=== exit code
1
=== end of exit code

=== stdout - plain
{
  "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json",
  "runs": [
    {
      "invocations": [
        {
          "executionSuccessful": true,
          "toolExecutionNotifications": []
        }
      ],
      "results": [
        {
          "fingerprints": {
            "matchBasedId/v1": "0357b19d63972f62544383b820b32bdcbeda622708aa4a5b798b8cac7290deacdbb32468495f0b29732cfcaa0ff9fe9ec3ca672f4fcc67f987cd889ac08b1c6a_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 4,
                  "snippet": {
                    "text": "    a == a"
                  },
                  "startColumn": 5,
                  "startLine": 4
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison"
          },
          "properties": {},
          "ruleId": "eqeq-bad"
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "0357b19d63972f62544383b820b32bdcbeda622708aa4a5b798b8cac7290deacdbb32468495f0b29732cfcaa0ff9fe9ec3ca672f4fcc67f987cd889ac08b1c6a_1"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 5,
                  "snippet": {
                    "text": "    a == a"
                  },
                  "startColumn": 5,
                  "startLine": 5
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison"
          },
          "properties": {},
          "ruleId": "eqeq-bad"
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "0357b19d63972f62544383b820b32bdcbeda622708aa4a5b798b8cac7290deacdbb32468495f0b29732cfcaa0ff9fe9ec3ca672f4fcc67f987cd889ac08b1c6a_2"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 6,
                  "snippet": {
                    "text": "    a == a  # nosemgrep"
                  },
                  "startColumn": 5,
                  "startLine": 6
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison"
          },
          "properties": {},
          "ruleId": "eqeq-bad",
          "suppressions": [
            {
              "kind": "inSource"
            }
          ]
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "0357b19d63972f62544383b820b32bdcbeda622708aa4a5b798b8cac7290deacdbb32468495f0b29732cfcaa0ff9fe9ec3ca672f4fcc67f987cd889ac08b1c6a_3"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 7,
                  "snippet": {
                    "text": "    a == a"
                  },
                  "startColumn": 5,
                  "startLine": 7
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison"
          },
          "properties": {},
          "ruleId": "eqeq-bad"
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "83fb2cbc6be00fffc142621a1b10702bdd228f97c42ca16ba5f902ec393231e1424bed8472cec7c9213190cb1f576e5a495b3aba5cef09ac2791715d3bf9e983_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 9,
                  "snippet": {
                    "text": "    x == x  # nosemgrep"
                  },
                  "startColumn": 5,
                  "startLine": 9
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison"
          },
          "properties": {},
          "ruleId": "eqeq-bad",
          "suppressions": [
            {
              "kind": "inSource"
            }
          ]
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "5efd0945774f190445f7cf2b0b85568a845cc46dddc11e029205b882436dccf78e12a752408c13dfe97b572f8bc795099ca0bddb89b3040afcaf6a6d8c17b570_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 11,
                  "snippet": {
                    "text": "    y == y"
                  },
                  "startColumn": 5,
                  "startLine": 11
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison"
          },
          "properties": {},
          "ruleId": "eqeq-bad"
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "f33d61e2c4592fb3a295213cb9d829c7d314041cef354f9b4199bf18526d72df596c0ef4c8e56289511e1ea8e2183752f403fd922f382d090846c456744367d2_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 13,
                  "snippet": {
                    "text": "    z == z  # nosemgrep"
                  },
                  "startColumn": 5,
                  "startLine": 13
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison"
          },
          "properties": {},
          "ruleId": "eqeq-bad",
          "suppressions": [
            {
              "kind": "inSource"
            }
          ]
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "186b96f64aca90b7f5a9c75f2e44538885d0e727ed3161ef7b6d46c40b3d078acfc8859b290e118cb8ca42f5b41e61afe73b0f416f47a2f16abce67b1be307d3_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 15,
                  "snippet": {
                    "text": "    x == 5"
                  },
                  "startColumn": 5,
                  "startLine": 15
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison to 5"
          },
          "properties": {},
          "ruleId": "eqeq-five"
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "d2d0825f113f2fee5f7cbd5fb160772b3f3ab5043120b912101f2f20d4a0cce42df32b8e89f889f945daa1b216f9755eb958b9cb73c4c4ddf2ef5ecd0b4d1ad3_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 11,
                  "endLine": 16,
                  "snippet": {
                    "text": "    y == 5  # nosemgrep"
                  },
                  "startColumn": 5,
                  "startLine": 16
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison to 5"
          },
          "properties": {},
          "ruleId": "eqeq-five",
          "suppressions": [
            {
              "kind": "inSource"
            }
          ]
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "e7f900087df67093981e7d10847997734cfe6e3f1bcca3e05b81ff799e15d217834c0ae1d8114b52bef34242153efcbd3708167ca823100cdca2a843046972b8_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 13,
                  "endLine": 18,
                  "snippet": {
                    "text": "    baz == 4  # nosemgrep"
                  },
                  "startColumn": 5,
                  "startLine": 18
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison to 4"
          },
          "properties": {},
          "ruleId": "eqeq-four",
          "suppressions": [
            {
              "kind": "inSource"
            }
          ]
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "e7f900087df67093981e7d10847997734cfe6e3f1bcca3e05b81ff799e15d217834c0ae1d8114b52bef34242153efcbd3708167ca823100cdca2a843046972b8_1"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 13,
                  "endLine": 19,
                  "snippet": {
                    "text": "    baz == 4"
                  },
                  "startColumn": 5,
                  "startLine": 19
                }
              }
            }
          ],
          "message": {
            "text": "useless comparison to 4"
          },
          "properties": {},
          "ruleId": "eqeq-four"
        },
        {
          "codeFlows": [
            {
              "message": {
                "text": "Untrusted dataflow from foo.py:26 to foo.py:27"
              },
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "message": {
                          "text": "Source: 'danger' @ 'foo.py:26'"
                        },
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "foo.py"
                          },
                          "region": {
                            "endColumn": 16,
                            "endLine": 26,
                            "message": {
                              "text": "Source: 'danger' @ 'foo.py:26'"
                            },
                            "snippet": {
                              "text": "danger"
                            },
