Skip to content

Add ShiftLeft build rules#3

Open
danielcycode wants to merge 1 commit into
masterfrom
demo-branch-1765198144
Open

Add ShiftLeft build rules#3
danielcycode wants to merge 1 commit into
masterfrom
demo-branch-1765198144

Conversation

@danielcycode

Copy link
Copy Markdown
Owner

Qwiet LogoQwiet Logo

This pull request enables build rules. You can read more about build rules here. The build rules are controlled by the shiftleft.yml file in the repository.

Visit app.shiftleft.io to see the security findings for this repository.

We've done a few things on your behalf

  • Forked this demo application
  • Generated a unique secret SHIFTLEFT_ACCESS_TOKEN to allow GitHub Actions in this repository to communicate with the Qwiet (Shiftleft) API
  • Committed a GitHub Action that will invoke Qwiet preZero's Static Application Security Testing (SAST) on all future pull requests on this repository
  • Created this pull request that demonstrates build rules. It also adds a status check that displays the result of the GitHub Action

Questions? Comments? Want to learn more? Get in touch with us or check out our documentation.

@github-actions

github-actions Bot commented Dec 8, 2025

Copy link
Copy Markdown

Qwiet LogoQwiet Logo

Checking analysis of application Benchmark against 3 build rules.

Using sl version 0.9.3567 (eb2f81dd6d0ae77292902712c2f3aeab7f7b1708).

Checking findings on scan 4.

Results per rule:

  • Allow no critical findings: FAIL
    (1122 matched vulnerabilities; configured threshold is 0).

    First 5 findings:

      ID   CVSS    Rating    Title                                                                                              
     1    9.0   critical   Remote Code Execution: Command Injection Through HTTP via request in BenchmarkTest00412.doPost 
     2    9.0   critical   Remote Code Execution: Command Injection Through HTTP via request in BenchmarkTest02433.doGet  
     3    9.0   critical   Remote Code Execution: Command Injection Through HTTP via request in BenchmarkTest02433.doPost 
     4    9.0   critical   Remote Code Execution: Command Injection Through HTTP via request in BenchmarkTest02612.doPost 
     5    9.0   critical   Remote Code Execution: Command Injection Through HTTP via request in BenchmarkTest01929.doPost 
     Severity rating   Count 
     Critical           1122 
     High                  0 
     Medium                0 
     Low                   0 
     Category                Count 
     SQL Injection             680 
     Remote Code Execution     327 
     LDAP Injection             75 
     XPath Injection            40 
  • Allow one OSS or container finding: pass
    (0 matched vulnerabilities; configured threshold is 1).

  • Allow no reachable OSS vulnerability: pass
    (0 matched vulnerabilities; configured threshold is 0).

1 rule failed.

@github-actions

github-actions Bot commented Dec 8, 2025

Copy link
Copy Markdown

👋 @danielcycode OWASP Benchmark scorecard is available for download in the Artifacts Section of GitHub Action

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant