devguard-web

638-appbar-make-text-white

fix-no-name-badge-crash

fix/risks-search

fix-org-slug

708-if-you-create-a-token-then-the-done-button-just-vanishes-which-creates-a-dead-end

remove-unused-files

main

660-license-combobox-overwrite

add-mechanical-justification

702-change-button-text-to-black

636-add-cyclonedx-logo-to-the-options

485-onboarding-done-button-doesnt-do-anything

async-button

634--button-to-delete-an-organization

738-no-Toast-when-git-token-is-unavailable

compliance-risks

485-onboarding-done-button-doesn't-do-anything

improved-onboarding

Add-to-the-instructions-for-GitLab-that-you-have-to-be-a-maintainer-to-configure-variables

fix/false-positve-first-party-vulns

feature/genrate-pdfs

fix-severity-grades-dashboard-filter

chore/improve-onboarding-steps

tos-agreement-in-user-settings

undefined-organizationSlug-in-EntityProviderImage

735-after-searching-for-a-CVE-the-search-bar-is-not-shown-anymore

add-information-to-activity-stream

567-Display-the-password-policy-on-the-registration-page2

fix-manual-sarif-upload

0.11.1 656-improve-action-in-risk-handling

598-concept-for-registration-workflow

fix/issue-810

649-onboarding-workflow-fix-slider-animation

fix-vulns-error-handling

639-deleting-a-project-results-in-404

feature/sbom-report

467-only-display-licenses-with-more-that-0%-of-the-packages

add-sca-and-container-scanning-to-integrationsnippet

777-error-message-that-an-account-with-the-e-mail-address-already-exists2

658-Inconsistent-naming-sometimes-asset-sometimes-repository

If-no-compliance-rules-are-activated,-there-should-be-a-gray-state

add-secrets-option-to-asset

700-search-looses-focus-after-typing-the-first-character

repository-search-is-not-working-anymore

update-deps

578-sbom-upload-button-is-finder-if-not-nothing-is-selected-yet

chore/improve-login-registration

feautre/jira-integration

login-torus

fix-settings-crash-when-refreshing

813-exporting-sboms-does-not-work

fix/badgiApiUrl

onboarding

545-Scanner-badge-should-not-break-lines-but-include-hoverable-tooltip-about-fullname

license-combobox-overwrite

567-Display-the-password-policy-on-the-registration-page

prism-login

708---if-you-create-a-token-then-the-done-button-just-vanishes-which-creates-a-dead-end

pdf-download

190-dependency-table-dialog-with-graph

rerender-badge-when-new-license-is-selected

project-member-edit-should-be-more-logical

fix-wrong-github-actions-secret-scanning-yaml

654-two-scores-cognitive-dissonance

777-error-message-that-an-account-with-the-e-mail-address-already-exists

492-add-make-visible-button-to-password-inputs

User-Settings-home-button-leads-to-undefined

455-in-app-footer-should-be-displayed-always-on-bottom-of-screen

update-badge-api

634-button-to-delete-an-organization

599-zoom-image-when-clicking-on-it

644-add-sarif-logo-to-onboarding-flow-and-remove-report

fix/EntityProviderLinkBanner

fix/gitlab-pipeline

add-InputWithButton-component

594-reveal-button-is-bugged-if-the-user-is-using-pwned-password-2

feature/sast

0.11.0 fix/org-creation-error

fix-active-org-error

improve-organization-dropdown-component

472-Wrong-color-for-checkmark-should-be-black-like-fixed-state

531-make-images-clickable-to-increase-size

577-add-fingerprint-icon-to-visualise-difference-in-Sign-in-With-Passkey

login-screen

594-reveal-button-is-bugged-if-the-user-is-using-pwned-password

deleting-a-project-results-in-404

759-Add-Icons-to-Ory-Buttons

756-threejs-devguard-badge-is-blocking-onboarding-flow

Devguard-Pipeline

Badge API Documentation

Badge API

Badge API Programm ZenDiS

quay.io/jetstack/cert-manager-acmesolver

ghcr.io/l3montree-dev/devguard-operator

ghcr.io/l3montree-dev/devguard-postgresql

ghcr.io/l3montree-dev/devguard

docker.io/oryd/kratos

Devguard Postgresql

DevGuard Operator

 Devguard-Pipeline

devguard-documentation

devguard-scanner

devguard

devguard-action

Devguard

Robot User

Badge-API

Lars Hermges

Patrick Rissmann

Sebastian Kawelke

Tim Bastin

David Luhmer

Refaei Shikho

Frédéric Noppe

L3montree Cybersecurity

This is a scan for Devguard CI/CD components in a GitLab project, aimed at testing whether these components function correctly.

The documentation for the DevGuard Project

The scanner component of the devguard project

Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project

Ensure that HEALTHCHECK instructions have been added to container images

Ensure top-level permissions are not set to write-all

Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

RegExp() called with a `$ARG` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.

Filename	Message	Scanner
Dockerfile	Ensure that HEALTHCHECK instructions have been added to container images	iac
leaks-baseline.json	Base64 High Entropy String	iac
leaks-baseline.json	Base64 High Entropy String	iac
.github/workflows/devguard-scanner.yaml	Ensure top-level permissions are not set to write-all	iac
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit bfebd20d65fae35103346f93b78e273bbc8d290e.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit bfebd20d65fae35103346f93b78e273bbc8d290e.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit bfebd20d65fae35103346f93b78e273bbc8d290e.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit 0b6d3d075c8002f30f62e2d1b020df40d26fd26d.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit 0b6d3d075c8002f30f62e2d1b020df40d26fd26d.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit 0b6d3d075c8002f30f62e2d1b020df40d26fd26d.	secret-scanning
README.md	generic-api-key has detected secret for file README.md at commit 31d68f10860c6023c74a8abed76a0ee777e33293.	secret-scanning
README.md	generic-api-key has detected secret for file README.md at commit 31d68f10860c6023c74a8abed76a0ee777e33293.	secret-scanning
README.md	generic-api-key has detected secret for file README.md at commit 9ad5299c96380a18e52dd8d8f08f4b1d890b7258.	secret-scanning
/github/workspace/src/components/common/CopyCode.tsx	RegExp() called with a `props` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.	sast

/Devguard
Project
/devguard-web
Repository

Identified Risks