=== exit code
1
=== end of exit code

=== stdout - plain
{
  "$schema": "https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/sast-report-format.json",
  "scan": {
    "analyzer": {
      "id": "semgrep",
      "name": "Semgrep",
      "url": "https://semgrep.dev",
      "vendor": {
        "name": "Semgrep"
      },
      "version": "<MASKED>"
    },
    "end_time": "<MASKED>",
    "scanner": {
      "id": "semgrep",
      "name": "Semgrep",
      "url": "https://semgrep.dev",
      "vendor": {
        "name": "Semgrep"
      },
      "version": "<MASKED>"
    },
    "start_time": "<MASKED>",
    "status": "success",
    "type": "sast",
    "version": "<MASKED>"
  },
  "version": "15.0.4",
  "vulnerabilities": [
    {
      "category": "sast",
      "cve": "foo.py:b08fd7a517303ab07cfa211f74d03c1a4c2e64b3b0656d84ff32ecb449b785d2:eqeq-bad",
      "description": "useless comparison",
      "details": {},
      "flags": [],
      "id": "8c695a6a-4ab5-ffff-33d0-103309a310c1",
      "identifiers": [
        {
          "name": "Semgrep - eqeq-bad",
          "type": "semgrep_type",
          "url": "https://semgrep.dev/r/eqeq-bad",
          "value": "eqeq-bad"
        }
      ],
      "location": {
        "end_line": 4,
        "file": "foo.py",
        "start_line": 4
      },
      "message": "useless comparison",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep",
        "vendor": {
          "name": "Semgrep"
        }
      },
      "severity": "High"
    },
    {
      "category": "sast",
      "cve": "foo.py:b08fd7a517303ab07cfa211f74d03c1a4c2e64b3b0656d84ff32ecb449b785d2:eqeq-bad",
      "description": "useless comparison",
      "details": {},
      "flags": [],
      "id": "8abb389b-2f01-d0e5-2d66-3251e1d24ba7",
      "identifiers": [
        {
          "name": "Semgrep - eqeq-bad",
          "type": "semgrep_type",
          "url": "https://semgrep.dev/r/eqeq-bad",
          "value": "eqeq-bad"
        }
      ],
      "location": {
        "end_line": 5,
        "file": "foo.py",
        "start_line": 5
      },
      "message": "useless comparison",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep",
        "vendor": {
          "name": "Semgrep"
        }
      },
      "severity": "High"
    },
    {
      "category": "sast",
      "cve": "foo.py:b08fd7a517303ab07cfa211f74d03c1a4c2e64b3b0656d84ff32ecb449b785d2:eqeq-bad",
      "description": "useless comparison",
      "details": {},
      "flags": [],
      "id": "f6c666e6-921a-4402-8a20-15d0de15cc14",
      "identifiers": [
        {
          "name": "Semgrep - eqeq-bad",
          "type": "semgrep_type",
          "url": "https://semgrep.dev/r/eqeq-bad",
          "value": "eqeq-bad"
        }
      ],
      "location": {
        "end_line": 7,
        "file": "foo.py",
        "start_line": 7
      },
      "message": "useless comparison",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep",
        "vendor": {
          "name": "Semgrep"
        }
      },
      "severity": "High"
    },
    {
      "category": "sast",
      "cve": "foo.py:b08fd7a517303ab07cfa211f74d03c1a4c2e64b3b0656d84ff32ecb449b785d2:eqeq-bad",
      "description": "useless comparison",
      "details": {},
      "flags": [],
      "id": "d4404942-1636-e370-e790-6a6bed5fce54",
      "identifiers": [
        {
          "name": "Semgrep - eqeq-bad",
          "type": "semgrep_type",
          "url": "https://semgrep.dev/r/eqeq-bad",
          "value": "eqeq-bad"
        }
      ],
      "location": {
        "end_line": 11,
        "file": "foo.py",
        "start_line": 11
      },
      "message": "useless comparison",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep",
        "vendor": {
          "name": "Semgrep"
        }
      },
      "severity": "High"
    },
    {
      "category": "sast",
      "cve": "foo.py:b08fd7a517303ab07cfa211f74d03c1a4c2e64b3b0656d84ff32ecb449b785d2:eqeq-five",
      "description": "useless comparison to 5",
      "details": {},
      "flags": [],
      "id": "8646a2df-c020-9136-0696-9dcfe84e53c0",
      "identifiers": [
        {
          "name": "Semgrep - eqeq-five",
          "type": "semgrep_type",
          "url": "https://semgrep.dev/r/eqeq-five",
          "value": "eqeq-five"
        }
      ],
      "location": {
        "end_line": 15,
        "file": "foo.py",
        "start_line": 15
      },
      "message": "useless comparison to 5",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep",
        "vendor": {
          "name": "Semgrep"
        }
      },
      "severity": "High"
    },
    {
      "category": "sast",
      "cve": "foo.py:b08fd7a517303ab07cfa211f74d03c1a4c2e64b3b0656d84ff32ecb449b785d2:eqeq-four",
      "description": "useless comparison to 4",
      "details": {},
      "flags": [],
      "id": "87cd1247-dfc8-4bbd-502c-872035c71a63",
      "identifiers": [
        {
          "name": "Semgrep - eqeq-four",
          "type": "semgrep_type",
          "url": "https://semgrep.dev/r/eqeq-four",
          "value": "eqeq-four"
        }
      ],
      "location": {
        "end_line": 19,
        "file": "foo.py",
        "start_line": 19
      },
      "message": "useless comparison to 4",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep",
        "vendor": {
          "name": "Semgrep"
        }
      },
      "severity": "High"
    },
    {
      "category": "sast",
      "cve": "foo.py:b08fd7a517303ab07cfa211f74d03c1a4c2e64b3b0656d84ff32ecb449b785d2:taint-test",
      "description": "unsafe use of danger",
      "details": {},
      "flags": [],
      "id": "05a6d679-3a62-42a4-9ff8-3113ef4a83b3",
      "identifiers": [
        {
          "name": "Semgrep - taint-test",
          "type": "semgrep_type",
          "url": "https://semgrep.dev/r/taint-test",
          "value": "taint-test"
        }
      ],
      "location": {
        "end_line": 27,
        "file": "foo.py",
        "start_line": 27
      },
      "message": "unsafe use of danger",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep",
        "vendor": {
          "name": "Semgrep"
        }
      },
      "severity": "Medium"
    },
    {
      "category": "sast",
      "cve": "poetry.lock:f53a023eedfa3fbf2925ec7dc76eecdc954ea94b7e47065393dbad519613dc89:supply-chain1",
      "description": "found a dependency",
      "details": {
        "exposure": {
          "name": "exposure",
          "type": "text",
          "value": "reachable"
        }
      },
      "flags": [],
      "id": "33cc4a1a-63bd-a197-79c4-f4bd6491df4a",
      "identifiers": [
        {
          "name": "Semgrep - supply-chain1",
          "type": "semgrep_type",
          "url": "https://semgrep.dev/-/advisories/supply-chain1",
          "value": "supply-chain1"
        }
      ],
      "location": {
        "end_line": 2,
        "file": "poetry.lock",
        "start_line": 2
      },
      "message": "found a dependency",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep",
        "vendor": {
          "name": "Semgrep"
        }
      },
      "severity": "High"
    }
  ]
}
=== end of stdout - plain

