Scan results · 490d33f
PR #693 · shiva/remove-self-scan-workflow → main · 2 critical · 14 high · 59 medium · 82 low
- high Dangerous Capability Added sast-engine/docker-compose.yml:11
[Service: web] Service adds dangerous capability. These capabilities can be used for container escape or privilege escalation.
- high Seccomp Confinement Disabled sast-engine/docker-compose.yml:14
[Service: web] Service disables seccomp profile. Container can use all system calls, increasing attack surface.
- high Dangerous subprocess Usage scripts/gen_go_modules.py:104
subprocess call detected. Ensure arguments are not user-controlled.
- high subprocess with shell=True scripts/gen_go_modules.py:104
subprocess called with shell=True. This is vulnerable to shell injection.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.