📝 Code Report

8 vulnerabilities
0 High 8 Moderate 0 Low

home-ops

Home-Ops IaC GitOps

3 vulnerabilities
0 High 3 Moderate 0 Low

🕵️ Findings Details:

generic.secrets.security.detected-jwt-token.detected-jwt-token — JWT token detected
File: clusters/main/kubernetes/apps/mend-renovate/app/helm-release.yaml:60, Severity: Moderate
generic.secrets.security.detected-bcrypt-hash.detected-bcrypt-hash — bcrypt hash detected
File: clusters/main/kubernetes/flux-system/weave-gitops/app/helm-release.yaml:39, Severity: Moderate
yaml.kubernetes.security.privileged-container.privileged-container — Container or pod is running in privileged mode. This grants the container the equivalent of root capabilities on the host machine. This can lead to container escapes, privilege escalation, and other security concerns. Remove the 'privileged' key to disable this capability.
File: clusters/main/kubernetes/kube-system/cilium/app/helm-release.yaml:46, Severity: Moderate

rompatcherjs

RomPatcher.js

4 vulnerabilities
0 High 4 Moderate 0 Low

🕵️ Findings Details:

yaml.github-actions.security.github-actions-mutable-action-tag.github-actions-mutable-action-tag — GitHub Actions step uses a mutable tag or branch reference. Tags and branch names can be silently repointed by the action owner, enabling supply-chain attacks — as seen in the trivy-action and kics-github-action compromises. Pin the reference to a full 40-character commit SHA instead, e.g. `uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608`.
File: .github/workflows/docker-image.yml:24, Severity: Moderate
yaml.github-actions.security.github-actions-mutable-action-tag.github-actions-mutable-action-tag — GitHub Actions step uses a mutable tag or branch reference. Tags and branch names can be silently repointed by the action owner, enabling supply-chain attacks — as seen in the trivy-action and kics-github-action compromises. Pin the reference to a full 40-character commit SHA instead, e.g. `uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608`.
File: .github/workflows/docker-image.yml:58, Severity: Moderate
yaml.github-actions.security.github-actions-mutable-action-tag.github-actions-mutable-action-tag — GitHub Actions step uses a mutable tag or branch reference. Tags and branch names can be silently repointed by the action owner, enabling supply-chain attacks — as seen in the trivy-action and kics-github-action compromises. Pin the reference to a full 40-character commit SHA instead, e.g. `uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608`.
File: .github/workflows/docker-image.yml:69, Severity: Moderate
dockerfile.security.missing-user.missing-user — By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
File: Dockerfile:33, Severity: Moderate

apod

APOD project

0 vulnerabilities
0 High 0 Moderate 0 Low

🕵️ Findings Details:

None - All clear!

go-littlelinks-generator

GO LittleLinks Generator

1 vulnerability
0 High 1 Moderate 0 Low

🕵️ Findings Details:

go.lang.security.decompression_bomb.potential-dos-via-decompression-bomb — Detected a possible denial-of-service via a zip bomb attack. By limiting the max bytes read, you can mitigate this attack. `io.CopyN()` can specify a size.
File: internal/utils/download.go:138, Severity: Moderate