devguard-web

chore/improve-login-registration

add-mechanical-justification

738-no-Toast-when-git-token-is-unavailable

add-secrets-option-to-asset

login-torus

fix-no-name-badge-crash

fix/false-positve-first-party-vulns

492-add-make-visible-button-to-password-inputs

708---if-you-create-a-token-then-the-done-button-just-vanishes-which-creates-a-dead-end

708-if-you-create-a-token-then-the-done-button-just-vanishes-which-creates-a-dead-end

577-add-fingerprint-icon-to-visualise-difference-in-Sign-in-With-Passkey

578-sbom-upload-button-is-finder-if-not-nothing-is-selected-yet

fix/org-creation-error

improved-onboarding

594-reveal-button-is-bugged-if-the-user-is-using-pwned-password-2

660-license-combobox-overwrite

598-concept-for-registration-workflow

634--button-to-delete-an-organization

fix-manual-sarif-upload

onboarding

658-Inconsistent-naming-sometimes-asset-sometimes-repository

485-onboarding-done-button-doesnt-do-anything

fix/gitlab-pipeline

fix-wrong-github-actions-secret-scanning-yaml

190-dependency-table-dialog-with-graph

feature/sast

634-button-to-delete-an-organization

467-only-display-licenses-with-more-that-0%-of-the-packages

remove-unused-files

638-appbar-make-text-white

rerender-badge-when-new-license-is-selected

702-change-button-text-to-black

add-sca-and-container-scanning-to-integrationsnippet

639-deleting-a-project-results-in-404

0.11.1 735-after-searching-for-a-CVE-the-search-bar-is-not-shown-anymore

fix-org-slug

main

fix/badgiApiUrl

chore/improve-onboarding-steps

0.11.0 531-make-images-clickable-to-increase-size

599-zoom-image-when-clicking-on-it

async-button

485-onboarding-done-button-doesn't-do-anything

fix-vulns-error-handling

repository-search-is-not-working-anymore

700-search-looses-focus-after-typing-the-first-character

update-deps

455-in-app-footer-should-be-displayed-always-on-bottom-of-screen

compliance-risks

644-add-sarif-logo-to-onboarding-flow-and-remove-report

649-onboarding-workflow-fix-slider-animation

login-screen

594-reveal-button-is-bugged-if-the-user-is-using-pwned-password

license-combobox-overwrite

prism-login

deleting-a-project-results-in-404

undefined-organizationSlug-in-EntityProviderImage

add-InputWithButton-component

fix-active-org-error

improve-organization-dropdown-component

636-add-cyclonedx-logo-to-the-options

545-Scanner-badge-should-not-break-lines-but-include-hoverable-tooltip-about-fullname

update-badge-api

756-threejs-devguard-badge-is-blocking-onboarding-flow

759-Add-Icons-to-Ory-Buttons

Devguard-Pipeline

Badge API Documentation

Badge API

Badge API Programm ZenDiS

quay.io/jetstack/cert-manager-acmesolver

ghcr.io/l3montree-dev/devguard-operator

ghcr.io/l3montree-dev/devguard-postgresql

ghcr.io/l3montree-dev/devguard

docker.io/oryd/kratos

devguard-action

Devguard Postgresql

DevGuard Operator

devguard-scanner

 Devguard-Pipeline

devguard-documentation

devguard

Devguard

Robot User

Badge-API

Lars Hermges

Patrick Rissmann

Sebastian Kawelke

Tim Bastin

Refaei Shikho

Frédéric Noppe

refoo0

timbastin

seb-kw

devguard-bot-dev[bot]

L3montree Cybersecurity

The scanner component of the devguard project

This is a scan for Devguard CI/CD components in a GitLab project, aimed at testing whether these components function correctly.

The documentation for the DevGuard Project

Manage your CVEs seamlessly, Integrate your Vulnerability Scanners, Documentation made easy, Compliance to security Frameworks - OWASP Incubating Project

Ensure that HEALTHCHECK instructions have been added to container images

Ensure top-level permissions are not set to write-all

Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

RegExp() called with a `$ARG` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.

Filename	Message	Scanner
Dockerfile	Ensure that HEALTHCHECK instructions have been added to container images	iac
leaks-baseline.json	Base64 High Entropy String	iac
leaks-baseline.json	Base64 High Entropy String	iac
.github/workflows/devguard-scanner.yaml	Ensure top-level permissions are not set to write-all	iac
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit bfebd20d65fae35103346f93b78e273bbc8d290e.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit bfebd20d65fae35103346f93b78e273bbc8d290e.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit bfebd20d65fae35103346f93b78e273bbc8d290e.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit 0b6d3d075c8002f30f62e2d1b020df40d26fd26d.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit 0b6d3d075c8002f30f62e2d1b020df40d26fd26d.	secret-scanning
leaks-baseline.json	generic-api-key has detected secret for file leaks-baseline.json at commit 0b6d3d075c8002f30f62e2d1b020df40d26fd26d.	secret-scanning
README.md	generic-api-key has detected secret for file README.md at commit 31d68f10860c6023c74a8abed76a0ee777e33293.	secret-scanning
README.md	generic-api-key has detected secret for file README.md at commit 31d68f10860c6023c74a8abed76a0ee777e33293.	secret-scanning
README.md	generic-api-key has detected secret for file README.md at commit 9ad5299c96380a18e52dd8d8f08f4b1d890b7258.	secret-scanning
/github/workspace/src/components/common/CopyCode.tsx	RegExp() called with a `props` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.	sast

/Devguard
Project
/devguard-web
Repository

Identified Risks