675 lines
20 KiB
JSON
675 lines
20 KiB
JSON
|
|
{
|
|
"score": 58,
|
|
"grade": "D",
|
|
"gradeLabel": "Significant security risks",
|
|
"totalFindings": 22,
|
|
"totalDepVulns": 0,
|
|
"categories": {
|
|
"secrets": {
|
|
"label": "Secrets",
|
|
"findingCount": 0,
|
|
"deduction": 0,
|
|
"counts": {
|
|
"critical": 0,
|
|
"high": 0,
|
|
"medium": 0,
|
|
"low": 0
|
|
}
|
|
},
|
|
"injection": {
|
|
"label": "Code Vulnerabilities",
|
|
"findingCount": 3,
|
|
"deduction": 9,
|
|
"counts": {
|
|
"critical": 0,
|
|
"high": 0,
|
|
"medium": 3,
|
|
"low": 0
|
|
}
|
|
},
|
|
"deps": {
|
|
"label": "Dependencies",
|
|
"findingCount": 0,
|
|
"deduction": 0,
|
|
"counts": {
|
|
"critical": 0,
|
|
"high": 0,
|
|
"medium": 0,
|
|
"low": 0
|
|
}
|
|
},
|
|
"auth": {
|
|
"label": "Auth & Access Control",
|
|
"findingCount": 0,
|
|
"deduction": 0,
|
|
"counts": {
|
|
"critical": 0,
|
|
"high": 0,
|
|
"medium": 0,
|
|
"low": 0
|
|
}
|
|
},
|
|
"config": {
|
|
"label": "Configuration",
|
|
"findingCount": 4,
|
|
"deduction": 10,
|
|
"counts": {
|
|
"critical": 0,
|
|
"high": 4,
|
|
"medium": 0,
|
|
"low": 0
|
|
}
|
|
},
|
|
"supply-chain": {
|
|
"label": "Supply Chain",
|
|
"findingCount": 1,
|
|
"deduction": 3,
|
|
"counts": {
|
|
"critical": 0,
|
|
"high": 0,
|
|
"medium": 1,
|
|
"low": 0
|
|
}
|
|
},
|
|
"api": {
|
|
"label": "API Security",
|
|
"findingCount": 3,
|
|
"deduction": 10,
|
|
"counts": {
|
|
"critical": 0,
|
|
"high": 3,
|
|
"medium": 0,
|
|
"low": 0
|
|
}
|
|
},
|
|
"llm": {
|
|
"label": "AI/LLM Security",
|
|
"findingCount": 11,
|
|
"deduction": 10,
|
|
"counts": {
|
|
"critical": 0,
|
|
"high": 0,
|
|
"medium": 11,
|
|
"low": 0
|
|
}
|
|
}
|
|
},
|
|
"findings": [
|
|
{
|
|
"file": "/code/xf/GIA/Dockerfile",
|
|
"line": 25,
|
|
"severity": "high",
|
|
"category": "config",
|
|
"rule": "DOCKER_RUN_AS_ROOT",
|
|
"title": "Docker: Running as Root",
|
|
"description": "No USER instruction found. Container runs as root by default.",
|
|
"fix": "Add USER nonroot before CMD/ENTRYPOINT",
|
|
"cwe": "CWE-250",
|
|
"owasp": "A05:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/Dockerfile",
|
|
"line": 28,
|
|
"severity": "high",
|
|
"category": "config",
|
|
"rule": "DOCKER_RUN_AS_ROOT",
|
|
"title": "Docker: Running as Root",
|
|
"description": "No USER instruction found. Container runs as root by default.",
|
|
"fix": "Add USER nonroot before CMD/ENTRYPOINT",
|
|
"cwe": "CWE-250",
|
|
"owasp": "A05:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/Dockerfile",
|
|
"line": 30,
|
|
"severity": "high",
|
|
"category": "config",
|
|
"rule": "DOCKER_RUN_AS_ROOT",
|
|
"title": "Docker: Running as Root",
|
|
"description": "No USER instruction found. Container runs as root by default.",
|
|
"fix": "Add USER nonroot before CMD/ENTRYPOINT",
|
|
"cwe": "CWE-250",
|
|
"owasp": "A05:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/Dockerfile",
|
|
"line": 31,
|
|
"severity": "high",
|
|
"category": "config",
|
|
"rule": "DOCKER_RUN_AS_ROOT",
|
|
"title": "Docker: Running as Root",
|
|
"description": "No USER instruction found. Container runs as root by default.",
|
|
"fix": "Add USER nonroot before CMD/ENTRYPOINT",
|
|
"cwe": "CWE-250",
|
|
"owasp": "A05:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/clients/whatsapp.py",
|
|
"line": 3398,
|
|
"severity": "high",
|
|
"category": "api",
|
|
"rule": "API_UPLOAD_NO_TYPE_CHECK",
|
|
"title": "API: File Upload Without Type Validation",
|
|
"description": "File upload using original filename without type validation.",
|
|
"fix": "Validate file extension and MIME type. Generate random filenames for storage.",
|
|
"cwe": "CWE-434",
|
|
"owasp": "A04:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/clients/xmpp.py",
|
|
"line": 57,
|
|
"severity": "high",
|
|
"category": "api",
|
|
