Critical
High
Medium
Low
Secrets
Misconfig
| Severity | CVE ID | Package | Installed | Fixed In | Description |
|---|---|---|---|---|---|
| ✅ No vulnerabilities found | |||||
| Type | File | Line | Match |
|---|---|---|---|
| ✅ No secrets found | |||
| Severity | ID | Check | File | Message |
|---|---|---|---|---|
| HIGH | DS-0002 | Image user should not be 'root' | Dockerfile | Specify at least 1 USER command in Dockerfile with non-root user as argument |
{
"SchemaVersion": 2,
"Trivy": {
"Version": "0.69.0"
},
"ReportID": "019cfb0b-a6d9-7268-b0a9-a229ccae1a3d",
"CreatedAt": "2026-03-17T09:06:10.777158845Z",
"ArtifactID": "sha256:6e159284e391edf0552be00297ee728529c1bfe950ff7ed60e14ae5cb644f257",
"ArtifactName": "/src",
"ArtifactType": "repository",
"Metadata": {
"RepoURL": "https://github.com/eizen-ai/eizen-vip-rag-based-llm.git",
"Branch": "refactor/vulnerability-fix",
"Commit": "83539ae67b3d85ed797156339ba3b72c14b54e8e",
"CommitMsg": "fix: resolve SonarQube issues in router, rag_service, and Dockerfile\n\n- Remove f-string prefix from string literal with no variables\n- Extract duplicated string to MSG_NO_SIMILAR_CONTENT constant\n- Combine apt-get update and install into single RUN instruction in Dockerfile\n- Clean up comments to read as service documentation\n- Delete legacy main.py",
"Author": "eizen-jenil <jenil.patel@eizen.ai>",
"Committer": "eizen-jenil <jenil.patel@eizen.ai>"
},
"Results": [
{
"Target": "requirements.txt",
"Class": "lang-pkgs",
"Type": "pip",
"Packages": [
{
"Name": "faiss-cpu",
"Identifier": {
"PURL": "pkg:pypi/faiss-cpu@1.13.2",
"UID": "688c183c9330bce"
},
"Version": "1.13.2",
"Locations": [
{
"StartLine": 12,
"EndLine": 12
}
],
"AnalyzedBy": "pip"
},
{
"Name": "fastapi",
"Identifier": {
"PURL": "pkg:pypi/fastapi@0.135.1",
"UID": "f9fcc5abebbfb30"
},
"Version": "0.135.1",
"Locations": [
{
"StartLine": 2,
"EndLine": 2
}
],
"AnalyzedBy": "pip"
},
{
"Name": "langchain-community",
"Identifier": {
"PURL": "pkg:pypi/langchain-community@0.4.1",
"UID": "fa345632e48e2777"
},
"Version": "0.4.1",
"Locations": [
{
"StartLine": 8,
"EndLine": 8
}
],
"AnalyzedBy": "pip"
},
{
"Name": "langchain-huggingface",
"Identifier": {
"PURL": "pkg:pypi/langchain-huggingface@1.2.1",
"UID": "46bca73ae98c7a3a"
},
"Version": "1.2.1",
"Locations": [
{
"StartLine": 7,
"EndLine": 7
}
],
"AnalyzedBy": "pip"
},
{
"Name": "loguru",
"Identifier": {
"PURL": "pkg:pypi/loguru@0.7.3",
"UID": "32d6807876922762"
},
"Version": "0.7.3",
"Locations": [
{
"StartLine": 4,
"EndLine": 4
}
],
"AnalyzedBy": "pip"
},
{
"Name": "numpy",
"Identifier": {
"PURL": "pkg:pypi/numpy@1.26.4",
"UID": "37784df659fe6703"
},
"Version": "1.26.4",
"Locations": [
{
"StartLine": 10,
"EndLine": 10
}
],
"AnalyzedBy": "pip"
},
{
"Name": "pymongo",
"Identifier": {
"PURL": "pkg:pypi/pymongo@4.16.0",
"UID": "dea6d0107ee52c50"
},
"Version": "4.16.0",
"Locations": [
{
"StartLine": 5,
"EndLine": 5
}
],
"AnalyzedBy": "pip"
},
{
"Name": "python-dotenv",
"Identifier": {
"PURL": "pkg:pypi/python-dotenv@1.2.2",
"UID": "6db41bd0240d987a"
},
"Version": "1.2.2",
"Locations": [
{
"StartLine": 3,
"EndLine": 3
}
],
"AnalyzedBy": "pip"
},
{
"Name": "requests",
"Identifier": {
"PURL": "pkg:pypi/requests@2.32.5",
"UID": "204b5091499434e3"
},
"Version": "2.32.5",
"Locations": [
{
"StartLine": 6,
"EndLine": 6
}
],
"AnalyzedBy": "pip"
},
{
"Name": "sentence-transformers",
"Identifier": {
"PURL": "pkg:pypi/sentence-transformers@5.3.0",
"UID": "d2bffd7deb9519c3"
},
"Version": "5.3.0",
"Locations": [
{
"StartLine": 9,
"EndLine": 9
}
],
"AnalyzedBy": "pip"
},
{
"Name": "slowapi",
"Identifier": {
"PURL": "pkg:pypi/slowapi@0.1.9",
"UID": "b9f755443a567243"
},
"Version": "0.1.9",
"Locations": [
{
"StartLine": 13,
"EndLine": 13
}
],
"AnalyzedBy": "pip"
},
{
"Name": "torch",
"Identifier": {
"PURL": "pkg:pypi/torch@2.10.0",
"UID": "c2e61769b24baf58"
},
"Version": "2.10.0",
"Locations": [
{
"StartLine": 11,
"EndLine": 11
}
],
"AnalyzedBy": "pip"
},
{
"Name": "uvicorn",
"Identifier": {
"PURL": "pkg:pypi/uvicorn@0.42.0",
"UID": "7b3bbe9a917ac7be"
},
"Version": "0.42.0",
"Locations": [
{
"StartLine": 1,
"EndLine": 1
}
],
"AnalyzedBy": "pip"
}
]
},
{
"Target": "Dockerfile",
"Class": "config",
"Type": "dockerfile",
"MisconfSummary": {
"Successes": 23,
"Failures": 1
},
"Misconfigurations": [
{
"Type": "Dockerfile Security Check",
"ID": "DS-0002",
"Title": "Image user should not be 'root'",
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
"Namespace": "builtin.dockerfile.DS002",
"Query": "data.builtin.dockerfile.DS002.deny",
"Resolution": "Add 'USER <non root user name>' line to the Dockerfile",
"Severity": "HIGH",
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds-0002",
"References": [
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
"https://avd.aquasec.com/misconfig/ds-0002"
],
"Status": "FAIL",
"CauseMetadata": {
"Provider": "Dockerfile",
"Service": "general"
}
}
]
}
]
}