Veraocde SCA Scan failed with exit code 7 Veracode SCA agent scanning engine ready Running the NPM scanner npm warn config only Use `--omit=dev` to omit dev dependencies from the install. Scanning completed Found 1077 lines of code Processing results... Processing results complete Summary Report Scan ID a7809d7a-9578-4359-9ac4-886e950343e1 Scan Date & Time Dec 05 2024 04:06AM UTC Account type ENTERPRISE Scan engine 3.8.78 (latest 3.8.78) Analysis time 44 seconds User runner Project /home/runner/work/uploadandscan-action/uploadandscan-action Package Manager(s) NPM Open-Source Libraries Total Libraries 174 Direct Libraries 8 Transitive Libraries 170 Vulnerable Libraries 4 Third Party Code 99.9% Security With Vulnerable Methods 0 Critical Risk Vulnerabilities 0 High Risk Vulnerabilities 2 Medium Risk Vulnerabilities 2 Low Risk Vulnerabilities 0 Vulnerabilities - Public Data CVE-2024-45296 High Risk Denial Of Service (DoS) path-to-regexp 6.2.2 CVE-2024-21538 High Risk Regular Expression Denial Of Service (ReDoS) cross-spawn 7.0.3 CVE-2024-39249 Medium Risk Regular Expression Denial Of Service (ReDoS) async 3.2.5 Vulnerabilities - Premium Data NO-CVE Medium Risk Memory Leak inflight 1.0.6 Licenses Unique Library Licenses 10 Libraries Using GPL 1 Libraries With High Risk License 1 Libraries With Medium Risk License 0 Libraries With Low Risk License 175 Libraries With Multiple Licenses 3 Libraries With Unassessable License 1 Libraries With Unrecognizable License 0 Issues Issue ID Issue Type Severity Description Library Name & Version In Use 287821596 Vulnerability 6.2 NO-CVE: Memory Leak inflight 1.0.6 287821601 License 1.0 Library has High-Risk License sjcl 1.0.8 294341592 Outdated Library 3.0 Latest version at scan: 6.0.0 @actions/github 5.1.1 309152840 Vulnerability 5.3 CVE-2024-39249: Regular Expression Denial Of Service (ReDoS) async 3.2.5 310482705 Outdated Library 3.0 Latest version at scan: 10.0.1 minimatch 9.0.4 326303604 Outdated Library 3.0 Latest version at scan: 4.5.0 fast-xml-parser 4.4.1 328445751 Vulnerability 7.5 CVE-2024-45296: Denial Of Service (DoS) path-to-regexp 6.2.2 335843711 Outdated Library 3.0 Latest version at scan: 1.11.1 @actions/core 1.10.1 340423756 Outdated Library 3.0 Latest version at scan: 2.1.11 @actions/artifact 2.1.7 355425124 Vulnerability 7.5 CVE-2024-21538: Regular Expression Denial Of Service (ReDoS) cross-spawn 7.0.3 355425125 Outdated Library 3.0 Latest version at scan: 1.7.9 axios 1.7.7 Full Report Details https://sca.analysiscenter.veracode.com/teams/PaainWzy/scans/78821040

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636