From 6024f6d9d9e84faca38d7627c83138e5e09c1e41 Mon Sep 17 00:00:00 2001 From: "mend-for-github-com[bot]" <50673670+mend-for-github-com[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 15:32:21 +0000 Subject: [PATCH] Added IaC scan results file --- IaC_scan_output.json | 3413 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3413 insertions(+) create mode 100644 IaC_scan_output.json diff --git a/IaC_scan_output.json b/IaC_scan_output.json new file mode 100644 index 0000000..2b148b5 --- /dev/null +++ b/IaC_scan_output.json @@ -0,0 +1,3413 @@ +{ + "check_type": "github_actions", + "results": { + "passed_checks": [ + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "steps": [ + { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + ], + "__startline__": 22, + "__endline__": 31 + } + }, + "code_block": [ + [ + 22, + " runs-on: ubuntu-latest\n" + ], + [ + 23, + " steps:\n" + ], + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 22, + 32 + ], + "resource": "jobs(recordMetrics)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_5", + "bc_check_id": null, + "check_name": "Found artifact build without evidence of cosign sign execution in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "recordMetrics": { + "runs-on": "ubuntu-latest", + "steps": [ + { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + ], + "__startline__": 22, + "__endline__": 31 + }, + "__startline__": 21, + "__endline__": 31 + } + }, + "code_block": [ + [ + 21, + " recordMetrics:\n" + ], + [ + 22, + " runs-on: ubuntu-latest\n" + ], + [ + 23, + " steps:\n" + ], + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 21, + 32 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignArtifacts", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_6", + "bc_check_id": null, + "check_name": "Found artifact build without evidence of cosign sbom attestation in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "recordMetrics": { + "runs-on": "ubuntu-latest", + "steps": [ + { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + ], + "__startline__": 22, + "__endline__": 31 + }, + "__startline__": 21, + "__endline__": 31 + } + }, + "code_block": [ + [ + 21, + " recordMetrics:\n" + ], + [ + 22, + " runs-on: ubuntu-latest\n" + ], + [ + 23, + " steps:\n" + ], + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 21, + 32 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignSBOM", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "steps": [ + { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + ], + "__startline__": 22, + "__endline__": 31 + } + }, + "code_block": [ + [ + 22, + " runs-on: ubuntu-latest\n" + ], + [ + 23, + " steps:\n" + ], + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 22, + 32 + ], + "resource": "jobs(recordMetrics)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "steps": [ + { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + ], + "__startline__": 22, + "__endline__": 31 + } + }, + "code_block": [ + [ + 22, + " runs-on: ubuntu-latest\n" + ], + [ + 23, + " steps:\n" + ], + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 22, + 32 + ], + "resource": "jobs(recordMetrics)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "steps": [ + { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + ], + "__startline__": 22, + "__endline__": 31 + } + }, + "code_block": [ + [ + 22, + " runs-on: ubuntu-latest\n" + ], + [ + 23, + " steps:\n" + ], + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 22, + 32 + ], + "resource": "jobs(recordMetrics)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_7", + "bc_check_id": null, + "check_name": "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. ", + "check_result": { + "result": "PASSED", + "results_configuration": { + "schedule": [ + { + "cron": "0 0 * * *", + "__startline__": 5, + "__endline__": 7 + } + ], + "__startline__": 4, + "__endline__": 7 + } + }, + "code_block": [ + [ + 4, + " schedule:\n" + ], + [ + 5, + " - cron: \"0 0 * * *\"\n" + ], + [ + 6, + "\n" + ], + [ + 7, + "permissions:\n" + ], + [ + 8, + " actions: write\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 4, + 8 + ], + "resource": "on(Aggregit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.EmptyWorkflowDispatch", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + }, + "code_block": [ + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 24, + 32 + ], + "resource": "jobs(recordMetrics).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + }, + "code_block": [ + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 24, + 32 + ], + "resource": "jobs(recordMetrics).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + }, + "code_block": [ + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 24, + 32 + ], + "resource": "jobs(recordMetrics).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "michaeljolley/aggregit@v1", + "with": { + "githubToken": "${{ secrets.GITHUB_TOKEN }}", + "project_id": "${{ secrets.project_id }}", + "private_key": "${{ secrets.private_key }}", + "client_email": "${{ secrets.client_email }}", + "firebaseDbUrl": "${{ secrets.firebaseDbUrl }}", + "__startline__": 26, + "__endline__": 31 + }, + "__startline__": 24, + "__endline__": 31 + } + }, + "code_block": [ + [ + 24, + " - uses: michaeljolley/aggregit@v1\n" + ], + [ + 25, + " with:\n" + ], + [ + 26, + " githubToken: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 27, + " project_id: ${{ secrets.project_id }}\n" + ], + [ + 28, + " private_key: ${{ secrets.private_key }}\n" + ], + [ + 29, + " client_email: ${{ secrets.client_email }}\n" + ], + [ + 30, + " firebaseDbUrl: ${{ secrets.firebaseDbUrl }}\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 24, + 32 + ], + "resource": "jobs(recordMetrics).