                            "startColumn": 10,
                            "startLine": 26
                          }
                        }
                      },
                      "nestingLevel": 0
                    },
                    {
                      "location": {
                        "message": {
                          "text": "Propagator : 'd2' @ 'foo.py:26'"
                        },
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "foo.py"
                          },
                          "region": {
                            "endColumn": 7,
                            "endLine": 26,
                            "message": {
                              "text": "Propagator : 'd2' @ 'foo.py:26'"
                            },
                            "snippet": {
                              "text": "d2"
                            },
                            "startColumn": 5,
                            "startLine": 26
                          }
                        }
                      },
                      "nestingLevel": 0
                    },
                    {
                      "location": {
                        "message": {
                          "text": "Sink: 'sink(d2)' @ 'foo.py:27'"
                        },
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "foo.py"
                          },
                          "region": {
                            "endColumn": 13,
                            "endLine": 27,
                            "message": {
                              "text": "Sink: 'sink(d2)' @ 'foo.py:27'"
                            },
                            "snippet": {
                              "text": "    sink(d2)"
                            },
                            "startColumn": 5,
                            "startLine": 27
                          }
                        }
                      },
                      "nestingLevel": 1
                    }
                  ]
                }
              ]
            }
          ],
          "fingerprints": {
            "matchBasedId/v1": "e160d5d9982bc004e18272a890af8fc2539063a06782d2f509b2c2d9b7e58c5b095443b568847f7c9ab25f68f9b5c7a1dea764e514d0480bab7b12dca08f4a57_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "foo.py",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 13,
                  "endLine": 27,
                  "snippet": {
                    "text": "    sink(d2)"
                  },
                  "startColumn": 5,
                  "startLine": 27
                }
              }
            }
          ],
          "message": {
            "text": "unsafe use of danger"
          },
          "properties": {},
          "ruleId": "taint-test"
        },
        {
          "fingerprints": {
            "matchBasedId/v1": "2c4ff12fcdf80ef1c00dd0f566ae102d792c7ba68e560d70f111aae3b3216c0b1b943e74d2ce29c0361f1fbc37bd4e9aafd32c3435a36c61b8bd3963efe0d7a1_0"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "poetry.lock",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 1,
                  "endLine": 2,
                  "snippet": {
                    "text": "name = \"badlib\""
                  },
                  "startColumn": 1,
                  "startLine": 2
                }
              }
            }
          ],
          "message": {
            "text": "found a dependency"
          },
          "properties": {
            "exposure": "reachable"
          },
          "ruleId": "supply-chain1"
        }
      ],
      "tool": {
        "driver": {
          "name": "Semgrep OSS",
          "rules": [
            {
              "defaultConfiguration": {
                "level": "error"
              },
              "fullDescription": {
                "text": "useless comparison"
              },
              "help": {
                "markdown": "useless comparison\n\n<b>References:</b>\n - [Semgrep Rule](https://semgrep.dev/r/eqeq-bad)\n",
                "text": "useless comparison"
              },
              "helpUri": "https://semgrep.dev/r/eqeq-bad",
              "id": "eqeq-bad",
              "name": "eqeq-bad",
              "properties": {
                "precision": "very-high",
                "tags": []
              },
              "shortDescription": {
                "text": "Semgrep Finding: eqeq-bad"
              }
            },
            {
              "defaultConfiguration": {
                "level": "error"
              },
              "fullDescription": {
                "text": "useless comparison to 5"
              },
              "help": {
                "markdown": "useless comparison to 5\n\n<b>References:</b>\n - [Semgrep Rule](https://semgrep.dev/r/eqeq-five)\n",
                "text": "useless comparison to 5"
              },
              "helpUri": "https://semgrep.dev/r/eqeq-five",
              "id": "eqeq-five",
              "name": "eqeq-five",
              "properties": {
                "precision": "very-high",
                "tags": []
              },
              "shortDescription": {
                "text": "Semgrep Finding: eqeq-five"
              }
            },
            {
              "defaultConfiguration": {
                "level": "error"
              },
              "fullDescription": {
                "text": "useless comparison to 4"
              },
              "help": {
                "markdown": "useless comparison to 4\n\n<b>References:</b>\n - [Semgrep Rule](https://semgrep.dev/r/eqeq-four)\n",
                "text": "useless comparison to 4"
              },
              "helpUri": "https://semgrep.dev/r/eqeq-four",
              "id": "eqeq-four",
              "name": "eqeq-four",
              "properties": {
                "precision": "very-high",
                "tags": []
              },
              "shortDescription": {
                "text": "Semgrep Finding: eqeq-four"
              }
            },
            {
              "defaultConfiguration": {
                "level": "error"
              },
              "fullDescription": {
                "text": "found a dependency"
              },
              "help": {
                "markdown": "found a dependency\n\n<b>References:</b>\n - [Semgrep Rule](https://semgrep.dev/-/advisories/supply-chain1)\n",
                "text": "found a dependency"
              },
              "helpUri": "https://semgrep.dev/-/advisories/supply-chain1",
              "id": "supply-chain1",
              "name": "supply-chain1",
              "properties": {
                "precision": "very-high",
                "tags": []
              },
              "shortDescription": {
                "text": "Semgrep Finding: supply-chain1"
              }
            },
            {
              "defaultConfiguration": {
                "level": "warning"
              },
              "fullDescription": {
                "text": "unsafe use of danger"
              },
              "help": {
                "markdown": "unsafe use of danger\n\n<b>References:</b>\n - [Semgrep Rule](https://semgrep.dev/r/taint-test)\n",
                "text": "unsafe use of danger"
              },
              "helpUri": "https://semgrep.dev/r/taint-test",
              "id": "taint-test",
              "name": "taint-test",
              "properties": {
                "precision": "very-high",
                "tags": []
              },
              "shortDescription": {
                "text": "Semgrep Finding: taint-test"
              }
            }
          ],
          "semanticVersion": "<MASKED>"
        }
      }
    }
  ],
  "version": "2.1.0"
}
=== end of stdout - plain

