Scan results · 460d0d3
main · 9 high · 47 medium · 60 low
- high Container Running as Root - Missing USER Dockerfile:1
Dockerfile does not specify USER instruction. Container will run as root by default, which increases the attack surface if the container is compromised.
- high Missing Image Version Dockerfile:1
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Missing Image Version Dockerfile:21
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Missing Image Version extension/secureflow/packages/secureflow-cli/Dockerfile:2
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Using Host Network Mode extension/secureflow/packages/secureflow-cli/docker-compose.yml:14
[Service: secureflow-analyzer] Service uses host network mode. Container shares host network stack, bypassing network isolation.
- high Dangerous subprocess Usage python-sdk/codepathfinder/cli/__init__.py:113
subprocess call detected. Ensure arguments are not user-controlled.
- high Dangerous subprocess Usage python-sdk/scripts/generate_sdk_manifest.py:372
subprocess call detected. Ensure arguments are not user-controlled.
- high Dangerous subprocess Usage scripts/gen_go_modules.py:104
subprocess call detected. Ensure arguments are not user-controlled.
- high subprocess with shell=True scripts/gen_go_modules.py:104
subprocess called with shell=True. This is vulnerable to shell injection.
- medium Base Image Uses :latest Tag Dockerfile:1
Base image uses ':latest' tag or no tag (defaults to latest). This makes builds non-reproducible.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.