diff --git a/IaC_scan_output.json b/IaC_scan_output.json new file mode 100644 index 00000000..3f4bf0ed --- /dev/null +++ b/IaC_scan_output.json @@ -0,0 +1,9808 @@ +[ + { + "check_type": "terraform_plan", + "results": { + "passed_checks": [], + "failed_checks": [], + "skipped_checks": [], + "parsing_errors": [ + "/tmp/ws-scm/vonage-php-sdk-core/test/Account/responses/empty.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Account/responses/secret-management/delete.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Meetings/Fixtures/Responses/empty.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/ProactiveConnect/Fixtures/Responses/list-clear-success.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Redact/responses/error.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Redact/responses/success.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/SMS/responses/empty.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Secrets/responses/empty.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Verify2/Fixtures/Responses/verify-cancel-success.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Verify2/Fixtures/Responses/verify-check-success.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Verify2/Fixtures/Responses/verify-next-workflow-success.json", + "/tmp/ws-scm/vonage-php-sdk-core/test/Voice/responses/empty.json" + ] + }, + "summary": { + "passed": 0, + "failed": 0, + "skipped": 0, + "parsing_errors": 12, + "resource_count": 0, + "checkov_version": "2.3.298" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" + }, + { + "check_type": "secrets", + "results": { + "passed_checks": [], + "failed_checks": [ + { + "check_id": "CKV_SECRET_6", + "bc_check_id": "BC_GIT_6", + "check_name": "Base64 High Entropy String", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 12, + " \"X-Amz-Security-Token\": \"IQoJb3******************************************\",\n" + ] + ], + "file_path": "/test/Meetings/Fixtures/Responses/get-upload-urls-success.json", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/test/Meetings/Fixtures/Responses/get-upload-urls-success.json", + "repo_file_path": "/test/Meetings/Fixtures/Responses/get-upload-urls-success.json", + "file_line_range": [ + 12, + 13 + ], + "resource": "f741f1318dd1fac16c5bbb65def1436ec5648be5", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-6", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_6", + "bc_check_id": "BC_GIT_6", + "check_name": "Base64 High Entropy String", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 42, + " \"X-Amz-Security-Token\": \"IQoJb3*******************************************\",\n" + ] + ], + "file_path": "/test/Meetings/Fixtures/Responses/get-upload-urls-success.json", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/test/Meetings/Fixtures/Responses/get-upload-urls-success.json", + "repo_file_path": "/test/Meetings/Fixtures/Responses/get-upload-urls-success.json", + "file_line_range": [ + 42, + 43 + ], + "resource": "ccbd875f9269c8c6eec851b7a09c88359cc3ef59", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-6", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + }, + { + "check_id": "CKV_SECRET_9", + "bc_check_id": "BC_GIT_9", + "check_name": "JSON Web Token", + "check_result": { + "result": "FAILED" + }, + "code_block": [ + [ + 2, + " \"access_token\": \"eyJhbG**********************************************************************************************************SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c\",\n" + ] + ], + "file_path": "/test/NumberVerification/Fixtures/Responses/ni-token-success.json", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/test/NumberVerification/Fixtures/Responses/ni-token-success.json", + "repo_file_path": "/test/NumberVerification/Fixtures/Responses/ni-token-success.json", + "file_line_range": [ + 2, + 3 + ], + "resource": "d6b66ddd9ea7dbe760114bfe9a97352a5e139134", + "evaluations": null, + "check_class": "", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/secrets-policies/secrets-policy-index/git-secrets-9", + "details": [], + "check_len": null, + "definition_context_file_path": null, + "validation_status": "Unavailable", + "added_commit_hash": "", + "removed_commit_hash": "", + "added_by": "", + "removed_date": "", + "added_date": "" + } + ], + "skipped_checks": [], + "parsing_errors": [] + }, + "summary": { + "passed": 0, + "failed": 3, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 3, + "checkov_version": "2.3.298" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" + }, + { + "check_type": "github_actions", + "results": { + "passed_checks": [ + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + ], + "__startline__": 21, + "__endline__": 66 + } + }, + "code_block": [ + [ + 21, + " runs-on: ubuntu-latest\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " php: ['8.1', '8.2', '8.3']\n" + ], + [ + 25, + " \n" + ], + [ + 26, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 21, + 67 + ], + "resource": "jobs(build)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_5", + "bc_check_id": null, + "check_name": "Found artifact build without evidence of cosign sign execution in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "build": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + ], + "__startline__": 21, + "__endline__": 66 + }, + "__startline__": 20, + "__endline__": 66 + } + }, + "code_block": [ + [ + 20, + " build:\n" + ], + [ + 21, + " runs-on: ubuntu-latest\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " php: ['8.1', '8.2', '8.3']\n" + ], + [ + 25, + " \n" + ], + [ + 26, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 20, + 67 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignArtifacts", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_6", + "bc_check_id": null, + "check_name": "Found artifact build without evidence of cosign sbom attestation in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "build": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + ], + "__startline__": 21, + "__endline__": 66 + }, + "__startline__": 20, + "__endline__": 66 + } + }, + "code_block": [ + [ + 20, + " build:\n" + ], + [ + 21, + " runs-on: ubuntu-latest\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " php: ['8.1', '8.2', '8.3']\n" + ], + [ + 25, + " \n" + ], + [ + 26, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 20, + 67 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignSBOM", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + ], + "__startline__": 21, + "__endline__": 66 + } + }, + "code_block": [ + [ + 21, + " runs-on: ubuntu-latest\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " php: ['8.1', '8.2', '8.3']\n" + ], + [ + 25, + " \n" + ], + [ + 26, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 21, + 67 + ], + "resource": "jobs(build)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + ], + "__startline__": 21, + "__endline__": 66 + } + }, + "code_block": [ + [ + 21, + " runs-on: ubuntu-latest\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " php: ['8.1', '8.2', '8.3']\n" + ], + [ + 25, + " \n" + ], + [ + 26, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 21, + 67 + ], + "resource": "jobs(build)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 24, + "__endline__": 26 + }, + "__startline__": 23, + "__endline__": 26 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + ], + "__startline__": 21, + "__endline__": 66 + } + }, + "code_block": [ + [ + 21, + " runs-on: ubuntu-latest\n" + ], + [ + 22, + " strategy:\n" + ], + [ + 23, + " matrix:\n" + ], + [ + 24, + " php: ['8.1', '8.2', '8.3']\n" + ], + [ + 25, + " \n" + ], + [ + 26, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " steps:\n" + ], + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 21, + 67 + ], + "resource": "jobs(build)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + } + }, + "code_block": [ + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 29, + 33 + ], + "resource": "jobs(build).steps[1](Checkout)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + } + }, + "code_block": [ + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 32, + 42 + ], + "resource": "jobs(build).steps[2](Setup PHP)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + } + }, + "code_block": [ + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 41, + 45 + ], + "resource": "jobs(build).steps[3](Setup problem matchers for PHPUnit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + } + }, + "code_block": [ + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 44, + 49 + ], + "resource": "jobs(build).steps[4](Get Composer cache directory)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + } + }, + "code_block": [ + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 48, + 56 + ], + "resource": "jobs(build).steps[5](Cache Composer dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + } + }, + "code_block": [ + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 55, + 59 + ], + "resource": "jobs(build).steps[6](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + } + }, + "code_block": [ + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 58, + 62 + ], + "resource": "jobs(build).steps[7](Analyze & test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + } + }, + "code_block": [ + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 61, + 65 + ], + "resource": "jobs(build).steps[8](Run PHPStan)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + }, + "code_block": [ + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 64, + 67 + ], + "resource": "jobs(build).steps[9](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + } + }, + "code_block": [ + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 29, + 33 + ], + "resource": "jobs(build).steps[1](Checkout)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + } + }, + "code_block": [ + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 32, + 42 + ], + "resource": "jobs(build).steps[2](Setup PHP)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + } + }, + "code_block": [ + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 41, + 45 + ], + "resource": "jobs(build).steps[3](Setup problem matchers for PHPUnit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + } + }, + "code_block": [ + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 44, + 49 + ], + "resource": "jobs(build).steps[4](Get Composer cache directory)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + } + }, + "code_block": [ + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 48, + 56 + ], + "resource": "jobs(build).steps[5](Cache Composer dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + } + }, + "code_block": [ + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 55, + 59 + ], + "resource": "jobs(build).steps[6](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + } + }, + "code_block": [ + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 58, + 62 + ], + "resource": "jobs(build).steps[7](Analyze & test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + } + }, + "code_block": [ + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 61, + 65 + ], + "resource": "jobs(build).steps[8](Run PHPStan)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + }, + "code_block": [ + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 64, + 67 + ], + "resource": "jobs(build).steps[9](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + } + }, + "code_block": [ + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 29, + 33 + ], + "resource": "jobs(build).steps[1](Checkout)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + } + }, + "code_block": [ + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 32, + 42 + ], + "resource": "jobs(build).steps[2](Setup PHP)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + } + }, + "code_block": [ + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 41, + 45 + ], + "resource": "jobs(build).steps[3](Setup problem matchers for PHPUnit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + } + }, + "code_block": [ + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 44, + 49 + ], + "resource": "jobs(build).steps[4](Get Composer cache directory)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + } + }, + "code_block": [ + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 48, + 56 + ], + "resource": "jobs(build).steps[5](Cache Composer dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + } + }, + "code_block": [ + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 55, + 59 + ], + "resource": "jobs(build).steps[6](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + } + }, + "code_block": [ + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 58, + 62 + ], + "resource": "jobs(build).steps[7](Analyze & test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + } + }, + "code_block": [ + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 61, + 65 + ], + "resource": "jobs(build).steps[8](Run PHPStan)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + }, + "code_block": [ + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 64, + 67 + ], + "resource": "jobs(build).steps[9](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 29, + "__endline__": 32 + } + }, + "code_block": [ + [ + 29, + " - name: Checkout\n" + ], + [ + 30, + " uses: actions/checkout@v2\n" + ], + [ + 31, + "\n" + ], + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 29, + 33 + ], + "resource": "jobs(build).steps[1](Checkout)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 35, + "__endline__": 38 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 39, + "__endline__": 41 + }, + "__startline__": 32, + "__endline__": 41 + } + }, + "code_block": [ + [ + 32, + " - name: Setup PHP\n" + ], + [ + 33, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 34, + " with:\n" + ], + [ + 35, + " php-version: ${{ matrix.php }}\n" + ], + [ + 36, + " extensions: json, mbstring\n" + ], + [ + 37, + " coverage: pcov\n" + ], + [ + 38, + " env:\n" + ], + [ + 39, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 40, + "\n" + ], + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 32, + 42 + ], + "resource": "jobs(build).steps[2](Setup PHP)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 41, + "__endline__": 44 + } + }, + "code_block": [ + [ + 41, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 42, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 43, + "\n" + ], + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 41, + 45 + ], + "resource": "jobs(build).steps[3](Setup problem matchers for PHPUnit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 44, + "__endline__": 48 + } + }, + "code_block": [ + [ + 44, + " - name: Get Composer cache directory\n" + ], + [ + 45, + " id: composercache\n" + ], + [ + 46, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 47, + "\n" + ], + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 44, + 49 + ], + "resource": "jobs(build).steps[4](Get Composer cache directory)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 51, + "__endline__": 55 + }, + "__startline__": 48, + "__endline__": 55 + } + }, + "code_block": [ + [ + 48, + " - name: Cache Composer dependencies\n" + ], + [ + 49, + " uses: actions/cache@v2\n" + ], + [ + 50, + " with:\n" + ], + [ + 51, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 52, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 53, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 54, + "\n" + ], + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 48, + 56 + ], + "resource": "jobs(build).steps[5](Cache Composer dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 55, + "__endline__": 58 + } + }, + "code_block": [ + [ + 55, + " - name: Install dependencies\n" + ], + [ + 56, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 57, + "\n" + ], + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 55, + 59 + ], + "resource": "jobs(build).steps[6](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 58, + "__endline__": 61 + } + }, + "code_block": [ + [ + 58, + " - name: Analyze & test\n" + ], + [ + 59, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 60, + "\n" + ], + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 58, + 62 + ], + "resource": "jobs(build).steps[7](Analyze & test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 61, + "__endline__": 64 + } + }, + "code_block": [ + [ + 61, + " - name: Run PHPStan\n" + ], + [ + 62, + " run: ./vendor/bin/phpstan\n" + ], + [ + 63, + "\n" + ], + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 61, + 65 + ], + "resource": "jobs(build).steps[8](Run PHPStan)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 64, + "__endline__": 66 + } + }, + "code_block": [ + [ + 64, + " - name: Run codecov\n" + ], + [ + 65, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 64, + 67 + ], + "resource": "jobs(build).steps[9](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "build" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 26, + "__endline__": 28 + }, + "__startline__": 25, + "__endline__": 28 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + ], + "__startline__": 23, + "__endline__": 68 + } + }, + "code_block": [ + [ + 23, + " runs-on: ubuntu-latest\n" + ], + [ + 24, + " strategy:\n" + ], + [ + 25, + " matrix:\n" + ], + [ + 26, + " php: [ '8.1', '8.2', '8.3' ]\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 29, + "\n" + ], + [ + 30, + " steps:\n" + ], + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 23, + 69 + ], + "resource": "jobs(build)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_5", + "bc_check_id": null, + "check_name": "Found artifact build without evidence of cosign sign execution in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "build": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 26, + "__endline__": 28 + }, + "__startline__": 25, + "__endline__": 28 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + ], + "__startline__": 23, + "__endline__": 68 + }, + "__startline__": 22, + "__endline__": 68 + } + }, + "code_block": [ + [ + 22, + " build:\n" + ], + [ + 23, + " runs-on: ubuntu-latest\n" + ], + [ + 24, + " strategy:\n" + ], + [ + 25, + " matrix:\n" + ], + [ + 26, + " php: [ '8.1', '8.2', '8.3' ]\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 29, + "\n" + ], + [ + 30, + " steps:\n" + ], + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 22, + 69 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignArtifacts", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_6", + "bc_check_id": null, + "check_name": "Found artifact build without evidence of cosign sbom attestation in pipeline", + "check_result": { + "result": "PASSED", + "results_configuration": { + "build": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 26, + "__endline__": 28 + }, + "__startline__": 25, + "__endline__": 28 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + ], + "__startline__": 23, + "__endline__": 68 + }, + "__startline__": 22, + "__endline__": 68 + } + }, + "code_block": [ + [ + 22, + " build:\n" + ], + [ + 23, + " runs-on: ubuntu-latest\n" + ], + [ + 24, + " strategy:\n" + ], + [ + 25, + " matrix:\n" + ], + [ + 26, + " php: [ '8.1', '8.2', '8.3' ]\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 29, + "\n" + ], + [ + 30, + " steps:\n" + ], + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 22, + 69 + ], + "resource": "jobs", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.CosignSBOM", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 26, + "__endline__": 28 + }, + "__startline__": 25, + "__endline__": 28 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + ], + "__startline__": 23, + "__endline__": 68 + } + }, + "code_block": [ + [ + 23, + " runs-on: ubuntu-latest\n" + ], + [ + 24, + " strategy:\n" + ], + [ + 25, + " matrix:\n" + ], + [ + 26, + " php: [ '8.1', '8.2', '8.3' ]\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 29, + "\n" + ], + [ + 30, + " steps:\n" + ], + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 23, + 69 + ], + "resource": "jobs(build)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 26, + "__endline__": 28 + }, + "__startline__": 25, + "__endline__": 28 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + ], + "__startline__": 23, + "__endline__": 68 + } + }, + "code_block": [ + [ + 23, + " runs-on: ubuntu-latest\n" + ], + [ + 24, + " strategy:\n" + ], + [ + 25, + " matrix:\n" + ], + [ + 26, + " php: [ '8.1', '8.2', '8.3' ]\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 29, + "\n" + ], + [ + 30, + " steps:\n" + ], + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 23, + 69 + ], + "resource": "jobs(build)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "runs-on": "ubuntu-latest", + "strategy": { + "matrix": { + "php": [ + "8.1", + "8.2", + "8.3" + ], + "__startline__": 26, + "__endline__": 28 + }, + "__startline__": 25, + "__endline__": 28 + }, + "name": "PHP ${{ matrix.php }} Test", + "steps": [ + { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + }, + { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + }, + { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + }, + { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + }, + { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + }, + { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + }, + { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + }, + { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + }, + { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + ], + "__startline__": 23, + "__endline__": 68 + } + }, + "code_block": [ + [ + 23, + " runs-on: ubuntu-latest\n" + ], + [ + 24, + " strategy:\n" + ], + [ + 25, + " matrix:\n" + ], + [ + 26, + " php: [ '8.1', '8.2', '8.3' ]\n" + ], + [ + 27, + "\n" + ], + [ + 28, + " name: PHP ${{ matrix.php }} Test\n" + ], + [ + 29, + "\n" + ], + [ + 30, + " steps:\n" + ], + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 23, + 69 + ], + "resource": "jobs(build)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_7", + "bc_check_id": null, + "check_name": "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. ", + "check_result": { + "result": "PASSED", + "results_configuration": { + "release": { + "types": [ + "published", + "edited" + ], + "__startline__": 6, + "__endline__": 8 + }, + "__startline__": 5, + "__endline__": 8 + } + }, + "code_block": [ + [ + 5, + " release:\n" + ], + [ + 6, + " types: [ published, edited ]\n" + ], + [ + 7, + "\n" + ], + [ + 8, + "permissions:\n" + ], + [ + 9, + " actions: write\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 5, + 9 + ], + "resource": "on(Release published)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.EmptyWorkflowDispatch", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + } + }, + "code_block": [ + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 31, + 35 + ], + "resource": "jobs(build).steps[1](Checkout)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + } + }, + "code_block": [ + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 34, + 44 + ], + "resource": "jobs(build).steps[2](Setup PHP)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + } + }, + "code_block": [ + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 43, + 47 + ], + "resource": "jobs(build).steps[3](Setup problem matchers for PHPUnit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + } + }, + "code_block": [ + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 46, + 51 + ], + "resource": "jobs(build).steps[4](Get Composer cache directory)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + } + }, + "code_block": [ + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 50, + 58 + ], + "resource": "jobs(build).steps[5](Cache Composer dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + } + }, + "code_block": [ + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 57, + 61 + ], + "resource": "jobs(build).steps[6](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + } + }, + "code_block": [ + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 60, + 64 + ], + "resource": "jobs(build).steps[7](Analyze & test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + } + }, + "code_block": [ + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 63, + 67 + ], + "resource": "jobs(build).steps[8](Run PHPStan)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_1", + "bc_check_id": null, + "check_name": "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + }, + "code_block": [ + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 66, + 69 + ], + "resource": "jobs(build).steps[9](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.AllowUnsecureCommandsOnJob", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + } + }, + "code_block": [ + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 31, + 35 + ], + "resource": "jobs(build).steps[1](Checkout)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + } + }, + "code_block": [ + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 34, + 44 + ], + "resource": "jobs(build).steps[2](Setup PHP)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + } + }, + "code_block": [ + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 43, + 47 + ], + "resource": "jobs(build).steps[3](Setup problem matchers for PHPUnit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + } + }, + "code_block": [ + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 46, + 51 + ], + "resource": "jobs(build).steps[4](Get Composer cache directory)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + } + }, + "code_block": [ + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 50, + 58 + ], + "resource": "jobs(build).steps[5](Cache Composer dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + } + }, + "code_block": [ + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 57, + 61 + ], + "resource": "jobs(build).steps[6](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + } + }, + "code_block": [ + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 60, + 64 + ], + "resource": "jobs(build).steps[7](Analyze & test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + } + }, + "code_block": [ + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 63, + 67 + ], + "resource": "jobs(build).steps[8](Run PHPStan)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_4", + "bc_check_id": null, + "check_name": "Suspicious use of netcat with IP address", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + }, + "code_block": [ + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 66, + 69 + ], + "resource": "jobs(build).steps[9](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ReverseShellNetcat", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + } + }, + "code_block": [ + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 31, + 35 + ], + "resource": "jobs(build).steps[1](Checkout)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + } + }, + "code_block": [ + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 34, + 44 + ], + "resource": "jobs(build).steps[2](Setup PHP)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + } + }, + "code_block": [ + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 43, + 47 + ], + "resource": "jobs(build).steps[3](Setup problem matchers for PHPUnit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + } + }, + "code_block": [ + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 46, + 51 + ], + "resource": "jobs(build).steps[4](Get Composer cache directory)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + } + }, + "code_block": [ + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 50, + 58 + ], + "resource": "jobs(build).steps[5](Cache Composer dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + } + }, + "code_block": [ + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 57, + 61 + ], + "resource": "jobs(build).steps[6](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + } + }, + "code_block": [ + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 60, + 64 + ], + "resource": "jobs(build).steps[7](Analyze & test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + } + }, + "code_block": [ + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 63, + 67 + ], + "resource": "jobs(build).steps[8](Run PHPStan)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_2", + "bc_check_id": null, + "check_name": "Ensure run commands are not vulnerable to shell injection", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + }, + "code_block": [ + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 66, + 69 + ], + "resource": "jobs(build).steps[9](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.ShellInjection", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Checkout", + "uses": "actions/checkout@v2", + "__startline__": 31, + "__endline__": 34 + } + }, + "code_block": [ + [ + 31, + " - name: Checkout\n" + ], + [ + 32, + " uses: actions/checkout@v2\n" + ], + [ + 33, + "\n" + ], + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 31, + 35 + ], + "resource": "jobs(build).steps[1](Checkout)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup PHP", + "uses": "shivammathur/setup-php@v2", + "with": { + "php-version": "${{ matrix.php }}", + "extensions": "json, mbstring", + "coverage": "pcov", + "__startline__": 37, + "__endline__": 40 + }, + "env": { + "COMPOSER_TOKEN": "${{ secrets.GITHUB_TOKEN }}", + "__startline__": 41, + "__endline__": 43 + }, + "__startline__": 34, + "__endline__": 43 + } + }, + "code_block": [ + [ + 34, + " - name: Setup PHP\n" + ], + [ + 35, + " uses: shivammathur/setup-php@v2\n" + ], + [ + 36, + " with:\n" + ], + [ + 37, + " php-version: ${{ matrix.php }}\n" + ], + [ + 38, + " extensions: json, mbstring\n" + ], + [ + 39, + " coverage: pcov\n" + ], + [ + 40, + " env:\n" + ], + [ + 41, + " COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n" + ], + [ + 42, + "\n" + ], + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 34, + 44 + ], + "resource": "jobs(build).steps[2](Setup PHP)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Setup problem matchers for PHPUnit", + "run": "echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"", + "__startline__": 43, + "__endline__": 46 + } + }, + "code_block": [ + [ + 43, + " - name: Setup problem matchers for PHPUnit\n" + ], + [ + 44, + " run: echo \"::add-matcher::${{ runner.tool_cache }}/phpunit.json\"\n" + ], + [ + 45, + "\n" + ], + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 43, + 47 + ], + "resource": "jobs(build).steps[3](Setup problem matchers for PHPUnit)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Get Composer cache directory", + "id": "composercache", + "run": "echo \"::set-output name=dir::$(composer config cache-files-dir)\"", + "__startline__": 46, + "__endline__": 50 + } + }, + "code_block": [ + [ + 46, + " - name: Get Composer cache directory\n" + ], + [ + 47, + " id: composercache\n" + ], + [ + 48, + " run: echo \"::set-output name=dir::$(composer config cache-files-dir)\"\n" + ], + [ + 49, + "\n" + ], + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 46, + 51 + ], + "resource": "jobs(build).steps[4](Get Composer cache directory)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Cache Composer dependencies", + "uses": "actions/cache@v2", + "with": { + "path": "${{ steps.composercache.outputs.dir }}", + "key": "${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}", + "restore-keys": "${{ runner.os }}-composer-", + "__startline__": 53, + "__endline__": 57 + }, + "__startline__": 50, + "__endline__": 57 + } + }, + "code_block": [ + [ + 50, + " - name: Cache Composer dependencies\n" + ], + [ + 51, + " uses: actions/cache@v2\n" + ], + [ + 52, + " with:\n" + ], + [ + 53, + " path: ${{ steps.composercache.outputs.dir }}\n" + ], + [ + 54, + " key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}\n" + ], + [ + 55, + " restore-keys: ${{ runner.os }}-composer-\n" + ], + [ + 56, + "\n" + ], + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 50, + 58 + ], + "resource": "jobs(build).steps[5](Cache Composer dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Install dependencies", + "run": "composer update --prefer-dist --no-interaction", + "__startline__": 57, + "__endline__": 60 + } + }, + "code_block": [ + [ + 57, + " - name: Install dependencies\n" + ], + [ + 58, + " run: composer update --prefer-dist --no-interaction\n" + ], + [ + 59, + "\n" + ], + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 57, + 61 + ], + "resource": "jobs(build).steps[6](Install dependencies)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Analyze & test", + "run": "composer test -- -v --coverage-clover=coverage.xml", + "__startline__": 60, + "__endline__": 63 + } + }, + "code_block": [ + [ + 60, + " - name: Analyze & test\n" + ], + [ + 61, + " run: composer test -- -v --coverage-clover=coverage.xml\n" + ], + [ + 62, + "\n" + ], + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 60, + 64 + ], + "resource": "jobs(build).steps[7](Analyze & test)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run PHPStan", + "run": "./vendor/bin/phpstan", + "__startline__": 63, + "__endline__": 66 + } + }, + "code_block": [ + [ + 63, + " - name: Run PHPStan\n" + ], + [ + 64, + " run: ./vendor/bin/phpstan\n" + ], + [ + 65, + "\n" + ], + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 63, + 67 + ], + "resource": "jobs(build).steps[8](Run PHPStan)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV_GHA_3", + "bc_check_id": null, + "check_name": "Suspicious use of curl with secrets", + "check_result": { + "result": "PASSED", + "results_configuration": { + "name": "Run codecov", + "uses": "codecov/codecov-action@v1", + "__startline__": 66, + "__endline__": 68 + } + }, + "code_block": [ + [ + 66, + " - name: Run codecov\n" + ], + [ + 67, + " uses: codecov/codecov-action@v1\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 66, + 69 + ], + "resource": "jobs(build).steps[9](Run codecov)", + "evaluations": null, + "check_class": "checkov.github_actions.checks.job.SuspectCurlInScript", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "build" + ], + "workflow_name": "Release published" + }, + { + "check_id": "CKV2_GHA_1", + "bc_check_id": null, + "check_name": "Ensure top-level permissions are not set to write-all", + "check_result": { + "result": "PASSED", + "evaluated_keys": [ + "permissions" + ] + }, + "code_block": [ + [ + 7, + " actions: write\n" + ], + [ + 8, + " checks: write\n" + ], + [ + 9, + " contents: read\n" + ], + [ + 10, + " deployments: read\n" + ], + [ + 11, + " issues: write\n" + ], + [ + 12, + " discussions: write\n" + ], + [ + 13, + " packages: read\n" + ], + [ + 14, + " pages: write\n" + ], + [ + 15, + " pull-requests: write\n" + ], + [ + 16, + " security-events: write\n" + ], + [ + 17, + " statuses: write\n" + ], + [ + 18, + "\n" + ], + [ + 19, + "jobs:\n" + ], + [ + 20, + " build:\n" + ] + ], + "file_path": "/.github/workflows/build.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/build.yml", + "repo_file_path": "/.github/workflows/build.yml", + "file_line_range": [ + 7, + 20 + ], + "resource": "on(build)", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [] + ], + "job": [ + "" + ], + "workflow_name": "build" + }, + { + "check_id": "CKV2_GHA_1", + "bc_check_id": null, + "check_name": "Ensure top-level permissions are not set to write-all", + "check_result": { + "result": "PASSED", + "evaluated_keys": [ + "permissions" + ] + }, + "code_block": [ + [ + 9, + " actions: write\n" + ], + [ + 10, + " checks: write\n" + ], + [ + 11, + " contents: read\n" + ], + [ + 12, + " deployments: read\n" + ], + [ + 13, + " issues: write\n" + ], + [ + 14, + " discussions: write\n" + ], + [ + 15, + " packages: read\n" + ], + [ + 16, + " pages: write\n" + ], + [ + 17, + " pull-requests: write\n" + ], + [ + 18, + " security-events: write\n" + ], + [ + 19, + " statuses: write\n" + ], + [ + 20, + "\n" + ], + [ + 21, + "jobs:\n" + ], + [ + 22, + " build:\n" + ] + ], + "file_path": "/.github/workflows/release.yml", + "file_abs_path": "/tmp/ws-scm/vonage-php-sdk-core/.github/workflows/release.yml", + "repo_file_path": "/.github/workflows/release.yml", + "file_line_range": [ + 9, + 22 + ], + "resource": "on(Release published)", + "evaluations": null, + "check_class": "checkov.common.graph.checks_infra.base_check", + "fixed_definition": null, + "entity_tags": null, + "caller_file_path": null, + "caller_file_line_range": null, + "resource_address": null, + "severity": null, + "bc_category": null, + "benchmarks": null, + "description": null, + "short_description": null, + "vulnerability_details": null, + "connected_node": null, + "guideline": null, + "details": [], + "check_len": null, + "definition_context_file_path": null, + "triggers": [ + [ + "release" + ] + ], + "job": [ + "" + ], + "workflow_name": "Release published" + } + ], + "failed_checks": [], + "skipped_checks": [], + "parsing_errors": [] + }, + "summary": { + "passed": 87, + "failed": 0, + "skipped": 0, + "parsing_errors": 0, + "resource_count": 0, + "checkov_version": "2.3.298" + }, + "url": "Add an api key '--bc-api-key ' to see more detailed insights via https://bridgecrew.cloud" + } +]