"rule": "API_UPLOAD_NO_TYPE_CHECK",
|
|
"title": "API: File Upload Without Type Validation",
|
|
"description": "File upload using original filename without type validation.",
|
|
"fix": "Validate file extension and MIME type. Generate random filenames for storage.",
|
|
"cwe": "CWE-434",
|
|
"owasp": "A04:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/security/attachments.py",
|
|
"line": 83,
|
|
"severity": "high",
|
|
"category": "api",
|
|
"rule": "API_UPLOAD_NO_TYPE_CHECK",
|
|
"title": "API: File Upload Without Type Validation",
|
|
"description": "File upload using original filename without type validation.",
|
|
"fix": "Validate file extension and MIME type. Generate random filenames for storage.",
|
|
"cwe": "CWE-434",
|
|
"owasp": "A04:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/tests/test_attachment_security.py",
|
|
"line": 29,
|
|
"severity": "medium",
|
|
"category": "ssrf",
|
|
"rule": "SSRF_INTERNAL_IP",
|
|
"title": "SSRF: Internal IP Pattern",
|
|
"description": "Internal IP address in code. Verify it is not reachable via user-controlled URLs.",
|
|
"fix": "Block private IP ranges in URL validation for user-supplied URLs",
|
|
"cwe": "CWE-918",
|
|
"owasp": "A10:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/tests/test_attachment_security.py",
|
|
"line": 34,
|
|
"severity": "medium",
|
|
"category": "ssrf",
|
|
"rule": "SSRF_INTERNAL_IP",
|
|
"title": "SSRF: Internal IP Pattern",
|
|
"description": "Internal IP address in code. Verify it is not reachable via user-controlled URLs.",
|
|
"fix": "Block private IP ranges in URL validation for user-supplied URLs",
|
|
"cwe": "CWE-918",
|
|
"owasp": "A10:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/tests/test_attachment_security.py",
|
|
"line": 35,
|
|
"severity": "medium",
|
|
"category": "ssrf",
|
|
"rule": "SSRF_INTERNAL_IP",
|
|
"title": "SSRF: Internal IP Pattern",
|
|
"description": "Internal IP address in code. Verify it is not reachable via user-controlled URLs.",
|
|
"fix": "Block private IP ranges in URL validation for user-supplied URLs",
|
|
"cwe": "CWE-918",
|
|
"owasp": "A10:2021"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/requirements.txt",
|
|
"line": 23,
|
|
"severity": "medium",
|
|
"category": "supply-chain",
|
|
"rule": "UNPINNED_PYTHON_DEP",
|
|
"title": "Unpinned Python Dependency: ./vendor/django-crud-mixins",
|
|
"description": "Python dependency without version pin. Pin to a specific version for reproducible builds.",
|
|
"fix": "Pin version: ./vendor/django-crud-mixins==x.y.z",
|
|
"cwe": null,
|
|
"owasp": null
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/clients/signalapi.py",
|
|
"line": 411,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_NO_OUTPUT_FILTER",
|
|
"title": "LLM Output Without Filtering",
|
|
"description": "LLM output used directly without filtering. May contain sensitive info or hallucinations.",
|
|
"fix": "Filter LLM output before displaying: remove PII, validate against expected format",
|
|
"cwe": "CWE-200",
|
|
"owasp": "LLM02"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/osint.py",
|
|
"line": 739,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_RAG_NO_VALIDATION",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"description": "User input passed directly to vector search/embedding without validation.",
|
|
"fix": "Validate and sanitize input before embedding. Limit query length.",
|
|
"cwe": "CWE-20",
|
|
"owasp": "LLM08"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/osint.py",
|
|
"line": 744,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_RAG_NO_VALIDATION",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"description": "User input passed directly to vector search/embedding without validation.",
|
|
"fix": "Validate and sanitize input before embedding. Limit query length.",
