Identified Risks

This table shows all the identified risks for this repository.

Filename
Message
Scanner
.github/workflows/dependency-risk-identification.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/code-risk-identification.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/software-composition-analysis.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/sast.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/secret-scanning.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/container-scanning.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/deploy.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/build-image.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/iac.yml
Ensure top-level permissions are not set to write-all
iac
.github/workflows/sign.yml
Ensure top-level permissions are not set to write-all
iac
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
leaks-baseline.json
generic-api-key has detected secret for file leaks-baseline.json at commit 59b5719ab78ed94ce540b6445e54c2644b447832.
secret-scanning
Dockerfile
Ensure that a user for the container has been created
iac
Dockerfile
Ensure that HEALTHCHECK instructions have been added to container images
iac
/github/workspace/Dockerfile
By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.
sast

Showing 1 of 1 pages (22 items)

Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version a7be6952dd19838f7e058ca965c211ef83464a74