We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
better response? hide some internal stack traces...
$ semgrep scan --config auto ┌──── ○○○ ────┐ │ Semgrep CLI │ └─────────────┘ Scanning 100 files (only git-tracked) with: ✔ Semgrep OSS ✔ Basic security coverage for first-party code vulnerabilities. ✔ Semgrep Code (SAST) ✔ Find and fix vulnerabilities in the code you write with advanced scanning and expert security rules. ✘ Semgrep Supply Chain (SCA) ✘ Find and fix the reachable vulnerabilities in your OSS dependencies. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100% 0:00:00 ┌─────────────────┐ │ 8 Code Findings │ └─────────────────┘ src/main/java/ch/weetech/network/HttpClientApp.java java.lang.security.audit.active-debug-code-printstacktrace.active-debug-code-printstacktrace Possible active debug code detected. Deploying an application with debug code can create unintended entry points or expose sensitive information. Details: https://sg.run/4K8z 67┆ e.printStackTrace(new PrintWriter(sw)); ⋮┆---------------------------------------- 72┆ e.printStackTrace(new PrintWriter(sw)); ⋮┆---------------------------------------- 77┆ e.printStackTrace(new PrintWriter(sw)); ⋮┆---------------------------------------- 82┆ e.printStackTrace(new PrintWriter(sw)); ⋮┆---------------------------------------- 126┆ e.printStackTrace(new PrintWriter(sw)); ⋮┆---------------------------------------- 131┆ e.printStackTrace(new PrintWriter(sw)); ⋮┆---------------------------------------- 136┆ e.printStackTrace(new PrintWriter(sw)); ⋮┆---------------------------------------- 141┆ e.printStackTrace(new PrintWriter(sw)); ┌──────────────┐ │ Scan Summary │ └──────────────┘ Some files were skipped or only partially analyzed. Scan was limited to files tracked by git. Partially scanned: 1 files only partially analyzed due to parsing or internal Semgrep errors Scan skipped: 36 files matching .semgrepignore patterns For a full list of skipped files, run semgrep with the --verbose flag. Ran 291 rules on 64 files: 8 findings.
The text was updated successfully, but these errors were encountered:
https://medium.com/@mostafa.elnakeb/supercharging-your-code-quality-with-semgrep-sast-in-github-actions-c8f30eb26655
Sorry, something went wrong.
No branches or pull requests
better response? hide some internal stack traces...
The text was updated successfully, but these errors were encountered: