Scan results · 00a5753
main · 2 critical · 14 high · 59 medium · 82 low
- high Container Running as Root - Missing USER Dockerfile:1
Dockerfile does not specify USER instruction. Container will run as root by default, which increases the attack surface if the container is compromised.
- high Missing Image Version Dockerfile:1
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Missing Image Version Dockerfile:21
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Missing Image Version extension/secureflow/packages/secureflow-cli/Dockerfile:2
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Using Host Network Mode extension/secureflow/packages/secureflow-cli/docker-compose.yml:14
[Service: secureflow-analyzer] Service uses host network mode. Container shares host network stack, bypassing network isolation.
- high Dangerous subprocess Usage python-sdk/codepathfinder/cli/__init__.py:113
subprocess call detected. Ensure arguments are not user-controlled.
- high Dangerous subprocess Usage python-sdk/scripts/generate_sdk_manifest.py:372
subprocess call detected. Ensure arguments are not user-controlled.
- high Missing Image Version sast-engine/Dockerfile:1
FROM instruction uses 'latest' tag or no tag. Specify explicit versions for reproducible builds.
- high Using Host Network Mode sast-engine/docker-compose.yml:7
[Service: web] Service uses host network mode. Container shares host network stack, bypassing network isolation.
- high Using Host PID Mode sast-engine/docker-compose.yml:8
[Service: web] Service uses host PID namespace. Container can see and potentially signal host processes.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.