🛡️ Security Scan Report

{
  "SchemaVersion": 2,
  "CreatedAt": "2026-04-13T07:00:22.798327556Z",
  "ArtifactName": "/src",
  "ArtifactType": "filesystem",
  "Metadata": {
    "ImageConfig": {
      "architecture": "",
      "created": "0001-01-01T00:00:00Z",
      "os": "",
      "rootfs": {
        "type": "",
        "diff_ids": null
      },
      "config": {}
    }
  },
  "Results": [
    {
      "Target": "package-lock.json",
      "Class": "lang-pkgs",
      "Type": "npm",
      "Vulnerabilities": [
        {
          "VulnerabilityID": "CVE-2022-0235",
          "PkgID": "node-fetch@2.1.2",
          "PkgName": "node-fetch",
          "PkgIdentifier": {
            "PURL": "pkg:npm/node-fetch@2.1.2"
          },
          "InstalledVersion": "2.1.2",
          "FixedVersion": "3.1.1, 2.6.7",
          "Status": "fixed",
          "Layer": {},
          "SeveritySource": "ghsa",
          "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0235",
          "DataSource": {
            "ID": "ghsa",
            "Name": "GitHub Security Advisory npm",
            "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Anpm"
          },
          "Title": "node-fetch: exposure of sensitive information to an unauthorized actor",
          "Description": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor",
          "Severity": "HIGH",
          "CweIDs": [
            "CWE-200",
            "CWE-601"
          ],
          "VendorSeverity": {
            "alma": 2,
            "ghsa": 3,
            "nvd": 2,
            "oracle-oval": 2,
            "redhat": 2,
            "rocky": 2,
            "ubuntu": 2
          },
          "CVSS": {
            "ghsa": {
              "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "V3Score": 8.8
            },
            "nvd": {
              "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
              "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "V2Score": 5.8,
              "V3Score": 6.1
            },
            "redhat": {
              "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
              "V3Score": 6.1
            }
          },
          "References": [
            "https://access.redhat.com/errata/RHSA-2023:0050",
            "https://access.redhat.com/security/cve/CVE-2022-0235",
            "https://bugzilla.redhat.com/2044591",
            "https://bugzilla.redhat.com/2066009",
            "https://bugzilla.redhat.com/2134609",
            "https://bugzilla.redhat.com/2140911",
            "https://bugzilla.redhat.com/2150323",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2044591",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2066009",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2134609",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2140911",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2142821",
            "https://bugzilla.redhat.com/show_bug.cgi?id=2150323",
            "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0235",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24999",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3517",
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548",
            "https://errata.almalinux.org/8/ALSA-2023-0050.html",
            "https://errata.rockylinux.org/RLSA-2023:0050",
            "https://github.com/node-fetch/node-fetch",
            "https://github.com/node-fetch/node-fetch/commit/1ef4b560a17e644a02a3bfdea7631ffeee578b35",
            "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10",
            "https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60",
            "https://github.com/node-fetch/node-fetch/pull/1449/commits/5c32f002fdd65b1c6a8f1e3620210813d45c7e60",
            "https://github.com/node-fetch/node-fetch/pull/1453",
            "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7",
            "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
            "https://linux.oracle.com/cve/CVE-2022-0235.html",
            "https://linux.oracle.com/errata/ELSA-2023-0050.html",
            "https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
            "https://ubuntu.com/security/notices/USN-6158-1",
            "https://www.cve.org/CVERecord?id=CVE-2022-0235"
          ],
          "PublishedDate": "2022-01-16T17:15:07.87Z",
          "LastModifiedDate": "2024-11-21T06:38:12.15Z"
        }
      ]
    },
    {
      "Target": "Dockerfile",
      "Class": "config",
      "Type": "dockerfile",
      "MisconfSummary": {
        "Successes": 23,
        "Failures": 1,
        "Exceptions": 0
      },
      "Misconfigurations": [
        {
          "Type": "Dockerfile Security Check",
          "ID": "DS002",
          "AVDID": "AVD-DS-0002",
          "Title": "Image user should not be 'root'",
          "Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
          "Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
          "Namespace": "builtin.dockerfile.DS002",
          "Query": "data.builtin.dockerfile.DS002.deny",
          "Resolution": "Add 'USER <non root user name>' line to the Dockerfile",
          "Severity": "HIGH",
          "PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
          "References": [
            "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
