Files
carmanagement/results/summaries/SUMMARY.md
T
2026-05-21 12:35:49 -04:00

77 lines
2.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Security Summary
Total findings: 712 | 🔴 1 CRITICAL | 🔴 21 HIGH | 🟡 59 MEDIUM | ⚪ 9 LOW
## Top Risks by File
| File | Findings | Severity | Top Issue |
|------|----------|----------|-----------|
| package-lock.json | 43 | 🔴 CRITICAL | CVE-2026-3449 |
| Dockerfile.dev | 2 | 🔴 HIGH | Image user should not be 'root' |
| Dockerfile.production | 2 | 🔴 HIGH | Image user should not be 'root' |
| Dockerfile.test | 2 | 🔴 HIGH | Image user should not be 'root' |
| /scan/node_modules/zod/...emplate-literal.test.ts | 6 | 🟡 MEDIUM | MongoDB (6×) |
| /scan/node_modules/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) |
| /scan/node_modules/fire...es/@types/node/url.d.ts | 3 | 🟡 MEDIUM | URI (3×) |
| /scan/.env.docker.production.example | 1 | 🟡 MEDIUM | Postgres |
| /scan/.env.local | 1 | 🟡 MEDIUM | Postgres |
| /scan/.env.docker.dev | 1 | 🟡 MEDIUM | Postgres |
## By Severity
- 🔴 CRITICAL: 1
- 🔴 HIGH: 21
- 🟡 MEDIUM: 59
- ⚪ LOW: 9
- 🔵 INFO: 622
## Priority Analysis (EPSS/KEV)
Real-world exploit intelligence to focus on actual threats:
### 📊 High Exploit Probability: 2 CVEs
CVEs with >50% probability of being exploited in the next 30 days:
- 🔴 **CVE-2025-29927** (EPSS: 92.1%, 100th percentile)
- File: `package-lock.json`
- 🔴 **CVE-2024-51479** (EPSS: 78.5%, 99th percentile)
- File: `package-lock.json`
### Priority Distribution
- 🔴 Critical Priority (≥80): 2
- 🟠 High Priority (60-79): 1
- 🟡 Medium Priority (40-59): 0
- ⚪ Low Priority (<40): 709
## By Tool
- **syft**: 622 findings (🔵 622 INFO)
- **trivy**: 49 findings (🔴 1 CRITICAL, 🔴 21 HIGH, 🟡 18 MEDIUM, ⚪ 9 LOW)
- **trufflehog**: 41 findings (🟡 41 MEDIUM)
## Remediation Priorities
1. **Fix Image user should not be 'root'** (3 findings) → Review container security best practices
2. **Update vulnerable dependencies** (19 CRITICAL/HIGH CVEs) → Run package updates
## By Category
- 📦 Other: 622 findings (87% of total)
- 🛡️ Vulnerabilities: 49 findings (7% of total)
- 🔑 Secrets: 41 findings (6% of total)
## Top Rules
- SBOM.PACKAGE: 622
- Postgres: 13
- URI: 13
- MongoDB: 8
- GitHubOauth2: 5
- Image user should not be 'root': 3
- No HEALTHCHECK defined: 3
- GCP: 1
- Circle: 1
- CVE-2026-3449: 1