=== exit code
1
=== end of exit code

=== stdout - plain


┌────────────────┐
│ Debugging Info │
└────────────────┘

  SCAN ENVIRONMENT
  versions    - semgrep <MASKED> on python <MASKED>
  environment - running in environment github-actions, triggering event is push

  CONNECTION
  Initializing scan (deployment=org_name, scan_id=12345)
  Enabled products: Code, Supply Chain

┌─────────────┐
│ Scan Status │
└─────────────┘
  Scanning 4 files tracked by git with 4 Code rules, 3 Supply Chain rules:


  CODE RULES
  Scanning 1 file with 4 python rules.

  SUPPLY CHAIN RULES
  Scanning 1 file and 2 dependency sources.

  Dependency Sources   Resolution Method   Ecosystem   Dependencies   Rules
 ───────────────────────────────────────────────────────────────────────────
  poetry.lock          Lockfile            Pypi        3                  1
  yarn.lock            Lockfile            Npm         1                  2

  Uploading scan results
  Finalizing scan

┌──────────────────────────┐
│ 6 Blocking Code Findings │
└──────────────────────────┘

    foo.py
   ❯❯❱ eqeq-bad
          useless comparison

            4┆ a == a
            ⋮┆----------------------------------------
            5┆ a == a
            ⋮┆----------------------------------------
            7┆ a == a
            ⋮┆----------------------------------------
           11┆ y == y

   ❯❯❱ eqeq-four
          useless comparison to 4

           19┆ baz == 4

    ❯❱ taint-test
          unsafe use of danger

           27┆ sink(d2)


┌──────────────────────────────────┐
│ 1 Reachable Supply Chain Finding │
└──────────────────────────────────┘

    poetry.lock
   ❯❯❱ supply-chain1
          found a dependency

            2┆ name = "badlib"


┌─────────────────────────────┐
│ 1 Non-blocking Code Finding │
└─────────────────────────────┘

    foo.py
   ❯❯❱ eqeq-five
          useless comparison to 5

           ▶▶┆ Autofix ▶ (x == 2)
           15┆ x == 5

  BLOCKING CODE RULES FIRED:
    eqeq-bad
    eqeq-four
    taint-test



┌──────────────┐
│ Scan Summary │
└──────────────┘
✅ CI scan completed successfully.
 • Findings: 8 (6 blocking)
 • Rules run: 7
 • Targets scanned: 3
 • Parsed lines: ~100.0%
 • Scan was limited to files tracked by git
 • For a detailed list of skipped files and lines, run semgrep with the --verbose flag
CI scan completed successfully.
  View results in Semgrep Cloud Platform:
    https://semgrep.dev/orgs/org_name/findings?repo=project_name/project_name&ref=refs/heads/some/branch-name
    https://semgrep.dev/orgs/org_name/supply-chain/vulnerabilities?repo=project_name/project_name&ref=refs/heads/some/branch-name
  Has findings for blocking rules so exiting with code 1
Test Reason

=== end of stdout - plain

=== stderr - plain

=== end of stderr - plain

=== stdout - color
<same as above: stdout - plain>
=== end of stdout - color

=== stderr - color
<same as above: stderr - plain>
=== end of stderr - color