Skip to content

Checkmarx Bot - Auto Pull Request in branch "main"#3

Open
cx-lucas-ferreira wants to merge 1 commit into
mainfrom
checkmarx-main-LrZi4OEBcBXkHMaN
Open

Checkmarx Bot - Auto Pull Request in branch "main"#3
cx-lucas-ferreira wants to merge 1 commit into
mainfrom
checkmarx-main-LrZi4OEBcBXkHMaN

Conversation

@cx-lucas-ferreira

Copy link
Copy Markdown

Checkmarx created this PR to replace vulnerable packages.
You can check the package details in the Files Changed tab

@cx-lucas-ferreira

cx-lucas-ferreira commented Jul 17, 2026

Copy link
Copy Markdown
Author

Logo
Checkmarx One – Scan Summary & Details878988ce-6966-4d75-810b-3078e3ff4fa5


New Issues (8)

High: 1 · Medium: 1 · Low: 6

Checkmarx found the following issues in this Pull Request

# Severity Issue Source File / Package Checkmarx Insight
1 HIGH Missing User Instruction Dockerfile: 1
detailsAlways set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user.
2 MEDIUM Apt Get Install Pin Version Not Defined Dockerfile: 7
detailsWhen installing a package, its pin version should be defined
3 LOW Healthcheck Instruction Missing Dockerfile: 1
detailsEnsure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
4 LOW Run Using apt Dockerfile: 7
detailsapt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stab...
5 LOW Unpinned Actions Full Length Commit SHA /push-ecr.yaml: 16
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
6 LOW Unpinned Actions Full Length Commit SHA /the-essentials.yml: 90
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
7 LOW Unpinned Actions Full Length Commit SHA /push-ecr.yaml: 24
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...
8 LOW Unpinned Actions Full Length Commit SHA /the-essentials.yml: 114
detailsPinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help...

Fixed Issues (60)

Critical: 5 · High: 33 · Medium: 20 · Low: 2

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
CRITICAL CVE-2023-37920 Python-certifi-2022.9.14
CRITICAL CVE-2024-53908 Python-Django-4.2.13
CRITICAL CVE-2025-59681 Python-Django-4.2.13
CRITICAL CVE-2025-64459 Python-Django-4.2.13
CRITICAL CVE-2026-4277 Python-Django-4.2.13
HIGH CVE-2021-21240 Python-httplib2-0.17.4
HIGH CVE-2022-23472 Python-passeo-1.0.4
HIGH CVE-2022-23491 Python-certifi-2022.9.14
HIGH CVE-2023-30608 Python-sqlparse-0.4.2
HIGH CVE-2023-38325 Python-cryptography-35.0.0
HIGH CVE-2023-49083 Python-cryptography-35.0.0
HIGH CVE-2023-50782 Python-cryptography-35.0.0
HIGH CVE-2024-23342 Python-ecdsa-0.18.0b1
HIGH CVE-2024-38875 Python-Django-4.2.13
HIGH CVE-2024-39330 Python-Django-4.2.13
HIGH CVE-2024-39614 Python-Django-4.2.13
HIGH CVE-2024-39689 Python-certifi-2022.9.14
HIGH CVE-2024-41989 Python-Django-4.2.13
HIGH CVE-2024-41990 Python-Django-4.2.13
HIGH CVE-2024-41991 Python-Django-4.2.13
HIGH CVE-2024-42005 Python-Django-4.2.13
HIGH CVE-2024-4340 Python-sqlparse-0.4.2
HIGH CVE-2024-45230 Python-Django-4.2.13
HIGH CVE-2024-53907 Python-Django-4.2.13
HIGH CVE-2024-56374 Python-Django-4.2.13
HIGH CVE-2025-14550 Python-Django-4.2.13
HIGH CVE-2025-26699 Python-Django-4.2.13
HIGH CVE-2025-57833 Python-Django-4.2.13
HIGH CVE-2025-64458 Python-Django-4.2.13
HIGH CVE-2025-64460 Python-Django-4.2.13
HIGH CVE-2026-1285 Python-Django-4.2.13
HIGH CVE-2026-25673 Python-Django-4.2.13
HIGH CVE-2026-26007 Python-cryptography-35.0.0
HIGH CVE-2026-33034 Python-Django-4.2.13
HIGH CVE-2026-3902 Python-Django-4.2.13
HIGH CVE-2026-59939 Python-httplib2-0.17.4
HIGH Cx89a94f30-7a24 Python-sqlparse-0.4.2
HIGH Cxde995bcc-bbd5 Python-cryptography-35.0.0
MEDIUM CVE-2020-11078 Python-httplib2-0.17.4
MEDIUM CVE-2023-23931 Python-cryptography-35.0.0
MEDIUM CVE-2023-32681 Python-requests-2.30.0
MEDIUM CVE-2024-35195 Python-requests-2.30.0
MEDIUM CVE-2024-39329 Python-Django-4.2.13
MEDIUM CVE-2024-45231 Python-Django-4.2.13
MEDIUM CVE-2024-47081 Python-requests-2.30.0
MEDIUM CVE-2025-13372 Python-Django-4.2.13
MEDIUM CVE-2025-13473 Python-Django-4.2.13
MEDIUM CVE-2025-32873 Python-Django-4.2.13
MEDIUM CVE-2025-48432 Python-Django-4.2.13
MEDIUM CVE-2025-59682 Python-Django-4.2.13
MEDIUM CVE-2025-68146 Python-filelock-3.14.0
MEDIUM CVE-2026-1207 Python-Django-4.2.13
MEDIUM CVE-2026-1287 Python-Django-4.2.13
MEDIUM CVE-2026-1312 Python-Django-4.2.13
MEDIUM CVE-2026-22701 Python-filelock-3.14.0
MEDIUM CVE-2026-25645 Python-requests-2.30.0
MEDIUM CVE-2026-33936 Python-ecdsa-0.18.0b1
MEDIUM Cx126feec9-ba34 Python-sqlparse-0.4.2
LOW CVE-2026-25674 Python-Django-4.2.13
LOW CVE-2026-34073 Python-cryptography-35.0.0

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant