guardrails[bot]
commented
2 months ago :warning: We detected 12 security issues in this pull request:
Hard-Coded Secrets (1)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Secret Keyword**
https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/internal/sink/sinkSender.go#L320 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#SecretKeyword) More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr). ---
Insecure Network Communication (1)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Insecure SSL/TLS versions allowed**
https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/internal/sink/sinkWrapper.go#L126 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/go/insecure_network_communication.html?utm_source=ghpr#missing-ssl-minversion) More info on how to fix Insecure Network Communication in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/insecure_network_communication.html?utm_source=ghpr). ---
Vulnerable Libraries (10)
Severity | Details :-: | :-- N/A | [pkg:golang/github.com/xmidt-org/touchstone@v0.1.2](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L22) - **no patch available** N/A | [pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L26) - **no patch available** N/A | [pkg:golang/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux@v0.40.0](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L25) - **no patch available** N/A | [pkg:golang/go.uber.org/zap@v1.24.0](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L27) - **no patch available** N/A | [pkg:golang/github.com/xmidt-org/clortho@v0.0.4](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L19) - **no patch available** N/A | [pkg:golang/github.com/go-kit/kit@v0.12.0](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L8) - **no patch available** N/A | [pkg:golang/github.com/spf13/viper@v1.16.0](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L14) - **no patch available** N/A | [pkg:golang/github.com/stretchr/testify@v1.8.4](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L15) - **no patch available** N/A | [pkg:golang/github.com/xmidt-org/ancla@v0.3.11](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L16) - **no patch available** N/A | [pkg:golang/github.com/xmidt-org/wrp-go/v3@v3.1.6](https://github.com/xmidt-org/caduceus/blob/2f77e36d611498a090c181addac6e0e571fecc8f/go.mod#L24) - **no patch available** More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
made updates that were causing app to fail during local testing