refractor code,
This commit is contained in:
@@ -0,0 +1,76 @@
|
||||
# Security Summary
|
||||
|
||||
Total findings: 712 | 🔴 1 CRITICAL | 🔴 21 HIGH | 🟡 59 MEDIUM | ⚪ 9 LOW
|
||||
|
||||
## Top Risks by File
|
||||
|
||||
| File | Findings | Severity | Top Issue |
|
||||
|------|----------|----------|-----------|
|
||||
| package-lock.json | 43 | 🔴 CRITICAL | CVE-2026-3449 |
|
||||
| Dockerfile.dev | 2 | 🔴 HIGH | Image user should not be 'root' |
|
||||
| Dockerfile.production | 2 | 🔴 HIGH | Image user should not be 'root' |
|
||||
| Dockerfile.test | 2 | 🔴 HIGH | Image user should not be 'root' |
|
||||
| /scan/node_modules/zod/...emplate-literal.test.ts | 6 | 🟡 MEDIUM | MongoDB (6×) |
|
||||
| /scan/node_modules/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) |
|
||||
| /scan/node_modules/fire...es/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) |
|
||||
| /scan/.env.docker.production.example | 1 | 🟡 MEDIUM | Postgres |
|
||||
| /scan/.env.local | 1 | 🟡 MEDIUM | Postgres |
|
||||
| /scan/.env.docker.dev | 1 | 🟡 MEDIUM | Postgres |
|
||||
|
||||
## By Severity
|
||||
|
||||
- 🔴 CRITICAL: 1
|
||||
- 🔴 HIGH: 21
|
||||
- 🟡 MEDIUM: 59
|
||||
- ⚪ LOW: 9
|
||||
- 🔵 INFO: 622
|
||||
|
||||
## Priority Analysis (EPSS/KEV)
|
||||
|
||||
Real-world exploit intelligence to focus on actual threats:
|
||||
|
||||
### 📊 High Exploit Probability: 2 CVEs
|
||||
|
||||
CVEs with >50% probability of being exploited in the next 30 days:
|
||||
|
||||
- 🔴 **CVE-2025-29927** (EPSS: 92.1%, 100th percentile)
|
||||
- File: `package-lock.json`
|
||||
- 🔴 **CVE-2024-51479** (EPSS: 78.5%, 99th percentile)
|
||||
- File: `package-lock.json`
|
||||
|
||||
### Priority Distribution
|
||||
|
||||
- 🔴 Critical Priority (≥80): 2
|
||||
- 🟠 High Priority (60-79): 1
|
||||
- 🟡 Medium Priority (40-59): 0
|
||||
- ⚪ Low Priority (<40): 709
|
||||
|
||||
## By Tool
|
||||
|
||||
- **syft**: 622 findings (🔵 622 INFO)
|
||||
- **trivy**: 49 findings (🔴 1 CRITICAL, 🔴 21 HIGH, 🟡 18 MEDIUM, ⚪ 9 LOW)
|
||||
- **trufflehog**: 41 findings (🟡 41 MEDIUM)
|
||||
|
||||
## Remediation Priorities
|
||||
|
||||
1. **Fix Image user should not be 'root'** (3 findings) → Review container security best practices
|
||||
2. **Update vulnerable dependencies** (19 CRITICAL/HIGH CVEs) → Run package updates
|
||||
|
||||
## By Category
|
||||
|
||||
- 📦 Other: 622 findings (87% of total)
|
||||
- 🛡️ Vulnerabilities: 49 findings (7% of total)
|
||||
- 🔑 Secrets: 41 findings (6% of total)
|
||||
|
||||
## Top Rules
|
||||
|
||||
- SBOM.PACKAGE: 622
|
||||
- Postgres: 13
|
||||
- URI: 13
|
||||
- MongoDB: 8
|
||||
- GitHubOauth2: 5
|
||||
- Image user should not be 'root': 3
|
||||
- No HEALTHCHECK defined: 3
|
||||
- GCP: 1
|
||||
- Circle: 1
|
||||
- CVE-2026-3449: 1
|
||||
Reference in New Issue
Block a user