[BE][FE][SECURITY] Kics #1152
hgo-dskics.yml
on: schedule
Analyze frontend
40s
Analyze backend
39s
Annotations
17 warnings
|
Analyze backend
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
[MEDIUM] Global Server Object Uses HTTP:
tx-backend/openapi/traceability-foss-backend.json#L13
Global server object URL should use 'https' protocol instead of 'http'
|
|
[MEDIUM] Media Type Object Without Schema:
tx-backend/openapi/traceability-foss-backend.json#L6937
The Media Type Object should have the attribute 'schema' defined
|
|
[MEDIUM] Media Type Object Without Schema:
tx-backend/openapi/traceability-foss-backend.json#L1842
The Media Type Object should have the attribute 'schema' defined
|
|
[INFO] Invalid Media Type Value (v3):
tx-backend/openapi/traceability-foss-backend.json#L6941
The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]
|
|
[INFO] Invalid Media Type Value (v3):
tx-backend/openapi/traceability-foss-backend.json#L6942
The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]
|
|
[INFO] Invalid Media Type Value (v3):
tx-backend/openapi/traceability-foss-backend.json#L6938
The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]
|
|
[INFO] Invalid Media Type Value (v3):
tx-backend/openapi/traceability-foss-backend.json#L6939
The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]
|
|
[INFO] Invalid Media Type Value (v3):
tx-backend/openapi/traceability-foss-backend.json#L6940
The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]
|
|
[INFO] Operation Without Successful HTTP Status Code (v3):
tx-backend/openapi/traceability-foss-backend.json#L54
Operation Object should have at least one successful HTTP status code defined
|
|
[INFO] Operation Without Successful HTTP Status Code (v3):
tx-backend/openapi/traceability-foss-backend.json#L836
Operation Object should have at least one successful HTTP status code defined
|
|
Analyze frontend
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
[MEDIUM] Container Capabilities Unrestricted:
frontend/docker-compose.yml#L24
Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
|
|
[MEDIUM] Container Capabilities Unrestricted:
frontend/cypress/docker-compose.yml#L24
Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
|
|
[MEDIUM] Healthcheck Not Set:
frontend/cypress/docker-compose.yml#L24
Check containers periodically to see if they are running properly.
|
|
[MEDIUM] Host Namespace is Shared:
frontend/docker-compose.yml#L45
The hosts process namespace should not be shared by containers
|
|
[MEDIUM] Shared Host Network Namespace:
frontend/cypress/docker-compose.yml#L35
Container should not share the host network namespace
|