Files
carmanagement/results/summaries/SUMMARY.md
T
2026-05-21 12:35:49 -04:00

2.2 KiB
Raw Blame History

Security Summary

Total findings: 712 | 🔴 1 CRITICAL | 🔴 21 HIGH | 🟡 59 MEDIUM | 9 LOW

Top Risks by File

File Findings Severity Top Issue
package-lock.json 43 🔴 CRITICAL CVE-2026-3449
Dockerfile.dev 2 🔴 HIGH Image user should not be 'root'
Dockerfile.production 2 🔴 HIGH Image user should not be 'root'
Dockerfile.test 2 🔴 HIGH Image user should not be 'root'
/scan/node_modules/zod/...emplate-literal.test.ts 6 🟡 MEDIUM MongoDB (6×)
/scan/node_modules/@types/node/url.d.ts 3 🟡 MEDIUM URI (3×)
/scan/node_modules/fire...es/@types/node/url.d.ts 3 🟡 MEDIUM URI (3×)
/scan/.env.docker.production.example 1 🟡 MEDIUM Postgres
/scan/.env.local 1 🟡 MEDIUM Postgres
/scan/.env.docker.dev 1 🟡 MEDIUM Postgres

By Severity

  • 🔴 CRITICAL: 1
  • 🔴 HIGH: 21
  • 🟡 MEDIUM: 59
  • LOW: 9
  • 🔵 INFO: 622

Priority Analysis (EPSS/KEV)

Real-world exploit intelligence to focus on actual threats:

📊 High Exploit Probability: 2 CVEs

CVEs with >50% probability of being exploited in the next 30 days:

  • 🔴 CVE-2025-29927 (EPSS: 92.1%, 100th percentile)
    • File: package-lock.json
  • 🔴 CVE-2024-51479 (EPSS: 78.5%, 99th percentile)
    • File: package-lock.json

Priority Distribution

  • 🔴 Critical Priority (≥80): 2
  • 🟠 High Priority (60-79): 1
  • 🟡 Medium Priority (40-59): 0
  • Low Priority (<40): 709

By Tool

  • syft: 622 findings (🔵 622 INFO)
  • trivy: 49 findings (🔴 1 CRITICAL, 🔴 21 HIGH, 🟡 18 MEDIUM, 9 LOW)
  • trufflehog: 41 findings (🟡 41 MEDIUM)

Remediation Priorities

  1. Fix Image user should not be 'root' (3 findings) → Review container security best practices
  2. Update vulnerable dependencies (19 CRITICAL/HIGH CVEs) → Run package updates

By Category

  • 📦 Other: 622 findings (87% of total)
  • 🛡️ Vulnerabilities: 49 findings (7% of total)
  • 🔑 Secrets: 41 findings (6% of total)

Top Rules

  • SBOM.PACKAGE: 622
  • Postgres: 13
  • URI: 13
  • MongoDB: 8
  • GitHubOauth2: 5
  • Image user should not be 'root': 3
  • No HEALTHCHECK defined: 3
  • GCP: 1
  • Circle: 1
  • CVE-2026-3449: 1