Code Security Report: 1 total findings

[mend-for-github-com[bot]]

Code Security Report

Scan Metadata

Latest Scan: 2024-08-22 10:34pm Total Findings: 1 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 25 Detected Programming Languages: 2 (C/C++ (Beta), Python)

• [ ] Check this box to manually trigger a scan

Finding Details

Severity	Vulnerability Type	CWE	File	Data Flows	Date
Medium	Hardcoded Password/Credentials	[CWE-798](https://cwe.mitre.org/data/definitions/798.html)	[keymanager_vault.py:94](https://github.com/Seagate/TCGstorageAPI/blob/e13727ffc710fb2c39a3448b30cf0a9ae03d37c6/sed_cli/keymanager/keymanager_vault.py#L94)	1	2024-08-21 12:31am
Vulnerable Code https://github.com/Seagate/TCGstorageAPI/blob/e13727ffc710fb2c39a3448b30cf0a9ae03d37c6/sed_cli/keymanager/keymanager_vault.py#L94 Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior Hardcoded Password/Credentials Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/infoexposure/sensitiveinfo/python/vanilla) ● Videos    ▪ [Secure Code Warrior Hardcoded Password/Credentials Video](https://media.securecodewarrior.com/v2/module_57_sensitive_data_exposure.mp4) ● Further Reading    ▪ [OWASP Top Ten 2017 A3: Sensitive Data Exposure](https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure)    ▪ [OWASP Top Ten Proactive Controls 2018 C8: Protect Data Everywhere](https://owasp.org/www-project-proactive-controls/v3/en/c8-protect-data-everywhere)    ▪ [OWASP Top Ten 2021 A02: Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/)

[Keerthana-Bidarakoppa]

Fix security bugs