Update pom.xml

[Yoavast]

No description provided.

[Yoavast]

Checkmarx AST – Scan Summary & Details – 7d0211d8-c95d-40bc-8bfd-eeb7887f40f4

New Issues

Severity	Issue	File / Package	Scan Engine
HIGH	Cx12da7741-0d17	Npm-scs-0.0.1	CxSCA
HIGH	Cx16e90396-28e5	Npm-scs-0.0.1	CxSCA
HIGH	Cx29b1f382-5e54	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx2d5a6c44-d025	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx2f048e7a-4dbe	Npm-momnet-2.29.1	CxSCA
HIGH	Cx2fc836bb-0b0f	Npm-node-ipc-9.2.2	CxSCA
HIGH	Cx367b4e96-d872	Npm-scs-0.0.1	CxSCA
HIGH	Cx4c6ccf8b-9229	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx5ff98397-e602	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx73105321-7044	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx7f70bd07-6578	Npm-scs-0.0.1	CxSCA
HIGH	Cx94205858-70b2	Npm-flow-dev-tools-99.10.9	CxSCA
HIGH	Cx9e831bc9-06b9	Npm-flow-dev-tools-99.10.9	CxSCA
HIGH	Cxb4afb298-5e40	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cxbc538df7-6374	Npm-momnet-2.29.1	CxSCA
HIGH	Cxc9badcf0-e78a	Npm-flow-dev-tools-99.10.9	CxSCA
HIGH	Cxd27bc437-5f8c	Npm-scs-0.0.1	CxSCA
HIGH	Cxf698cd10-301b	Npm-node-ipc-9.2.2	CxSCA
HIGH	Cxfb47cac3-52d4	Npm-scs-0.0.1	CxSCA
MEDIUM	Cx2f7ca9fb-35de	Npm-scs-0.0.1	CxSCA
MEDIUM	Cx59373a6d-0a99	Npm-event-pubsub-5.0.3	CxSCA
MEDIUM	Cx6646eedb-537a	Npm-strong-type-0.1.6	CxSCA
MEDIUM	Cx7b1f570d-7ae3	Npm-node-ipc-9.2.2	CxSCA
MEDIUM	Cx8d4f4eea-cbaa	Npm-momnet-2.29.1	CxSCA
MEDIUM	Cx9b5f046c-ace6	Npm-node-ipc-9.2.2	CxSCA
MEDIUM	Cxd42e6970-b962	Npm-ua-parser-js-0.7.29	CxSCA

Fixed Issues

Severity	Issue	File / Package	Scan Engine
HIGH	CVE-2019-17571	Maven-log4j:log4j-1.2.17	CxSCA
HIGH	CVE-2021-4104	Maven-log4j:log4j-1.2.17	CxSCA
HIGH	CVE-2022-23302	Maven-log4j:log4j-1.2.17	CxSCA
HIGH	CVE-2022-23305	Maven-log4j:log4j-1.2.17	CxSCA
HIGH	CVE-2022-23307	Maven-log4j:log4j-1.2.17	CxSCA
HIGH	Cx03ffc319-8b37	Npm-flow-dev-tools-99.10.9	CxSCA
HIGH	Cx134c4226-947e	Npm-scs-0.0.1	CxSCA
HIGH	Cx21e9ebf0-45c7	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx28c042a1-0a03	Npm-scs-0.0.1	CxSCA
HIGH	Cx32a9811c-34b1	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx5170cbd0-f0cb	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx6ecf6c16-a861	Npm-flow-dev-tools-99.10.9	CxSCA
HIGH	Cx6ef2284a-d98a	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cx702add85-dfa3	Npm-momnet-2.29.1	CxSCA
HIGH	Cx89c7e6d7-88ba	Npm-node-ipc-9.2.2	CxSCA
HIGH	Cx95f936c5-4fe2	Npm-scs-0.0.1	CxSCA
HIGH	Cx9a462bd0-338f	Npm-node-ipc-9.2.2	CxSCA
HIGH	Cxa026b1d3-253d	Npm-scs-0.0.1	CxSCA
HIGH	Cxa3d118de-cd5a	Npm-scs-0.0.1	CxSCA
HIGH	Cxa5ada0ee-6049	Npm-scs-0.0.1	CxSCA
HIGH	Cxae48085a-09c1	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cxaed9caee-9b69	Npm-ua-parser-js-0.7.29	CxSCA
HIGH	Cxd4150d76-08b4	Npm-momnet-2.29.1	CxSCA
HIGH	Cxdf1b4505-4c19	Npm-flow-dev-tools-99.10.9	CxSCA
MEDIUM	Cx2efb698f-5697	Npm-scs-0.0.1	CxSCA
MEDIUM	Cx85751869-73b6	Npm-ua-parser-js-0.7.29	CxSCA
MEDIUM	Cx8c642b63-74a9	Npm-strong-type-0.1.6	CxSCA
MEDIUM	Cx8dde5330-1700	Npm-momnet-2.29.1	CxSCA
MEDIUM	Cxc5a757b4-e734	Npm-node-ipc-9.2.2	CxSCA
MEDIUM	Cxd61600dc-837b	Npm-node-ipc-9.2.2	CxSCA
MEDIUM	Cxf3ddeb30-6b88	Npm-event-pubsub-5.0.3	CxSCA

