XF/GIA
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
da044be68c4299103993461a7613889726fc6448
GIA/artifacts/audits/5-final-pass-fix.json
Mark Veidemanis 438e561da0 Harden security
2026-03-05 05:42:19 +00:00

235 lines
4.9 KiB
JSON
Raw Blame History

{
"score": 90,
"grade": "A",
"gradeLabel": "Ship it!",
"totalFindings": 2,
"totalDepVulns": 0,
"categories": {
"secrets": {
"label": "Secrets",
"findingCount": 0,
"deduction": 0,
"counts": {
"critical": 0,
"high": 0,
"medium": 0,
"low": 0
}
},
"injection": {
"label": "Code Vulnerabilities",
"findingCount": 0,
"deduction": 0,
"counts": {
"critical": 0,
"high": 0,
"medium": 0,
"low": 0
}
},
"deps": {
"label": "Dependencies",
"findingCount": 0,
"deduction": 0,
"counts": {
"critical": 0,
"high": 0,
"medium": 0,
"low": 0
}
},
"auth": {
"label": "Auth & Access Control",
"findingCount": 0,
"deduction": 0,
"counts": {
"critical": 0,
"high": 0,
"medium": 0,
"low": 0
}
},
"config": {
"label": "Configuration",
"findingCount": 2,
"deduction": 10,
"counts": {
"critical": 0,
"high": 2,
"medium": 0,
"low": 0
}
},
"supply-chain": {
"label": "Supply Chain",
"findingCount": 0,
"deduction": 0,
"counts": {
"critical": 0,
"high": 0,
"medium": 0,
"low": 0
}
},
"api": {
"label": "API Security",
"findingCount": 0,
"deduction": 0,
"counts": {
"critical": 0,
"high": 0,
"medium": 0,
"low": 0
}
},
"llm": {
"label": "AI/LLM Security",
"findingCount": 0,
"deduction": 0,
"counts": {
"critical": 0,
"high": 0,
"medium": 0,
"low": 0
}
}
},
"findings": [
{
"file": "/code/xf/GIA/Dockerfile",
"line": 26,
"severity": "high",
"category": "config",
"rule": "DOCKER_RUN_AS_ROOT",
"title": "Docker: Running as Root",
"description": "No USER instruction found. Container runs as root by default.",
"fix": "Add USER nonroot before CMD/ENTRYPOINT",
"cwe": "CWE-250",
"owasp": "A05:2021"
},
{
"file": "/code/xf/GIA/Dockerfile",
"line": 1,
"severity": "high",
"category": "config",
"rule": "DOCKER_NO_USER",
"title": "Dockerfile: No Non-Root USER",
"description": "No USER instruction found. Container runs as root, enabling escape attacks.",
"fix": "Add before CMD: RUN addgroup -S app && adduser -S app -G app\nUSER app",
"cwe": null,
"owasp": null
}
],
"depVulns": [],
"remediationPlan": [
{
"priority": 1,
"severity": "high",
"category": "config",
"categoryLabel": "CONFIGURATION",
"title": "Docker: Running as Root",
"file": "Dockerfile:26",
"action": "Add USER nonroot before CMD/ENTRYPOINT",
"effort": "low"
},
{
"priority": 2,
"severity": "high",
"category": "config",
"categoryLabel": "CONFIGURATION",
"title": "Dockerfile: No Non-Root USER",
"file": "Dockerfile:1",
"action": "Add before CMD: RUN addgroup -S app && adduser -S app -G app\nUSER app",
"effort": "low"
}
],
"recon": {
"frameworks": [
"django"
],
"languages": [
"python"
],
"apiRoutes": [
"app/urls.py",
"core/management/commands/backfill_xmpp_attachment_urls.py"
],
"authPatterns": [],
"databases": [],
"cloudProviders": [],
"frontendExposure": [],
"packageManagers": [
"pip"
],
"cicd": [],
"hasDockerfile": true,
"hasTerraform": false,
"hasKubernetes": false,
"envFiles": [],
"configFiles": []
},
"agents": [
{
"agent": "InjectionTester",
"category": "injection",
"findingCount": 0,
"success": true
},
{
"agent": "AuthBypassAgent",
"category": "auth",
"findingCount": 0,
"success": true
},
{
"agent": "SSRFProber",
"category": "ssrf",
"findingCount": 0,
"success": true
},
{
"agent": "SupplyChainAudit",
"category": "supply-chain",
"findingCount": 0,
"success": true
},
{
"agent": "ConfigAuditor",
"category": "config",
"findingCount": 2,
"success": true
},
{
"agent": "LLMRedTeam",
"category": "llm",
"findingCount": 0,
"success": true
},
{
"agent": "MobileScanner",
"category": "mobile",
"findingCount": 0,
"success": true
},
{
"agent": "GitHistoryScanner",
"category": "history",
"findingCount": 0,
"success": true
},
{
"agent": "CICDScanner",
"category": "cicd",
"findingCount": 0,
"success": true
},
{
"agent": "APIFuzzer",
"category": "api",
"findingCount": 0,
"success": true
}
]
}
Reference in New Issue View Git Blame Copy Permalink