Scan results · 7a21c89
main · 9 high · 47 medium · 60 low
- medium Multiple CMD Instructions extension/secureflow/packages/secureflow-cli/Dockerfile:59
Multiple CMD instructions detected. Only the last one takes effect.
- medium Non-literal import Detected python-sdk/scripts/generate_sdk_manifest.py:151
__import__() or importlib.import_module() with non-literal argument detected.
- medium Non-literal import Detected python-sdk/scripts/generate_sdk_manifest.py:174
__import__() or importlib.import_module() with non-literal argument detected.
- medium Non-literal import Detected python-sdk/scripts/generate_sdk_manifest.py:279
__import__() or importlib.import_module() with non-literal argument detected.
- medium Insecure urllib Request Object python-sdk/scripts/index_go_from_cdn.py:124
urllib.request.Request() detected. Ensure HTTPS URLs are used.
- medium Insecure urllib.urlopen python-sdk/scripts/index_go_from_cdn.py:127
urllib.request.urlopen() detected. Ensure HTTPS URLs are used.
- medium Insecure urllib Request Object python-sdk/scripts/index_python_from_cdn.py:469
urllib.request.Request() detected. Ensure HTTPS URLs are used.
- medium Insecure urllib.urlopen python-sdk/scripts/index_python_from_cdn.py:472
urllib.request.urlopen() detected. Ensure HTTPS URLs are used.
- medium Non-literal import Detected sast-engine/tools/generate_stdlib_registry.py:567
__import__() or importlib.import_module() with non-literal argument detected.
- medium Logger Credential Leak Risk sast-engine/tools/typeshed-converter/convert.py:333
Logging call detected. Audit log statements for credential/secret leakage.
Get this for your repo.
Pathfinder runs the same scan on your own repos free. Connect via GitHub in 30 seconds.