Skip to content

Merging tag specific checks #3494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: feature/cyborg-release
Choose a base branch
from
Open

Merging tag specific checks #3494

wants to merge 2 commits into from
+72 −0

Conversation

@ayushaga14
Copy link
Contributor

@ayushaga14 ayushaga14 commented Nov 7, 2025

No description provided.

@ayushaga14 ayushaga14 changed the base branch from master to feature/cyborg-release November 7, 2025 07:14
devsecopsbot[bot]
devsecopsbot bot reviewed Nov 7, 2025
View reviewed changes
Copy link
Contributor

@devsecopsbot devsecopsbot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Security analysis: "Two high-severity secrets (AWS key in workflow and JWT in env) are committed, enabling credential compromise; numerous vulnerable packages and over-permissive CI settings raise supply-chain and lateral-movement risk."

Risk Level AI Score
🔴 CRITICAL 88.0/100

Top 13 security issues / 68 total (Critical: 0, High: 2, Medium: 66, Low: 0)

Title Location Recommendation
HIGH Hard-coded AWS secret access key .github/workflows/prod.yml:46 Replace the hard-coded secret access key with AWS role assumption and temporary OIDC secu…
HIGH jwt docker.env:23 jwt has detected secret for file docker.env.
MEDIUM CVE-2021-29425: apache-commons-io: Limited path traversal in Apache Commons IO… apps/billing/pom.xml:1 apps/billing/pom.xml: commons-io:commons-io@2.6
MEDIUM CVE-2023-24998: FileUpload: FileUpload DoS with excessive parts apps/billing/pom.xml:1 apps/billing/pom.xml: commons-fileupload:commons-fileupload@1.4
MEDIUM CVE-2024-47554: apache-commons-io: Possible denial of service attack on untrust… apps/billing/pom.xml:1 apps/billing/pom.xml: commons-io:commons-io@2.6
MEDIUM CVE-2025-48924: commons-lang/commons-lang: org.apache.commons/commons-lang3: Un… apps/billing/pom.xml:1 apps/billing/pom.xml: org.apache.commons:commons-lang3@3.8.1
MEDIUM CVE-2025-48976: apache-commons-fileupload: Apache Commons FileUpload DoS via pa… apps/billing/pom.xml:1 apps/billing/pom.xml: commons-fileupload:commons-fileupload@1.4
MEDIUM Ensure top-level permissions are not set to write-all .github/workflows/prod.yml:1 Ensure top-level permissions are not set to write-all
MEDIUM Modification after validation apps/mini-testing/src/main/java/com/akto/test_editor/Utils.java:154 Perform string modifications before any validation of a string and consider encoding stri…
MEDIUM Modification after validation apps/mini-testing/src/main/java/com/akto/test_editor/execution/VariableResolver.java:428 Perform string modifications before any validation of a string and consider encoding stri…
MEDIUM Service port exposed on all interfaces docker-compose-postgres.yml:19 Bind the service port to a specific IP address, e.g., '127.0.0.1:$PORT'.
MEDIUM Service port exposed on all interfaces docker-compose.yml:47 Bind the service port to a specific IP address, e.g., '127.0.0.1:$PORT'.
MEDIUM The build output cannot be affected by user parameters other than the build ent… .github/workflows/prod.yml:10 The build output cannot be affected by user parameters other than the build entry point a…

🔗 View Detailed Report

devsecopsbot[bot]
devsecopsbot bot reviewed Nov 7, 2025
View reviewed changes
Copy link
Contributor

@devsecopsbot devsecopsbot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Security analysis: "No security issues were detected in the three changed files. Scanner coverage is limited to these diffs; residual risks in unmodified code, dependencies, or secrets may remain. Consider broader scans and manual checks."

Risk Level AI Score
🟢 NO RISK 0.0/100

Top 0 security issues / 0 total (Critical: 0, High: 0, Medium: 0, Low: 0)

Title Location Recommendation
No issues to display

🔗 View Detailed Report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@devsecopsbot devsecopsbot[bot] devsecopsbot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ayushaga14