Scan results · a7e137f
main · 2 critical · 14 high · 59 medium · 82 low
- medium Sudo Usage in Dockerfile Dockerfile.mcp:30
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile Dockerfile.mcp:33
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Multiple ENTRYPOINT Instructions Dockerfile.mcp:49
Dockerfile has multiple ENTRYPOINT instructions. Only the last one takes effect, making earlier ones misleading.
- medium Sudo Usage in Dockerfile extension/secureflow/packages/secureflow-cli/Dockerfile:5
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile extension/secureflow/packages/secureflow-cli/Dockerfile:16
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile extension/secureflow/packages/secureflow-cli/Dockerfile:35
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Sudo Usage in Dockerfile extension/secureflow/packages/secureflow-cli/Dockerfile:40
Dockerfile uses 'sudo' in RUN instructions. This is unnecessary during build (already root) and increases security risk if sudo remains in the final image. Use USER instruction for privilege changes instead.
- medium Multiple CMD Instructions extension/secureflow/packages/secureflow-cli/Dockerfile:59
Multiple CMD instructions detected. Only the last one takes effect.
- medium Non-literal import Detected python-sdk/scripts/generate_sdk_manifest.py:151
__import__() or importlib.import_module() with non-literal argument detected.
- medium Non-literal import Detected python-sdk/scripts/generate_sdk_manifest.py:174
__import__() or importlib.import_module() with non-literal argument detected.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.