Security Scan #176
Selmirrrrrsecurity-scan.yml
on: schedule
Matrix: CodeQL Security Analysis
Dependency Vulnerability Scan
54s
Static Application Security Testing
1m 0s
Container Security Scan
21s
License Compliance Check
16s
Generate Security Report
5s
Annotations
12 warnings
|
Container Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Static Application Security Testing:
src/SharedKernel.Models/Extensions/DescriptionAttributeExtensions.cs#L35
Prefer comparing 'Length' to 0 rather than using 'Any()', both for clarity and for performance (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1860)
|
|
Static Application Security Testing:
src/SharedKernel.Models/Extensions/DescriptionAttributeExtensions.cs#L13
Prefer comparing 'Length' to 0 rather than using 'Any()', both for clarity and for performance (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1860)
|
|
Static Application Security Testing:
src/SharedKernel.Models/NavigationMenu/MenuSectionModel.cs#L7
Change 'SectionItems' to be read-only by removing the property setter (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227)
|
|
Static Application Security Testing:
src/SharedKernel.Models/NavigationMenu/MenuSectionItemModel.cs#L12
Change 'MenuItems' to be read-only by removing the property setter (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227)
|
|
Static Application Security Testing:
src/SharedKernel.Models/Models/Authorization/UserInfo.cs#L7
Change 'Claims' to be read-only by removing the property setter (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2227)
|
|
Static Application Security Testing:
src/Aspire/ServiceDefaults/Extensions.cs#L17
The type name Extensions conflicts in whole or in part with the namespace name 'Microsoft.AspNetCore.Builder.Extensions'. Change either name to eliminate the conflict. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1724)
|
|
Static Application Security Testing:
src/Aspire/ServiceDefaults/Extensions.cs#L70
'Microsoft.AspNetCore.Http.PathString.StartsWithSegments(Microsoft.AspNetCore.Http.PathString)' has a method overload that takes a 'StringComparison' parameter. Replace this call in 'HeadStart.Aspire.ServiceDefaults.Extensions.ConfigureOpenTelemetry<TBuilder>(TBuilder)' with a call to 'Microsoft.AspNetCore.Http.PathString.StartsWithSegments(Microsoft.AspNetCore.Http.PathString, System.StringComparison)' for clarity of intent. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1307)
|
|
Static Application Security Testing:
src/Aspire/ServiceDefaults/Extensions.cs#L69
'Microsoft.AspNetCore.Http.PathString.StartsWithSegments(Microsoft.AspNetCore.Http.PathString)' has a method overload that takes a 'StringComparison' parameter. Replace this call in 'HeadStart.Aspire.ServiceDefaults.Extensions.ConfigureOpenTelemetry<TBuilder>(TBuilder)' with a call to 'Microsoft.AspNetCore.Http.PathString.StartsWithSegments(Microsoft.AspNetCore.Http.PathString, System.StringComparison)' for clarity of intent. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1307)
|
|
Static Application Security Testing:
src/SharedKernel/Extensions/LoggingExtensions.cs#L127
The behavior of 'LoggerSinkConfiguration.Console([LogEventLevel],
|
|
Static Application Security Testing:
src/SharedKernel/Extensions/LoggingExtensions.cs#L123
The behavior of 'LoggerSinkConfiguration.Debug([LogEventLevel],
|
|
CodeQL Security Analysis (csharp)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|