Testing /go/src/github.com/openshift-power-monitoring/power-monitoring-operator ...
✗ [Low] Use of Hardcoded Credentials
ID: a837195b-e732-4599-96b6-da7c18dc5b8f
Path: vendor/k8s.io/klog/v2/klog_file.go, line 48
Info: Do not hardcode credentials in code. Found hardcoded credential used in userName.
✗ [Low] Use of Password Hash With Insufficient Computational Effort
ID: 8bd77647-ce34-4092-948a-93d79c97e823
Path: vendor/github.com/google/uuid/hash.go, line 44
Info: The MD5 hash (used in crypto.md5.New) is insecure. Consider changing it to a secure hash algorithm
✗ [Low] Use of Password Hash With Insufficient Computational Effort
ID: 5c990851-bed3-4932-92ac-7e21708eee6f
Path: vendor/github.com/google/uuid/hash.go, line 52
Info: The SHA1 hash (used in crypto.sha1.New) is insecure. Consider changing it to a secure hash algorithm
✗ [Medium] Improper Certificate Validation
ID: e35e6c2c-16c9-498e-805f-a2fe04332c9a
Path: vendor/sigs.k8s.io/controller-runtime/pkg/webhook/server.go, line 275
Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Medium] Improper Certificate Validation
ID: 2b4e53b0-48d5-44c4-bb8d-6ff8b8316b1d
Path: vendor/k8s.io/client-go/util/cert/server_inspection.go, line 33
Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [Medium] Improper Certificate Validation
ID: 49c69430-d38f-4c71-b608-305c7e085869
Path: vendor/k8s.io/client-go/util/cert/server_inspection.go, line 67
Info: TrustManager might be too permissive: The client will accept any certificate and any host name in that certificate, making it susceptible to man-in-the-middle attacks.
✗ [High] Generation of Error Message Containing Sensitive Information
ID: db11068f-38d6-48cc-8a09-4f84007c37be
Path: vendor/sigs.k8s.io/controller-runtime/pkg/log/log.go, line 64
Info: Information exposure through error stack trace in fmt.Fprintf.
✔ Test completed
Organization: openshift-ci-internal
Test type: Static code analysis
Project path: /go/src/github.com/openshift-power-monitoring/power-monitoring-operator
Summary:
7 Code issues found
1 [High] 3 [Medium] 3 [Low]
Code Report Complete
Recently we ran a Snyk scan on the openshift-power-monitoring/power-monitoring-operator which is a fork of this repository. Upon running the scan following issues in the code were reported: