Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| ✅ No vulnerabilities found | |||||
| Type | File | Line | Match |
|---|---|---|---|
| ✅ No secrets found | |||
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS-0002 | Image user should not be 'root' | Dockerfile | Specify at least 1 USER command in Dockerfile with non-root user as argument |
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019cc2ce-6a51-7d60-96bd-3e988830fb05",
"CreatedAt": "2026-03-06T11:00:33.489877576Z",
"ArtifactID": "sha256:6a84eede8248035ff63bf4f13def0523e1e953a64811bcde70a5fd036cccfd55",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-chat-utils.git",
"Branch": "develop",
"Commit": "1fff49b2c04e20ca308d2edb1076a2e26449563b",
"CommitMsg": "Pin all dependency versions and add .dockerignore",
"Author": "eizen-surya <suryavignesh.kapuganti@eizen.ai>",
"Committer": "eizen-surya <suryavignesh.kapuganti@eizen.ai>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "PyYAML",
"Identifier": {
"PURL": "pkg:pypi/pyyaml@6.0.2",
"UID": "4b333f9a8ab063fc"
},
"Version": "6.0.2",
"Locations": [
{
"StartLine": 45,
"EndLine": 45
}
],
"AnalyzedBy": "pip"
},
{
"Name": "aiofiles",
"Identifier": {
"PURL": "pkg:pypi/aiofiles@24.1.0",
"UID": "a581509769cf1804"
},
"Version": "24.1.0",
"Locations": [
{
"StartLine": 51,
"EndLine": 51
}
],
"AnalyzedBy": "pip"
},
{
"Name": "aiohttp",
"Identifier": {
"PURL": "pkg:pypi/aiohttp@3.13.3",
"UID": "c897cc23b8a550c5"
},
"Version": "3.13.3",
"Locations": [
{
"StartLine": 20,
"EndLine": 20
}
],
"AnalyzedBy": "pip"
},
{
"Name": "boto3",
"Identifier": {
"PURL": "pkg:pypi/boto3@1.42.58",
"UID": "4404aade9b7aabd8"
},
"Version": "1.42.58",
"Locations": [
{
"StartLine": 41,
"EndLine": 41
}
],
"AnalyzedBy": "pip"
},
{
"Name": "faiss-cpu",
"Identifier": {
"PURL": "pkg:pypi/faiss-cpu@1.11.0",
"UID": "15d12c090ce8d099"
},
"Version": "1.11.0",
"Locations": [
{
"StartLine": 27,
"EndLine": 27
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.115.12",
"UID": "16fdc410189af07f"
},
"Version": "0.115.12",
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
],
"AnalyzedBy": "pip"
},
{
"Name": "google-generativeai",
"Identifier": {
"PURL": "pkg:pypi/google-generativeai@0.8.5",
"UID": "9fbcdddd1a77e704"
},
"Version": "0.8.5",
"Locations": [
{
"StartLine": 17,
"EndLine": 17
}
],
"AnalyzedBy": "pip"
},
{
"Name": "langchain",
"Identifier": {
"PURL": "pkg:pypi/langchain@0.3.27",
"UID": "1c57b69e0e20b2f5"
},
"Version": "0.3.27",
"Locations": [
{
"StartLine": 31,
"EndLine": 31
}
],
"AnalyzedBy": "pip"
},
{
"Name": "langchain-community",
"Identifier": {
"PURL": "pkg:pypi/langchain-community@0.3.27",
"UID": "f6fd75b410504efa"
},
"Version": "0.3.27",
"Locations": [
{
"StartLine": 32,
"EndLine": 32
}
],
"AnalyzedBy": "pip"
},
{
"Name": "langchain-huggingface",
"Identifier": {
"PURL": "pkg:pypi/langchain-huggingface@0.1.2",
"UID": "c27c832d57229981"
},
"Version": "0.1.2",
"Locations": [
{
"StartLine": 33,
"EndLine": 33
}
],
"AnalyzedBy": "pip"
},
{
"Name": "loguru",
"Identifier": {
"PURL": "pkg:pypi/loguru@0.7.3",
"UID": "b2eefc694b44628c"
},
"Version": "0.7.3",
"Locations": [
{
"StartLine": 48,
"EndLine": 48
}
],
"AnalyzedBy": "pip"
},
{
"Name": "motor",
"Identifier": {
"PURL": "pkg:pypi/motor@3.7.0",
"UID": "38433cbe50111424"
},
"Version": "3.7.0",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
},
{
"Name": "mysql-connector-python",
"Identifier": {
"PURL": "pkg:pypi/mysql-connector-python@9.6.0",
"UID": "89b0fc05cf2ac053"
},
"Version": "9.6.0",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "openai",
"Identifier": {
"PURL": "pkg:pypi/openai@1.78.1",
"UID": "a932942d2fe94038"
},
"Version": "1.78.1",
"Locations": [
{
"StartLine": 14,
"EndLine": 14
}
],
"AnalyzedBy": "pip"
},
{
"Name": "openpyxl",
"Identifier": {
"PURL": "pkg:pypi/openpyxl@3.1.5",
"UID": "57d649c13de0e46"
},
"Version": "3.1.5",
"Locations": [
{
"StartLine": 37,
"EndLine": 37
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pandas",
"Identifier": {
"PURL": "pkg:pypi/pandas@2.2.3",
"UID": "702dc7c7adb4a245"
},
"Version": "2.2.3",
"Locations": [
{
"StartLine": 36,
"EndLine": 36
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pydantic_settings",
"Identifier": {
"PURL": "pkg:pypi/pydantic-settings@2.9.1",
"UID": "c451908bba6f5661"
},
"Version": "2.9.1",
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.12.1",
"UID": "eacb90c27184de33"
},
"Version": "4.12.1",
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.1.0",
"UID": "cf6be394276fc354"
},
"Version": "1.1.0",
"Locations": [
{
"StartLine": 44,
"EndLine": 44
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.4",
"UID": "b3372671b2830076"
},
"Version": "2.32.4",
"Locations": [
{
"StartLine": 21,
"EndLine": 21
}
],
"AnalyzedBy": "pip"
},
{
"Name": "schedule",
"Identifier": {
"PURL": "pkg:pypi/schedule@1.2.2",
"UID": "64decdb85b4871dc"
},
"Version": "1.2.2",
"Locations": [
{
"StartLine": 54,
"EndLine": 54
}
],
"AnalyzedBy": "pip"
},
{
"Name": "sentence-transformers",
"Identifier": {
"PURL": "pkg:pypi/sentence-transformers@5.2.3",
"UID": "d78e8bb203c12324"
},
"Version": "5.2.3",
"Locations": [
{
"StartLine": 28,
"EndLine": 28
}
],
"AnalyzedBy": "pip"
},
{
"Name": "slowapi",
"Identifier": {
"PURL": "pkg:pypi/slowapi@0.1.9",
"UID": "5a2f7c075ad4b65e"
},
"Version": "0.1.9",
"Locations": [
{
"StartLine": 24,
"EndLine": 24
}
],
"AnalyzedBy": "pip"
},
{
"Name": "sqlparse",
"Identifier": {
"PURL": "pkg:pypi/sqlparse@0.5.4",
"UID": "42d911b47cea17d4"
},
"Version": "0.5.4",
"Locations": [
{
"StartLine": 38,
"EndLine": 38
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.34.2",
"UID": "da055853b8653da6"
},
"Version": "0.34.2",
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
],
"AnalyzedBy": "pip"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 23,
"Failures": 1
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER <non root user name>' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds-0002"
],
"Status": "FAIL",
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general"
}
}
]
}
]
}