|
|
"cwe": "CWE-20",
|
|
"owasp": "LLM08"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/osint.py",
|
|
"line": 758,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_RAG_NO_VALIDATION",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"description": "User input passed directly to vector search/embedding without validation.",
|
|
"fix": "Validate and sanitize input before embedding. Limit query length.",
|
|
"cwe": "CWE-20",
|
|
"owasp": "LLM08"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/osint.py",
|
|
"line": 850,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_RAG_NO_VALIDATION",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"description": "User input passed directly to vector search/embedding without validation.",
|
|
"fix": "Validate and sanitize input before embedding. Limit query length.",
|
|
"cwe": "CWE-20",
|
|
"owasp": "LLM08"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/osint.py",
|
|
"line": 1377,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_RAG_NO_VALIDATION",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"description": "User input passed directly to vector search/embedding without validation.",
|
|
"fix": "Validate and sanitize input before embedding. Limit query length.",
|
|
"cwe": "CWE-20",
|
|
"owasp": "LLM08"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/osint.py",
|
|
"line": 1382,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_RAG_NO_VALIDATION",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"description": "User input passed directly to vector search/embedding without validation.",
|
|
"fix": "Validate and sanitize input before embedding. Limit query length.",
|
|
"cwe": "CWE-20",
|
|
"owasp": "LLM08"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/osint.py",
|
|
"line": 1396,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_RAG_NO_VALIDATION",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"description": "User input passed directly to vector search/embedding without validation.",
|
|
"fix": "Validate and sanitize input before embedding. Limit query length.",
|
|
"cwe": "CWE-20",
|
|
"owasp": "LLM08"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/signal.py",
|
|
"line": 189,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_NO_OUTPUT_FILTER",
|
|
"title": "LLM Output Without Filtering",
|
|
"description": "LLM output used directly without filtering. May contain sensitive info or hallucinations.",
|
|
"fix": "Filter LLM output before displaying: remove PII, validate against expected format",
|
|
"cwe": "CWE-200",
|
|
"owasp": "LLM02"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/signal.py",
|
|
"line": 197,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_NO_OUTPUT_FILTER",
|
|
"title": "LLM Output Without Filtering",
|
|
"description": "LLM output used directly without filtering. May contain sensitive info or hallucinations.",
|
|
"fix": "Filter LLM output before displaying: remove PII, validate against expected format",
|
|
"cwe": "CWE-200",
|
|
"owasp": "LLM02"
|
|
},
|
|
{
|
|
"file": "/code/xf/GIA/core/views/signal.py",
|
|
"line": 206,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"rule": "LLM_NO_OUTPUT_FILTER",
|
|
"title": "LLM Output Without Filtering",
|
|
"description": "LLM output used directly without filtering. May contain sensitive info or hallucinations.",
|
|
"fix": "Filter LLM output before displaying: remove PII, validate against expected format",
|
|
"cwe": "CWE-200",
|
|
"owasp": "LLM02"
|
|
}
|
|
],
|
|
"depVulns": [],
|
|
"remediationPlan": [
|
|
{
|
|
"priority": 1,
|
|
"severity": "high",
|
|
"category": "config",
|
|
"categoryLabel": "CONFIGURATION",
|
|
"title": "Docker: Running as Root",
|
|
"file": "Dockerfile:25",
|
|
"action": "Add USER nonroot before CMD/ENTRYPOINT",