[Yoavast]

Checkmarx One – Scan Summary & Details – da2ca8b9-595f-48a9-8816-4f050587a2b7

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	ALB Listening on HTTP	/positive2.tf: 70	AWS Application Load Balancer (alb) should not listen on HTTP
	ALB Listening on HTTP	/positive1.tf: 9	AWS Application Load Balancer (alb) should not listen on HTTP
	EC2 Instance Has Public IP	/positive2.tf: 108	EC2 Instance should not have a public IP address.
	EC2 Instance Has Public IP	/negative2.tf: 96	EC2 Instance should not have a public IP address.
	EC2 Instance Has Public IP	/negative2.tf: 109	EC2 Instance should not have a public IP address.
	EC2 Instance Has Public IP	/positive2.tf: 82	EC2 Instance should not have a public IP address.
	EC2 Instance Has Public IP	/positive2.tf: 95	EC2 Instance should not have a public IP address.
	EC2 Instance Has Public IP	/negative2.tf: 83	EC2 Instance should not have a public IP address.
	Missing User Instruction	/Dockerfile: 1	A user should be specified in the dockerfile, otherwise the image will run as root
	ALB Not Dropping Invalid Headers	/negative1.tf: 15	It's considered a best practice when using Application Load Balancers to drop invalid header fields
	ALB Not Dropping Invalid Headers	/negative2.tf: 49	It's considered a best practice when using Application Load Balancers to drop invalid header fields
	ALB Not Dropping Invalid Headers	/positive1.tf: 15	It's considered a best practice when using Application Load Balancers to drop invalid header fields
	ALB Not Dropping Invalid Headers	/positive2.tf: 49	It's considered a best practice when using Application Load Balancers to drop invalid header fields
	Apt Get Install Pin Version Not Defined	/Dockerfile: 5	When installing a package, its pin version should be defined
	VPC Without Network Firewall	/negative2.tf: 26	VPC should have a Network Firewall associated
	VPC Without Network Firewall	/positive2.tf: 26	VPC should have a Network Firewall associated
	ALB Deletion Protection Disabled	/positive1.tf: 15	Application Load Balancer should have deletion protection enabled
	ALB Deletion Protection Disabled	/negative2.tf: 49	Application Load Balancer should have deletion protection enabled
	ALB Deletion Protection Disabled	/negative1.tf: 15	Application Load Balancer should have deletion protection enabled
	ALB Deletion Protection Disabled	/positive2.tf: 49	Application Load Balancer should have deletion protection enabled
	EC2 Instance Using Default Security Group	/negative2.tf: 97	EC2 instances should not use default security group(s)
	EC2 Instance Using Default Security Group	/positive2.tf: 96	EC2 instances should not use default security group(s)
	EC2 Instance Using Default Security Group	/positive2.tf: 109	EC2 instances should not use default security group(s)
	EC2 Instance Using Default Security Group	/negative2.tf: 110	EC2 instances should not use default security group(s)
	EC2 Instance Using Default Security Group	/negative2.tf: 84	EC2 instances should not use default security group(s)
	EC2 Instance Using Default Security Group	/positive2.tf: 83	EC2 instances should not use default security group(s)
	Healthcheck Instruction Missing	/Dockerfile: 1	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
	IAM Access Analyzer Not Enabled	/negative1.tf: 1	IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
	Shield Advanced Not In Use	/positive1.tf: 15	AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
	Shield Advanced Not In Use	/negative1.tf: 15	AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
	Shield Advanced Not In Use	/positive2.tf: 49	AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
	Shield Advanced Not In Use	/negative2.tf: 49	AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
	VPC FlowLogs Disabled	/positive2.tf: 26	Every VPC resource should have an associated Flow Log
	VPC FlowLogs Disabled	/negative2.tf: 26	Every VPC resource should have an associated Flow Log