SCANCIS - Scalable Continuous Integrity & Security

SECURITY_SCORE

94/100

+3 vs_last_week

VULNERABILITY_SUMMARY

// