refractor code,

This commit is contained in:
root
2026-05-21 12:35:49 -04:00
parent e74681e810
commit f009ca10c6
158 changed files with 215801 additions and 5884 deletions
+76
View File
@@ -0,0 +1,76 @@
# Security Summary
Total findings: 712 | 🔴 1 CRITICAL | 🔴 21 HIGH | 🟡 59 MEDIUM | ⚪ 9 LOW
## Top Risks by File
| File | Findings | Severity | Top Issue |
|------|----------|----------|-----------|
| package-lock.json | 43 | 🔴 CRITICAL | CVE-2026-3449 |
| Dockerfile.dev | 2 | 🔴 HIGH | Image user should not be 'root' |
| Dockerfile.production | 2 | 🔴 HIGH | Image user should not be 'root' |
| Dockerfile.test | 2 | 🔴 HIGH | Image user should not be 'root' |
| /scan/node_modules/zod/...emplate-literal.test.ts | 6 | 🟡 MEDIUM | MongoDB (6×) |
| /scan/node_modules/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) |
| /scan/node_modules/fire...es/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) |
| /scan/.env.docker.production.example | 1 | 🟡 MEDIUM | Postgres |
| /scan/.env.local | 1 | 🟡 MEDIUM | Postgres |
| /scan/.env.docker.dev | 1 | 🟡 MEDIUM | Postgres |
## By Severity
- 🔴 CRITICAL: 1
- 🔴 HIGH: 21
- 🟡 MEDIUM: 59
- ⚪ LOW: 9
- 🔵 INFO: 622
## Priority Analysis (EPSS/KEV)
Real-world exploit intelligence to focus on actual threats:
### 📊 High Exploit Probability: 2 CVEs
CVEs with >50% probability of being exploited in the next 30 days:
- 🔴 **CVE-2025-29927** (EPSS: 92.1%, 100th percentile)
- File: `package-lock.json`
- 🔴 **CVE-2024-51479** (EPSS: 78.5%, 99th percentile)
- File: `package-lock.json`
### Priority Distribution
- 🔴 Critical Priority (≥80): 2
- 🟠 High Priority (60-79): 1
- 🟡 Medium Priority (40-59): 0
- ⚪ Low Priority (<40): 709
## By Tool
- **syft**: 622 findings (🔵 622 INFO)
- **trivy**: 49 findings (🔴 1 CRITICAL, 🔴 21 HIGH, 🟡 18 MEDIUM, ⚪ 9 LOW)
- **trufflehog**: 41 findings (🟡 41 MEDIUM)
## Remediation Priorities
1. **Fix Image user should not be 'root'** (3 findings) → Review container security best practices
2. **Update vulnerable dependencies** (19 CRITICAL/HIGH CVEs) → Run package updates
## By Category
- 📦 Other: 622 findings (87% of total)
- 🛡️ Vulnerabilities: 49 findings (7% of total)
- 🔑 Secrets: 41 findings (6% of total)
## Top Rules
- SBOM.PACKAGE: 622
- Postgres: 13
- URI: 13
- MongoDB: 8
- GitHubOauth2: 5
- Image user should not be 'root': 3
- No HEALTHCHECK defined: 3
- GCP: 1
- Circle: 1
- CVE-2026-3449: 1