Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| ✅ No vulnerabilities found | |||||
| Type | File | Line | Match |
|---|---|---|---|
| GitHub | security-reports/gitleaks-report.json | 93 | "Match": "**************************************... |
| GitHub | security-reports/gitleaks-report.json | 94 | "Secret": "*************************************... |
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS-0002 | Image user should not be 'root' | Dockerfile | Specify at least 1 USER command in Dockerfile with non-root user as argument |
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019c9359-ab9a-7d70-948c-cddc1e739c68",
"CreatedAt": "2026-02-25T05:50:53.338882381Z",
"ArtifactID": "sha256:9710d04481739c79d0d8b0de662f2f63249dc55c07abc8d4f137d9f4bf460895",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-vip-labelling-tool.git",
"Branch": "merge-v1",
"Commit": "aaa80059f2cd781949344c72f524f9ed503dbf3b",
"CommitMsg": "api_key_handelling",
"Author": "eizen-prasad <prasad.ayithireddi@eizen.ai>",
"Committer": "eizen-prasad <prasad.ayithireddi@eizen.ai>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "boto3",
"Identifier": {
"PURL": "pkg:pypi/boto3@1.42.48",
"UID": "bbd2a2f959c1f564"
},
"Version": "1.42.48",
"Locations": [
{
"StartLine": 14,
"EndLine": 14
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.129.0",
"UID": "30eb6e4ee9dac2c1"
},
"Version": "0.129.0",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "httpx",
"Identifier": {
"PURL": "pkg:pypi/httpx@0.28.1",
"UID": "d9e209a6c6536fbb"
},
"Version": "0.28.1",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "label-studio-sdk",
"Identifier": {
"PURL": "pkg:pypi/label-studio-sdk@2.0.17",
"UID": "38999f36733efe3a"
},
"Version": "2.0.17",
"Locations": [
{
"StartLine": 20,
"EndLine": 20
}
],
"AnalyzedBy": "pip"
},
{
"Name": "numpy",
"Identifier": {
"PURL": "pkg:pypi/numpy@2.4.2",
"UID": "698b33882799b584"
},
"Version": "2.4.2",
"Locations": [
{
"StartLine": 28,
"EndLine": 28
}
],
"AnalyzedBy": "pip"
},
{
"Name": "opencv-python-headless",
"Identifier": {
"PURL": "pkg:pypi/opencv-python-headless@4.13.0.92",
"UID": "bf9bfad75b1afb27"
},
"Version": "4.13.0.92",
"Locations": [
{
"StartLine": 23,
"EndLine": 23
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pillow",
"Identifier": {
"PURL": "pkg:pypi/pillow@12.1.1",
"UID": "71642522ee6b43a1"
},
"Version": "12.1.1",
"Locations": [
{
"StartLine": 24,
"EndLine": 24
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.16.0",
"UID": "35456bcbd28e87a2"
},
"Version": "4.16.0",
"Locations": [
{
"StartLine": 17,
"EndLine": 17
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.2.1",
"UID": "e889fb1d06d5838d"
},
"Version": "1.2.1",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "d8a5b80df8d5f06c"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "tqdm",
"Identifier": {
"PURL": "pkg:pypi/tqdm@4.67.3",
"UID": "7e176976377d79f1"
},
"Version": "4.67.3",
"Locations": [
{
"StartLine": 27,
"EndLine": 27
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.40.0",
"UID": "fade4ca2f21f9b21"
},
"Version": "0.40.0",
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
],
"AnalyzedBy": "pip"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 23,
"Failures": 1
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER <non root user name>' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds-0002"
],
"Status": "FAIL",
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general"
}
}
]
},
{
"Target": "security-reports/gitleaks-report.json",
"Class": "secret",
"Secrets": [
{
"RuleID": "github-pat",
"Category": "GitHub",
"Severity": "CRITICAL",
"Title": "GitHub Personal Access Token",
"StartLine": 93,
"EndLine": 93,
"Code": {
"Lines": [
{
"Number": 91,
"Content": " \"StartColumn\": 32,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 32,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 92,
"Content": " \"EndColumn\": 71,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 71,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 93,
"Content": " \"Match\": \"****************************************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"****************************************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 94,
"Content": " \"Secret\": \"****************************************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"****************************************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"****************************************\",",
"Offset": 3867
},
{
"RuleID": "github-pat",
"Category": "GitHub",
"Severity": "CRITICAL",
"Title": "GitHub Personal Access Token",
"StartLine": 94,
"EndLine": 94,
"Code": {
"Lines": [
{
"Number": 92,
"Content": " \"EndColumn\": 71,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 71,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 93,
"Content": " \"Match\": \"****************************************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"****************************************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 94,
"Content": " \"Secret\": \"****************************************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"****************************************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 95,
"Content": " \"File\": \".gitmodules\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \".gitmodules\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"****************************************\",",
"Offset": 3923
}
]
}
]
}