2.2 KiB
2.2 KiB
Security Summary
Total findings: 712 | 🔴 1 CRITICAL | 🔴 21 HIGH | 🟡 59 MEDIUM | ⚪ 9 LOW
Top Risks by File
| File | Findings | Severity | Top Issue |
|---|---|---|---|
| package-lock.json | 43 | 🔴 CRITICAL | CVE-2026-3449 |
| Dockerfile.dev | 2 | 🔴 HIGH | Image user should not be 'root' |
| Dockerfile.production | 2 | 🔴 HIGH | Image user should not be 'root' |
| Dockerfile.test | 2 | 🔴 HIGH | Image user should not be 'root' |
| /scan/node_modules/zod/...emplate-literal.test.ts | 6 | 🟡 MEDIUM | MongoDB (6×) |
| /scan/node_modules/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) |
| /scan/node_modules/fire...es/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) |
| /scan/.env.docker.production.example | 1 | 🟡 MEDIUM | Postgres |
| /scan/.env.local | 1 | 🟡 MEDIUM | Postgres |
| /scan/.env.docker.dev | 1 | 🟡 MEDIUM | Postgres |
By Severity
- 🔴 CRITICAL: 1
- 🔴 HIGH: 21
- 🟡 MEDIUM: 59
- ⚪ LOW: 9
- 🔵 INFO: 622
Priority Analysis (EPSS/KEV)
Real-world exploit intelligence to focus on actual threats:
📊 High Exploit Probability: 2 CVEs
CVEs with >50% probability of being exploited in the next 30 days:
- 🔴 CVE-2025-29927 (EPSS: 92.1%, 100th percentile)
- File:
package-lock.json
- File:
- 🔴 CVE-2024-51479 (EPSS: 78.5%, 99th percentile)
- File:
package-lock.json
- File:
Priority Distribution
- 🔴 Critical Priority (≥80): 2
- 🟠 High Priority (60-79): 1
- 🟡 Medium Priority (40-59): 0
- ⚪ Low Priority (<40): 709
By Tool
- syft: 622 findings (🔵 622 INFO)
- trivy: 49 findings (🔴 1 CRITICAL, 🔴 21 HIGH, 🟡 18 MEDIUM, ⚪ 9 LOW)
- trufflehog: 41 findings (🟡 41 MEDIUM)
Remediation Priorities
- Fix Image user should not be 'root' (3 findings) → Review container security best practices
- Update vulnerable dependencies (19 CRITICAL/HIGH CVEs) → Run package updates
By Category
- 📦 Other: 622 findings (87% of total)
- 🛡️ Vulnerabilities: 49 findings (7% of total)
- 🔑 Secrets: 41 findings (6% of total)
Top Rules
- SBOM.PACKAGE: 622
- Postgres: 13
- URI: 13
- MongoDB: 8
- GitHubOauth2: 5
- Image user should not be 'root': 3
- No HEALTHCHECK defined: 3
- GCP: 1
- Circle: 1
- CVE-2026-3449: 1