Add ShiftLeft build rules

[marksarka]

This pull request enables build rules. You can read more about build rules here. The build rules are controlled by the shiftleft.yml file in the repository.

Visit shiftleft.io to see the security findings for this repository.

We've done a few things on your behalf

• Forked this demo application
• Generated a unique secret SHIFTLEFT_ACCESS_TOKEN to allow GitHub Actions in this repository to communicate with the ShiftLeft API
• Committed a GitHub Action that will invoke ShiftLeft CORE's NextGen Static Application Security Testing (NG SAST) on all future pull requests on this repository
• Created this pull request that demonstrates build rules. It also adds a status check that displays the result of the GitHub Action

Questions? Comments? Want to learn more? Get in touch with us or check out our documentation.

[github-actions]

Summary

ShiftLeft NextGen Static Analysis detected 24 findings in this PR

Severity	Count
Critical	4
Moderate	8
Info	12

Additionally there are 0 secrets leaked.

Build Rules

Build rule with ID "allow-zero-findings" failed because it matched 24 findings and the configured threshold is 0

Get more information about this scan.

[marksarka]

aa
aa
aa

Hi, I'm Jit, a security platform designed to help developers enhance the security of the applications they build.

Jit is built by developers for developers. It’s integrated into developers' native workflows and it’s super friendly. Our mission is to help you develop more secure applications in a way that will be empowering and stage-appropriate and Just-In-Time

Visit jit.io to learn more about Jit and how it can help you.

We've already done a few things for you:

• Created a centralized repository named .cbrix which defines the security workflows
• Integrated Code Scanner for Python, which is triggered for every new PR on Python repos
• Integrated Secret Scanner, which is triggered for every new PR on this repo and others

In case the security tools find vulnerabilities, the findings will be available to you as a comment in the PR that you created, just like this comment.

Questions? Comments? Want to learn more? Get in touch with us or check out our documentation.

[marksarka]

aa
aa
aa

Hi, I'm Jit, a security platform designed to help developers enhance the security of the applications they build.

Jit is built by developers for developers. It’s integrated into developers' native workflows and it’s super friendly. Our mission is to help you develop more secure applications in a way that will be empowering and stage-appropriate and Just-In-Time

Visit jit.io to learn more about Jit and how it can help you.

We've already done a few things for you:

• Created a centralized repository named .cbrix which defines the security workflows
• Integrated Code Scanner for Python, which is triggered for every new PR on Python repos
• Integrated Secret Scanner, which is triggered for every new PR on this repo and others

In case the security tools find vulnerabilities, the findings will be available to you as a comment in the PR that you created, just like this comment.

Questions? Comments? Want to learn more? Get in touch with us or check out our documentation.

[marksarka]

aa
aa
aa

Hi, I'm Jit, a security platform designed to help developers enhance the security of the applications they build.

Jit is built by developers for developers. It’s integrated into developers' native workflows and it’s super friendly. Our mission is to help you develop more secure applications in a way that will be empowering, stage-appropriate and Just-In-Time

Visit jit.io to learn more about the platform and how it can help you.

We've already done a few things for you:

• Created a centralized repository named [.jit] which defines the security workflows
• Integrated Code Scanner for Python, which is triggered for every new PR in Python repos
• Integrated Secret Scanner, which is triggered for every new PR in this repo and others

In case the security tools find vulnerabilities, the findings will be available to you as a comment in the PR that you created, just like this comment.

Questions? Comments? Want to learn more? Get in touch with us or check out our documentation.

[marksarka]

aa
aa
aa

Hi, I'm Jit, a security platform designed to help developers enhance the security of the applications they build.

Jit is built by developers for developers. It’s integrated into developers' native workflows and it’s super friendly. Our mission is to help you develop more secure applications in a way that will be empowering, stage-appropriate and Just-In-Time

Visit jit.io to learn more about the platform and how it can help you.

We've already done a few things for you:

• Created a centralized repository named [.jit] which defines the security workflows
• Integrated Code Scanner for Python, which is triggered for every new PR in Python repos
• Integrated Secret Scanner, which is triggered for every new PR in this repo and others

In case the security tools find vulnerabilities, the findings will be available to you as a comment in the PR that you created, just like this comment.

Questions? Comments? Want to learn more? Get in touch with us or check out our documentation.

[marksarka]

Summary

Jit has detected 2 important findings in this PR that you should review.

Finding	File	Line	Details
Potential XSS on mark_safe function	/code/app/models/User/user.py	150	Link1
Secret detected	/code/app/models/pass.txt	2	Link2

Get more information about this scan.

[marksarka]

Summary

Jit has detected 2 important findings in this PR that you should review.

Finding	File	Line	Details
Potential XSS on mark_safe function	/code/app/models/User/user.py	150	Link1
Secret detected	/code/app/models/pass.txt	2	Link2

Get more information about this scan.

[marksarka]

Summary

Jit has detected 2 important findings in this PR that you should review.

Finding	File	Line	Details
Potential XSS on mark_safe function	/code/app/models/User/user.py	150	Link1
Secret detected	/code/app/models/pass.txt	2	Link2

Get more information about this scan.