|
|
"effort": "low"
|
|
},
|
|
{
|
|
"priority": 2,
|
|
"severity": "high",
|
|
"category": "config",
|
|
"categoryLabel": "CONFIGURATION",
|
|
"title": "Docker: Running as Root",
|
|
"file": "Dockerfile:28",
|
|
"action": "Add USER nonroot before CMD/ENTRYPOINT",
|
|
"effort": "low"
|
|
},
|
|
{
|
|
"priority": 3,
|
|
"severity": "high",
|
|
"category": "config",
|
|
"categoryLabel": "CONFIGURATION",
|
|
"title": "Docker: Running as Root",
|
|
"file": "Dockerfile:30",
|
|
"action": "Add USER nonroot before CMD/ENTRYPOINT",
|
|
"effort": "low"
|
|
},
|
|
{
|
|
"priority": 4,
|
|
"severity": "high",
|
|
"category": "config",
|
|
"categoryLabel": "CONFIGURATION",
|
|
"title": "Docker: Running as Root",
|
|
"file": "Dockerfile:31",
|
|
"action": "Add USER nonroot before CMD/ENTRYPOINT",
|
|
"effort": "low"
|
|
},
|
|
{
|
|
"priority": 5,
|
|
"severity": "high",
|
|
"category": "api",
|
|
"categoryLabel": "API SECURITY",
|
|
"title": "API: File Upload Without Type Validation",
|
|
"file": "core/clients/whatsapp.py:3398",
|
|
"action": "Validate file extension and MIME type. Generate random filenames for storage.",
|
|
"effort": "medium"
|
|
},
|
|
{
|
|
"priority": 6,
|
|
"severity": "high",
|
|
"category": "api",
|
|
"categoryLabel": "API SECURITY",
|
|
"title": "API: File Upload Without Type Validation",
|
|
"file": "core/clients/xmpp.py:57",
|
|
"action": "Validate file extension and MIME type. Generate random filenames for storage.",
|
|
"effort": "medium"
|
|
},
|
|
{
|
|
"priority": 7,
|
|
"severity": "high",
|
|
"category": "api",
|
|
"categoryLabel": "API SECURITY",
|
|
"title": "API: File Upload Without Type Validation",
|
|
"file": "core/security/attachments.py:83",
|
|
"action": "Validate file extension and MIME type. Generate random filenames for storage.",
|
|
"effort": "medium"
|
|
},
|
|
{
|
|
"priority": 8,
|
|
"severity": "medium",
|
|
"category": "ssrf",
|
|
"categoryLabel": "SSRF",
|
|
"title": "SSRF: Internal IP Pattern",
|
|
"file": "core/tests/test_attachment_security.py:29",
|
|
"action": "Block private IP ranges in URL validation for user-supplied URLs",
|
|
"effort": "medium"
|
|
},
|
|
{
|
|
"priority": 9,
|
|
"severity": "medium",
|
|
"category": "ssrf",
|
|
"categoryLabel": "SSRF",
|
|
"title": "SSRF: Internal IP Pattern",
|
|
"file": "core/tests/test_attachment_security.py:34",
|
|
"action": "Block private IP ranges in URL validation for user-supplied URLs",
|
|
"effort": "medium"
|
|
},
|
|
{
|
|
"priority": 10,
|
|
"severity": "medium",
|
|
"category": "ssrf",
|
|
"categoryLabel": "SSRF",
|
|
"title": "SSRF: Internal IP Pattern",
|
|
"file": "core/tests/test_attachment_security.py:35",
|
|
"action": "Block private IP ranges in URL validation for user-supplied URLs",
|
|
"effort": "medium"
|
|
},
|
|
{
|
|
"priority": 11,
|
|
"severity": "medium",
|
|
"category": "supply-chain",
|
|
"categoryLabel": "SUPPLY CHAIN",
|
|
"title": "Unpinned Python Dependency: ./vendor/django-crud-mixins",
|
|
"file": "requirements.txt:23",
|
|
"action": "Pin version: ./vendor/django-crud-mixins==x.y.z",
|
|
"effort": "medium"
|
|
},
|
|
{
|
|
"priority": 12,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "LLM Output Without Filtering",
|
|
"file": "core/clients/signalapi.py:411",
|
|
"action": "Filter LLM output before displaying: remove PII, validate against expected format",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 13,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"file": "core/views/osint.py:739",
|
|
"action": "Validate and sanitize input before embedding. Limit query length.",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 14,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"file": "core/views/osint.py:744",
|
|