=== stderr - plain


┌────────────────┐
│ Debugging Info │
└────────────────┘

  SCAN ENVIRONMENT
  versions    - semgrep <MASKED> on python <MASKED>
  environment - running in environment git, triggering event is unknown

  CONNECTION
  Initializing scan (deployment=org_name, scan_id=12345)
  Enabled products: Code, Supply Chain

┌─────────────┐
│ Scan Status │
└─────────────┘
  Scanning 4 files tracked by git with 4 Code rules, 3 Supply Chain rules:


  CODE RULES
  Scanning 1 file with 4 python rules.

  SUPPLY CHAIN RULES
  Scanning 1 file and 2 dependency sources.

  Dependency Sources   Resolution Method   Ecosystem   Dependencies   Rules
 ───────────────────────────────────────────────────────────────────────────
  poetry.lock          Lockfile            Pypi        3                  1
  yarn.lock            Lockfile            Npm         1                  2

  Uploading scan results
  Finalizing scan

┌──────────────┐
│ Scan Summary │
└──────────────┘
✅ CI scan completed successfully.
 • Findings: 13 (10 blocking)
 • Rules run: 7
 • Targets scanned: 3
 • Parsed lines: ~100.0%
 • Scan was limited to files tracked by git
 • For a detailed list of skipped files and lines, run semgrep with the --verbose flag
CI scan completed successfully.
  View results in Semgrep Cloud Platform:
    https://semgrep.dev/orgs/org_name/findings?repo=local_scan/checkout_project_name&ref=some/branch-name
    https://semgrep.dev/orgs/org_name/supply-chain/vulnerabilities?repo=local_scan/checkout_project_name&ref=some/branch-name
  Has findings for blocking rules so exiting with code 1
Test Reason

=== end of stderr - plain

=== stdout - color
<same as above: stdout - plain>
=== end of stdout - color

=== stderr - color
<same as above: stderr - plain>
=== end of stderr - color