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "recordMetrics" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-24.04", + "strategy": { + "matrix": { + "python-version": [ + "3.9", + "3.10", + "3.11", + "3.12" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + }, + { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + ], + "__startline__": 21, + "__endline__": 40 + } + }, + "code_block": [ + [ + 21, + " runs-on: \"ubuntu-24.04\"\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: ['3.9', '3.10', '3.11', '3.12']\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 21, + 41 + ], + "resource": "jobs(test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_5", + "bc_check_id": null, + "check_name": "Found artifact build without evidence of cosign sign execution in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "test": { + "runs-on": "ubuntu-24.04", + "strategy": { + "matrix": { + "python-version": [ + "3.9", + "3.10", + "3.11", + "3.12" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + }, + { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + ], + "__startline__": 21, + "__endline__": 40 + }, + "__startline__": 19, + "__endline__": 40 + } + }, + "code_block": [ + [ + 19, + " test:\n" + ], + [ + 20, + "\n" + ], + [ + 21, + " runs-on: \"ubuntu-24.04\"\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: ['3.9', '3.10', '3.11', '3.12']\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 19, + 41 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignArtifacts", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_6", + "bc_check_id": null, + "check_name": "Found artifact build without evidence of cosign sbom attestation in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "test": { + "runs-on": "ubuntu-24.04", + "strategy": { + "matrix": { + "python-version": [ + "3.9", + "3.10", + "3.11", + "3.12" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + }, + { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + ], + "__startline__": 21, + "__endline__": 40 + }, + "__startline__": 19, + "__endline__": 40 + } + }, + "code_block": [ + [ + 19, + " test:\n" + ], + [ + 20, + "\n" + ], + [ + 21, + " runs-on: \"ubuntu-24.04\"\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: ['3.9', '3.10', '3.11', '3.12']\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 19, + 41 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignSBOM", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-24.04", + "strategy": { + "matrix": { + "python-version": [ + "3.9", + "3.10", + "3.11", + "3.12" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + }, + { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + ], + "__startline__": 21, + "__endline__": 40 + } + }, + "code_block": [ + [ + 21, + " runs-on: \"ubuntu-24.04\"\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: ['3.9', '3.10', '3.11', '3.12']\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 21, + 41 + ], + "resource": "jobs(test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-24.04", + "strategy": { + "matrix": { + "python-version": [ + "3.9", + "3.10", + "3.11", + "3.12" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + }, + { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + ], + "__startline__": 21, + "__endline__": 40 + } + }, + "code_block": [ + [ + 21, + " runs-on: \"ubuntu-24.04\"\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: ['3.9', '3.10', '3.11', '3.12']\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 21, + 41 + ], + "resource": "jobs(test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-24.04", + "strategy": { + "matrix": { + "python-version": [ + "3.9", + "3.10", + "3.11", + "3.12" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "steps": [ + { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + }, + { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + }, + { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + }, + { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + ], + "__startline__": 21, + "__endline__": 40 + } + }, + "code_block": [ + [ + 21, + " runs-on: \"ubuntu-24.04\"\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " python-version: ['3.9', '3.10', '3.11', '3.12']\n" + ], + [ + 25, + "\n" + ], + [ + 26, + " steps:\n" + ], + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 21, + 41 + ], + "resource": "jobs(test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + } + }, + "code_block": [ + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 27, + 29 + ], + "resource": "jobs(test).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + } + }, + "code_block": [ + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 28, + 33 + ], + "resource": "jobs(test).steps[2](Set up Python ${{ matrix.python-version }})", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + } + }, + "code_block": [ + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 32, + 38 + ], + "resource": "jobs(test).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + }, + "code_block": [ + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 37, + 41 + ], + "resource": "jobs(test).steps[4](Test with pytest)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + } + }, + "code_block": [ + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 27, + 29 + ], + "resource": "jobs(test).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + } + }, + "code_block": [ + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 28, + 33 + ], + "resource": "jobs(test).steps[2](Set up Python ${{ matrix.python-version }})", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + } + }, + "code_block": [ + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 32, + 38 + ], + "resource": "jobs(test).