=== stderr - plain


┌────────────────┐
│ Debugging Info │
└────────────────┘

  SCAN ENVIRONMENT
  versions    - semgrep <MASKED> on python <MASKED>
  environment - running in environment git, triggering event is unknown

  CONNECTION
  Initializing scan (deployment=org_name, scan_id=12345)
  Enabled products: Code, Supply Chain

┌─────────────┐
│ Scan Status │
└─────────────┘
  Scanning 4 files tracked by git with 4 Code rules, 3 Supply Chain rules:


  CODE RULES
  Scanning 1 file with 4 python rules.

  SUPPLY CHAIN RULES
  Scanning 1 file and 2 dependency sources.

  Dependency Sources   Resolution Method   Ecosystem   Dependencies   Rules
 ───────────────────────────────────────────────────────────────────────────
  poetry.lock          Lockfile            Pypi        3                  1
  yarn.lock            Lockfile            Npm         1                  2

  Uploading scan results
  Finalizing scan

┌──────────────┐
│ Scan Summary │
└──────────────┘
✅ CI scan completed successfully.
 • Findings: 8 (6 blocking)
 • Rules run: 7
 • Targets scanned: 3
 • Parsed lines: ~100.0%
 • Scan was limited to files tracked by git
 • For a detailed list of skipped files and lines, run semgrep with the --verbose flag
CI scan completed successfully.
  View results in Semgrep Cloud Platform:
    https://semgrep.dev/orgs/org_name/findings?repo=local_scan/checkout_project_name&ref=some/branch-name
    https://semgrep.dev/orgs/org_name/supply-chain/vulnerabilities?repo=local_scan/checkout_project_name&ref=some/branch-name
  Has findings for blocking rules so exiting with code 1
Test Reason

=== end of stderr - plain

=== stdout - color
<same as above: stdout - plain>
=== end of stdout - color

=== stderr - color
<same as above: stderr - plain>
=== end of stderr - color