skipping Git submodules setup
19 Downloading artifacts 00:37
20Downloading artifacts for build-maven-job (284649)...
21Downloading artifacts from coordinator... ok id=284649 responseStatus=200 OK token=64_ptet1
22 Executing "step_script" stage of the job script 02:09
23Using docker image sha256:a44cb188fdf80535943508ef9674bb25a3881e9cf53ea3151653881cf0db3dcf for registry.gitlab.com/security-products/semgrep:4 with digest registry.gitlab.com/security-products/semgrep@sha256:651a50fca7348922afe3e956ad8a39718db1ee127e0a46e3cc8da6cfb23b17ad ...
24$ /analyzer run
25[INFO] [Semgrep] [2023-10-17T14:29:21Z] ▶ GitLab Semgrep analyzer v4.4.16
26[INFO] [Semgrep] [2023-10-17T14:29:21Z] ▶ Detecting project
27[INFO] [Semgrep] [2023-10-17T14:29:21Z] ▶ Analyzer will attempt to analyze all projects in the repository
28[INFO] [Semgrep] [2023-10-17T14:29:21Z] ▶ Running analyzer
29[INFO] [Semgrep] [2023-10-17T14:30:58Z] ▶ Creating report
30[WARN] [Semgrep] [2023-10-17T14:30:58Z] ▶ tool notification warning: Timeout Timeout when running find_sec_bugs.OGNL_INJECTION-1 on smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlConnector.java:
31
32[WARN] [Semgrep] [2023-10-17T14:30:58Z] ▶ tool notification warning: Timeout Timeout when running find_sec_bugs.OGNL_INJECTION-1 on smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIUserService.java:
33
34[INFO] [2023-10-17T14:30:59Z] ▶ /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report-post.json written
35[INFO] [VET] [2023-10-17T14:30:59Z] ▶ GitLab VET analyzer v0.18.3
36████████████████████████████████████████████████
37███ ████ █████ ██ █ █ ██ ██ ██
38██ ██ ████ ██ █ ██████ ████ ████████ ██
39█ ███ ██ █ ███ ████ ███ ███ ██
40██ ████ ██ █ ██████ ████ ████████ ██
41████ ███████ ██ ███ ████ ██ ██
42██████ ████████████████████████████████████████
43████████████████████████████████████████████████
44[//vet import --src /tmp/builds/ZcvQMEgp/1/edelivery/smp --store /tmp/builds/ZcvQMEgp/1/edelivery/smp/vetstore --file-ext .go]
45[INFO] [VET] [2023-10-17T14:30:59Z] ▶ Vet Import Process Starting...
46[INFO] [VET] [2023-10-17T14:30:59Z] ▶
47Import time 0.142807 seconds
48[INFO] [VET] [2023-10-17T14:30:59Z] ▶ VET import complete
49[INFO] [VET] [2023-10-17T14:30:59Z] ▶ GitLab VET analyzer v0.18.3
50████████████████████████████████████████████████
51███ ████ █████ ██ █ █ ██ ██ ██
52██ ██ ████ ██ █ ██████ ████ ████████ ██
53█ ███ ██ █ ███ ████ ███ ███ ██
54██ ████ ██ █ ██████ ████ ████████ ██
55████ ███████ ██ ███ ████ ██ ██
56██████ ████████████████████████████████████████
57████████████████████████████████████████████████
58[//vet verify --reportIn /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report.json --reportOut /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report-post.json --store /tmp/builds/ZcvQMEgp/1/edelivery/smp/vetstore --config /verify/semgrep.toml]
59[INFO] [VET] [2023-10-17T14:30:59Z] ▶ Augment report
60[INFO] [VET] [2023-10-17T14:30:59Z] ▶ Report augmented within 0.010219 seconds
61[INFO] [VET] [2023-10-17T14:30:59Z] ▶ /tmp/builds/ZcvQMEgp/1/edelivery/smp/gl-sast-report-post.json written
62 Uploading artifacts for successful job 00:02
63Uploading artifacts...
64gl-sast-report.json: found 1 matching files and directories
65Uploading artifacts as "sast" to coordinator... 201 Created id=284651 responseStatus=201 Created token=64_ptet1
66 Cleaning up project directory and file based variables 00:01
67Job succeeded

For further information about the platform and support, please see https://code.europa.eu/info/about