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + }, + "code_block": [ + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 37, + 41 + ], + "resource": "jobs(test).steps[4](Test with pytest)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + } + }, + "code_block": [ + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 27, + 29 + ], + "resource": "jobs(test).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + } + }, + "code_block": [ + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 28, + 33 + ], + "resource": "jobs(test).steps[2](Set up Python ${{ matrix.python-version }})", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + } + }, + "code_block": [ + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 32, + 38 + ], + "resource": "jobs(test).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + }, + "code_block": [ + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 37, + 41 + ], + "resource": "jobs(test).steps[4](Test with pytest)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "uses": "actions/checkout@v3", + "__startline__": 27, + "__endline__": 28 + } + }, + "code_block": [ + [ + 27, + " - uses: actions/checkout@v3\n" + ], + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 27, + 29 + ], + "resource": "jobs(test).steps[1]", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Set up Python ${{ matrix.python-version }}", + "uses": "actions/setup-python@v4", + "with": { + "python-version": "${{ matrix.python-version }}", + "__startline__": 31, + "__endline__": 32 + }, + "__startline__": 28, + "__endline__": 32 + } + }, + "code_block": [ + [ + 28, + " - name: Set up Python ${{ matrix.python-version }}\n" + ], + [ + 29, + " uses: actions/setup-python@v4\n" + ], + [ + 30, + " with:\n" + ], + [ + 31, + " python-version: ${{ matrix.python-version }}\n" + ], + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 28, + 33 + ], + "resource": "jobs(test).steps[2](Set up Python ${{ matrix.python-version }})", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "python -m pip install --upgrade pip\npip install -r test_requirements.txt\npip install -r requirements.txt\n", + "__startline__": 32, + "__endline__": 37 + } + }, + "code_block": [ + [ + 32, + " - name: Install dependencies\n" + ], + [ + 33, + " run: |\n" + ], + [ + 34, + " python -m pip install --upgrade pip\n" + ], + [ + 35, + " pip install -r test_requirements.txt\n" + ], + [ + 36, + " pip install -r requirements.txt\n" + ], + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 32, + 38 + ], + "resource": "jobs(test).steps[3](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Test with pytest", + "run": "pytest -v tests/test_*\n", + "__startline__": 37, + "__endline__": 40 + } + }, + "code_block": [ + [ + 37, + " - name: Test with pytest\n" + ], + [ + 38, + " run: |\n" + ], + [ + 39, + " pytest -v tests/test_*\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 37, + 41 + ], + "resource": "jobs(test).steps[4](Test with pytest)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "test" + ], + "workflow_name": "Opentok Actions" + }, + { + "check_id": "CKV2_GHA_1", + "bc_check_id": null, + "check_name": "Ensure top-level permissions are not set to write-all", + "check_result": { + "result": "PASSED", + "evaluated_keys": [ + "permissions" + ] + }, + "code_block": [ + [ + 8, + " actions: write\n" + ], + [ + 9, + " checks: write\n" + ], + [ + 10, + " contents: read\n" + ], + [ + 11, + " deployments: read\n" + ], + [ + 12, + " issues: write\n" + ], + [ + 13, + " discussions: write\n" + ], + [ + 14, + " packages: read\n" + ], + [ + 15, + " pages: write\n" + ], + [ + 16, + " pull-requests: write\n" + ], + [ + 17, + " security-events: write\n" + ], + [ + 18, + " statuses: write\n" + ], + [ + 19, + "\n" + ], + [ + 20, + "jobs:\n" + ], + [ + 21, + " recordMetrics:\n" + ] + ], + "file_path": "/.github/workflows/metrics.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/metrics.yml", + "repo_file_path": "/.github/workflows/metrics.yml", + "file_line_range": [ + 8, + 21 + ], + "resource": "on(Aggregit)", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "schedule" + ] + ], + "job": [ + "" + ], + "workflow_name": "Aggregit" + }, + { + "check_id": "CKV2_GHA_1", + "bc_check_id": null, + "check_name": "Ensure top-level permissions are not set to write-all", + "check_result": { + "result": "PASSED", + "evaluated_keys": [ + "permissions" + ] + }, + "code_block": [ + [ + 6, + " actions: write\n" + ], + [ + 7, + " checks: write\n" + ], + [ + 8, + " contents: read\n" + ], + [ + 9, + " deployments: read\n" + ], + [ + 10, + " issues: write\n" + ], + [ + 11, + " discussions: write\n" + ], + [ + 12, + " packages: read\n" + ], + [ + 13, + " pages: write\n" + ], + [ + 14, + " pull-requests: write\n" + ], + [ + 15, + " security-events: write\n" + ], + [ + 16, + " statuses: write\n" + ], + [ + 17, + "\n" + ], + [ + 18, + "jobs:\n" + ], + [ + 19, + " test:\n" + ] + ], + "file_path": "/.github/workflows/ot.yml", + "file_abs_path": "/tmp/ws-scm/Opentok-Python-SDK/.github/workflows/ot.yml", + "repo_file_path": "/.github/workflows/ot.yml", + "file_line_range": [ + 6, + 19 + ], + "resource": "on(Opentok Actions)", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "" + ], + "workflow_name": "Opentok Actions" + } + ], + "failed_checks": [], + "skipped_checks": [], + "parsing_errors": [] + }, + "summary": { + "passed": 35, + "failed": 0, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 0, + "checkov_version": "3.2.174" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" +}