Scan results · 91c7b3d
PR #693 · shiva/remove-self-scan-workflow → main · 2 critical · 14 high · 59 medium · 82 low
- medium Non-literal import Detected python-sdk/scripts/generate_sdk_manifest.py:279
__import__() or importlib.import_module() with non-literal argument detected.
- medium Insecure urllib Request Object python-sdk/scripts/index_go_from_cdn.py:124
urllib.request.Request() detected. Ensure HTTPS URLs are used.
- medium Insecure urllib.urlopen python-sdk/scripts/index_go_from_cdn.py:127
urllib.request.urlopen() detected. Ensure HTTPS URLs are used.
- medium Insecure urllib Request Object python-sdk/scripts/index_python_from_cdn.py:469
urllib.request.Request() detected. Ensure HTTPS URLs are used.
- medium Insecure urllib.urlopen python-sdk/scripts/index_python_from_cdn.py:472
urllib.request.urlopen() detected. Ensure HTTPS URLs are used.
- medium Base Image Uses :latest Tag sast-engine/Dockerfile:1
Base image uses ':latest' tag or no tag (defaults to latest). This makes builds non-reproducible.
- medium Sudo Usage in Dockerfile sast-engine/Dockerfile:6
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Avoid apt-get upgrade sast-engine/Dockerfile:6
Avoid apt-get upgrade in Dockerfiles. Use specific base image versions instead.
- medium Sudo Usage in Dockerfile sast-engine/Dockerfile:10
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile sast-engine/Dockerfile:13
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.