Security Scan #156
Selmirrrrrsecurity-scan.yml
on: schedule
Matrix: CodeQL Security Analysis
Dependency Vulnerability Scan
55s
Static Application Security Testing
1m 2s
Container Security Scan
23s
License Compliance Check
12s
Generate Security Report
4s
Annotations
12 warnings
|
Container Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Static Application Security Testing:
src/Aspire/ServiceDefaults/Extensions.cs#L70
'Microsoft.AspNetCore.Http.PathString.StartsWithSegments(Microsoft.AspNetCore.Http.PathString)' has a method overload that takes a 'StringComparison' parameter. Replace this call in 'HeadStart.Aspire.ServiceDefaults.Extensions.ConfigureOpenTelemetry<TBuilder>(TBuilder)' with a call to 'Microsoft.AspNetCore.Http.PathString.StartsWithSegments(Microsoft.AspNetCore.Http.PathString, System.StringComparison)' for clarity of intent. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1307)
|
|
Static Application Security Testing:
src/Aspire/ServiceDefaults/Extensions.cs#L69
'Microsoft.AspNetCore.Http.PathString.StartsWithSegments(Microsoft.AspNetCore.Http.PathString)' has a method overload that takes a 'StringComparison' parameter. Replace this call in 'HeadStart.Aspire.ServiceDefaults.Extensions.ConfigureOpenTelemetry<TBuilder>(TBuilder)' with a call to 'Microsoft.AspNetCore.Http.PathString.StartsWithSegments(Microsoft.AspNetCore.Http.PathString, System.StringComparison)' for clarity of intent. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1307)
|
|
Static Application Security Testing:
src/SharedKernel.Models/Extensions/DescriptionAttributeExtensions.cs#L29
Prefer comparing 'Length' to 0 rather than using 'Any()', both for clarity and for performance (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1860)
|
|
Static Application Security Testing:
src/SharedKernel.Models/Extensions/DescriptionAttributeExtensions.cs#L13
Prefer comparing 'Length' to 0 rather than using 'Any()', both for clarity and for performance (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1860)
|
|
Static Application Security Testing:
src/SharedKernel.Models/Extensions/DescriptionAttributeExtensions.cs#L35
Prefer comparing 'Length' to 0 rather than using 'Any()', both for clarity and for performance (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1860)
|
|
Static Application Security Testing:
src/SharedKernel.Models/Models/Authorization/UserInfo.cs#L7
Change 'Claims' to be read-only by removing the property setter (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227)
|
|
Static Application Security Testing:
src/SharedKernel.Models/NavigationMenu/MenuSectionModel.cs#L7
Change 'SectionItems' to be read-only by removing the property setter (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227)
|
|
Static Application Security Testing:
src/SharedKernel.Models/NavigationMenu/MenuSectionItemModel.cs#L12
Change 'MenuItems' to be read-only by removing the property setter (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227)
|
|
Static Application Security Testing:
src/SharedKernel/Extensions/LoggingExtensions.cs#L127
The behavior of 'LoggerSinkConfiguration.Console([LogEventLevel],
|
|
Static Application Security Testing:
src/SharedKernel/Extensions/LoggingExtensions.cs#L123
The behavior of 'LoggerSinkConfiguration.Debug([LogEventLevel],
|
|
CodeQL Security Analysis (csharp)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|