Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| ✅ No vulnerabilities found | |||||
| Type | File | Line | Match |
|---|---|---|---|
| AWS | security-reports/gitleaks-report.json | 72 | "Match": "********************",... |
| AWS | security-reports/gitleaks-report.json | 73 | "Secret": "********************",... |
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS-0002 | Image user should not be 'root' | Dockerfile | Specify at least 1 USER command in Dockerfile with non-root user as argument |
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019c9db8-d68c-75d3-8010-f57d9b71b570",
"CreatedAt": "2026-02-27T06:11:02.412384114Z",
"ArtifactID": "sha256:607fc6be135b7855729d55695ebcf489fef295b54e996feb63026d0e0d242828",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-vip-gateway-api.git",
"Branch": "refactor/vulnerabilities-fixes",
"Commit": "ccb92844e051a7c47b8a2217f57843887f59106a",
"CommitMsg": "Fix: resolve SonarQube issues and pin all dependency versions\n\n- Remove async from require_api_key (no await used), change return to None\n- Extract UTC_OFFSET constant to constants.py, replace duplicated \"+00:00\" literals\n- Replace unused variables (modified, upserted_id) with _ in model_router\n- Pin all requirement versions (loguru, python-multipart, PyJWT, requests, pydantic)",
"Author": "Pattabhi Rama D <pattabhiramad@Pattabhis-MacBook-Pro-2.local>",
"Committer": "Pattabhi Rama D <pattabhiramad@Pattabhis-MacBook-Pro-2.local>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "PyJWT",
"Identifier": {
"PURL": "pkg:pypi/pyjwt@2.11.0",
"UID": "9cab1d450e4e17d6"
},
"Version": "2.11.0",
"Locations": [
{
"StartLine": 9,
"EndLine": 9
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.115.12",
"UID": "fae61dc75ad679ee"
},
"Version": "0.115.12",
"Locations": [
{
"StartLine": 1,
"EndLine": 1
}
],
"AnalyzedBy": "pip"
},
{
"Name": "httpx",
"Identifier": {
"PURL": "pkg:pypi/httpx@0.28.1",
"UID": "7c72b0e3e43e445"
},
"Version": "0.28.1",
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
],
"AnalyzedBy": "pip"
},
{
"Name": "kafka-python-ng",
"Identifier": {
"PURL": "pkg:pypi/kafka-python-ng@2.2.3",
"UID": "51fb1da307c7e073"
},
"Version": "2.2.3",
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
],
"AnalyzedBy": "pip"
},
{
"Name": "loguru",
"Identifier": {
"PURL": "pkg:pypi/loguru@0.7.3",
"UID": "32d6807876922762"
},
"Version": "0.7.3",
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pydantic",
"Identifier": {
"PURL": "pkg:pypi/pydantic@2.12.5",
"UID": "9d085b6f0db2bb1"
},
"Version": "2.12.5",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.12.1",
"UID": "beb861491827a815"
},
"Version": "4.12.1",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.1.0",
"UID": "c7778b6c22729fbd"
},
"Version": "1.1.0",
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-multipart",
"Identifier": {
"PURL": "pkg:pypi/python-multipart@0.0.22",
"UID": "dd774aa2a6619c19"
},
"Version": "0.0.22",
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "d8a5b80df8d5f06c"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.34.2",
"UID": "6c305dddf3520195"
},
"Version": "0.34.2",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 23,
"Failures": 1
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER <non root user name>' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds-0002"
],
"Status": "FAIL",
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general"
}
}
]
},
{
"Target": "security-reports/gitleaks-report.json",
"Class": "secret",
"Secrets": [
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 72,
"EndLine": 72,
"Code": {
"Lines": [
{
"Number": 70,
"Content": " \"StartColumn\": 16,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"StartColumn\": 16,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 71,
"Content": " \"EndColumn\": 35,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 35,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 72,
"Content": " \"Match\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 73,
"Content": " \"Secret\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Match\": \"********************\",",
"Offset": 2900
},
{
"RuleID": "aws-access-key-id",
"Category": "AWS",
"Severity": "CRITICAL",
"Title": "AWS Access Key ID",
"StartLine": 73,
"EndLine": 73,
"Code": {
"Lines": [
{
"Number": 71,
"Content": " \"EndColumn\": 35,",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"EndColumn\": 35,",
"FirstCause": false,
"LastCause": false
},
{
"Number": 72,
"Content": " \"Match\": \"********************\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Match\": \"********************\",",
"FirstCause": false,
"LastCause": false
},
{
"Number": 73,
"Content": " \"Secret\": \"********************\",",
"IsCause": true,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"Secret\": \"********************\",",
"FirstCause": true,
"LastCause": true
},
{
"Number": 74,
"Content": " \"File\": \"s3utils/test.py\",",
"IsCause": false,
"Annotation": "",
"Truncated": false,
"Highlighted": " \"File\": \"s3utils/test.py\",",
"FirstCause": false,
"LastCause": false
}
]
},
"Match": " \"Secret\": \"********************\",",
"Offset": 2936
}
]
}
]
}