Scan results · 1faca6c
main · 2 critical · 14 high · 59 medium · 82 low
- critical Service Running in Privileged Mode sast-engine/docker-compose.yml:6
[Service: web] Service is running in privileged mode. This grants container equivalent of root capabilities on the host machine. Can lead to container escapes and privilege escalation.
- critical Docker Socket Exposed to Container sast-engine/docker-compose.yml:17
[Service: web] Service mounts Docker socket. The owner of this socket is root. Giving container access to it is equivalent to giving unrestricted root access to host.
- high Container Running as Root - Missing USER Dockerfile:1
Dockerfile does not specify USER instruction. Container will run as root by default, which increases the attack surface if the container is compromised.
- high Missing Image Version Dockerfile:1
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Missing Image Version Dockerfile:21
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Missing Image Version extension/secureflow/packages/secureflow-cli/Dockerfile:2
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Using Host Network Mode extension/secureflow/packages/secureflow-cli/docker-compose.yml:14
[Service: secureflow-analyzer] Service uses host network mode. Container shares host network stack, bypassing network isolation.
- high Dangerous subprocess Usage python-sdk/codepathfinder/cli/__init__.py:113
subprocess call detected. Ensure arguments are not user-controlled.
- high Dangerous subprocess Usage python-sdk/scripts/generate_sdk_manifest.py:372
subprocess call detected. Ensure arguments are not user-controlled.
- high Missing Image Version sast-engine/Dockerfile:1
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.