feat: Add initial Dockerfile, Pipfile.lock, and Terraform example for… #158
16 new alerts including 6 high severity security vulnerabilities
New alerts in code changed by this pull request
Security Alerts:
- 6 high
- 8 medium
- 2 low
See annotations below for details.
Annotations
Check failure on line 34 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header High
Check failure on line 50 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
jinja2: Jinja has a sandbox breakout through malicious filenames High
Check failure on line 50 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
jinja2: Jinja has a sandbox breakout through indirect reference to format method High
Check failure on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
python-werkzeug: high resource usage when parsing multipart form data with many fields High
Check failure on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
python-werkzeug: user may execute code on a developer's machine High
Check failure on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms High
Check warning on line 50 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
jinja2: HTML attribute injection when passing user input as keys to xmlattr filter Medium
Check warning on line 50 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
jinja2: accepts keys containing non-attribute characters Medium
Check warning on line 50 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
jinja2: Jinja sandbox breakout through attr filter selecting format method Medium
Check warning on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
python-werkzeug: high resource consumption leading to denial of service Medium
Check warning on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
werkzeug: python-werkzeug: Werkzeug safe_join not safe on Windows Medium
Check warning on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
Werkzeug: Werkzeug: Denial of service via Windows device names in path segments Medium
Check warning on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
Werkzeug safe_join() allows Windows special device names with compound extensions Medium
Check warning on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
Werkzeug safe_join() allows Windows special device names Medium
Check notice on line 34 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
flask: Flask: Information disclosure via improper caching of session data Low
Check notice on line 126 in devsecops-demo/Pipfile.lock
Code scanning / Trivy
python-werkzeug: cookie prefixed with = can shadow unprefixed cookie Low