Scan results · 91c7b3d

PR #693 · shiva/remove-self-scan-workflow → main · 2 critical · 14 high · 59 medium · 82 low

low Missing yum clean all sast-engine/Dockerfile:16
RUN instruction uses 'yum install' without 'yum clean all'. This leaves package cache and increases image size.
low Nonsensical Command sast-engine/Dockerfile:16
RUN command uses 'cd' which doesn't persist. Use WORKDIR instead.
low Use WORKDIR Instead of cd sast-engine/Dockerfile:16
Use WORKDIR instruction instead of 'cd' in RUN commands.
low Prefer JSON Notation for CMD/ENTRYPOINT sast-engine/Dockerfile:23
Use JSON notation (exec form) for CMD/ENTRYPOINT for proper signal handling.
low Container Filesystem is Writable sast-engine/docker-compose.yml:5
[Service: web] Service has writable root filesystem. Consider making it read-only for better security.
low Container Filesystem is Writable sast-engine/docker-compose.yml:20
[Service: app] Service has writable root filesystem. Consider making it read-only for better security.
low Regex DoS Risk scripts/migrate-rules-to-yaml.py:43
re.compile/match/search detected. Audit regex patterns for catastrophic backtracking.
low Regex DoS Risk scripts/migrate-rules-to-yaml.py:49
re.compile/match/search detected. Audit regex patterns for catastrophic backtracking.
low Regex DoS Risk scripts/migrate-rules-to-yaml.py:131
re.compile/match/search detected. Audit regex patterns for catastrophic backtracking.
low Regex DoS Risk scripts/migrate-rules-to-yaml.py:146
re.compile/match/search detected. Audit regex patterns for catastrophic backtracking.

Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.