            "https://avd.aquasec.com/misconfig/ds002"
          ],
          "Status": "FAIL",
          "Layer": {},
          "CauseMetadata": {
            "Provider": "Dockerfile",
            "Service": "general",
            "Code": {
              "Lines": null
            }
          }
        }
      ]
    },
    {
      "Target": "security-reports/gitleaks-report.json",
      "Class": "secret",
      "Secrets": [
        {
          "RuleID": "aws-access-key-id",
          "Category": "AWS",
          "Severity": "CRITICAL",
          "Title": "AWS Access Key ID",
          "StartLine": 9,
          "EndLine": 9,
          "Code": {
            "Lines": [
              {
                "Number": 7,
                "Content": "  \"StartColumn\": 18,",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  \"StartColumn\": 18,",
                "FirstCause": false,
                "LastCause": false
              },
              {
                "Number": 8,
                "Content": "  \"EndColumn\": 37,",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  \"EndColumn\": 37,",
                "FirstCause": false,
                "LastCause": false
              },
              {
                "Number": 9,
                "Content": "  \"Match\": \"********************\",",
                "IsCause": true,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  \"Match\": \"********************\",",
                "FirstCause": true,
                "LastCause": true
              },
              {
                "Number": 10,
                "Content": "  \"Secret\": \"********************\",",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  \"Secret\": \"********************\",",
                "FirstCause": false,
                "LastCause": false
              }
            ]
          },
          "Match": "  \"Match\": \"********************\",",
          "Layer": {}
        },
        {
          "RuleID": "aws-access-key-id",
          "Category": "AWS",
          "Severity": "CRITICAL",
          "Title": "AWS Access Key ID",
          "StartLine": 10,
          "EndLine": 10,
          "Code": {
            "Lines": [
              {
                "Number": 8,
                "Content": "  \"EndColumn\": 37,",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  \"EndColumn\": 37,",
                "FirstCause": false,
                "LastCause": false
              },
              {
                "Number": 9,
                "Content": "  \"Match\": \"********************\",",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  \"Match\": \"********************\",",
                "FirstCause": false,
                "LastCause": false
              },
              {
                "Number": 10,
                "Content": "  \"Secret\": \"********************\",",
                "IsCause": true,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  \"Secret\": \"********************\",",
                "FirstCause": true,
                "LastCause": true
              },
              {
                "Number": 11,
                "Content": "  \"File\": \"/path/src/services/AwsService.ts\",",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  \"File\": \"/path/src/services/AwsService.ts\",",
                "FirstCause": false,
                "LastCause": false
              }
            ]
          },
          "Match": "  \"Secret\": \"********************\",",
          "Layer": {}
        }
      ]
    },
    {
      "Target": "src/services/AwsService.ts",
      "Class": "secret",
      "Secrets": [
        {
          "RuleID": "aws-access-key-id",
          "Category": "AWS",
          "Severity": "CRITICAL",
          "Title": "AWS Access Key ID",
          "StartLine": 6,
          "EndLine": 6,
          "Code": {
            "Lines": [
              {
                "Number": 4,
                "Content": "  region: \"ap-south-1\",",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  region: \"ap-south-1\",",
                "FirstCause": false,
                "LastCause": false
              },
              {
                "Number": 5,
                "Content": "  //TODO: Get temporary keys from backend later",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  //TODO: Get temporary keys from backend later",
                "FirstCause": false,
                "LastCause": false
              },
              {
                "Number": 6,
                "Content": "  accessKeyId: \"********************\",",
                "IsCause": true,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  accessKeyId: \"********************\",",
                "FirstCause": true,
                "LastCause": true
              },
              {
                "Number": 7,
                "Content": "  secretAccessKey: \"ittuCqGtjvQx4wFmFFEjVT/9A6YGxzLxX5p4qqZg\",",
                "IsCause": false,
                "Annotation": "",
                "Truncated": false,
                "Highlighted": "  secretAccessKey: \"ittuCqGtjvQx4wFmFFEjVT/9A6YGxzLxX5p4qqZg\",",
                "FirstCause": false,
                "LastCause": false
              }
            ]
          },
          "Match": "  accessKeyId: \"********************\",",
          "Layer": {}
        }
      ]
    }
  ]
}