guardrails[bot]
commented
3 months ago :warning: We detected 3 security issues in this pull request:
Hard-Coded Secrets (1)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Secret Keyword**
https://github.com/xmidt-org/caduceus/blob/e7f28632a712d154d7c464b23436f2d77e3157c1/internal/sink/sinkSender.go#L316 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#SecretKeyword) More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr). ---
Insecure Network Communication (1)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Insecure SSL/TLS versions allowed**
https://github.com/xmidt-org/caduceus/blob/e7f28632a712d154d7c464b23436f2d77e3157c1/internal/sink/sinkWrapper.go#L127 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/go/insecure_network_communication.html?utm_source=ghpr#missing-ssl-minversion) More info on how to fix Insecure Network Communication in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/insecure_network_communication.html?utm_source=ghpr). ---
Vulnerable Libraries (1)
Severity | Details :-: | :-- Medium | [pkg:golang/github.com/aws/aws-sdk-go@v1.54.19](https://github.com/xmidt-org/caduceus/blob/e7f28632a712d154d7c464b23436f2d77e3157c1/go.sum#L679) - **no patch available** More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
maurafortino
want to create a provide function for ancla (draft PR here: https://github.com/xmidt-org/ancla/pull/236), but having issues with exporting and circular dependency