"action": "Validate and sanitize input before embedding. Limit query length.",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 15,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"file": "core/views/osint.py:758",
|
|
"action": "Validate and sanitize input before embedding. Limit query length.",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 16,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"file": "core/views/osint.py:850",
|
|
"action": "Validate and sanitize input before embedding. Limit query length.",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 17,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"file": "core/views/osint.py:1377",
|
|
"action": "Validate and sanitize input before embedding. Limit query length.",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 18,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"file": "core/views/osint.py:1382",
|
|
"action": "Validate and sanitize input before embedding. Limit query length.",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 19,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "RAG Pipeline Without Input Validation",
|
|
"file": "core/views/osint.py:1396",
|
|
"action": "Validate and sanitize input before embedding. Limit query length.",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 20,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "LLM Output Without Filtering",
|
|
"file": "core/views/signal.py:189",
|
|
"action": "Filter LLM output before displaying: remove PII, validate against expected format",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 21,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "LLM Output Without Filtering",
|
|
"file": "core/views/signal.py:197",
|
|
"action": "Filter LLM output before displaying: remove PII, validate against expected format",
|
|
"effort": "high"
|
|
},
|
|
{
|
|
"priority": 22,
|
|
"severity": "medium",
|
|
"category": "llm",
|
|
"categoryLabel": "AI/LLM SECURITY",
|
|
"title": "LLM Output Without Filtering",
|
|
"file": "core/views/signal.py:206",
|
|
"action": "Filter LLM output before displaying: remove PII, validate against expected format",
|
|
"effort": "high"
|
|
}
|
|
],
|
|
"recon": {
|
|
"frameworks": [
|
|
"django"
|
|
],
|
|
"languages": [
|
|
"python"
|
|
],
|
|
"apiRoutes": [
|
|
"app/urls.py",
|
|
"core/management/commands/backfill_xmpp_attachment_urls.py"
|
|
],
|
|
"authPatterns": [],
|
|
"databases": [],
|
|
"cloudProviders": [],
|
|
"frontendExposure": [],
|
|
"packageManagers": [
|
|
"pip"
|
|
],
|
|
"cicd": [],
|
|
"hasDockerfile": true,
|
|
"hasTerraform": false,
|
|
"hasKubernetes": false,
|
|
"envFiles": [],
|
|
"configFiles": []
|
|
},
|
|
"agents": [
|
|
{
|
|
"agent": "InjectionTester",
|
|
"category": "injection",
|
|
"findingCount": 0,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "AuthBypassAgent",
|
|
"category": "auth",
|
|
"findingCount": 0,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "SSRFProber",
|
|
"category": "ssrf",
|
|
"findingCount": 3,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "SupplyChainAudit",
|
|
"category": "supply-chain",
|
|
"findingCount": 1,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "ConfigAuditor",
|
|
"category": "config",
|
|
"findingCount": 4,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "LLMRedTeam",
|
|
"category": "llm",
|
|
"findingCount": 11,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "MobileScanner",
|
|
"category": "mobile",
|
|
"findingCount": 0,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "GitHistoryScanner",
|
|
"category": "history",
|
|
"findingCount": 0,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "CICDScanner",
|
|
"category": "cicd",
|
|
"findingCount": 0,
|
|
"success": true
|
|
},
|
|
{
|
|
"agent": "APIFuzzer",
|
|
"category": "api",
|
|
"findingCount": 3,
|
|
"success": true
|
|
}
|
|
]
|
|
}
|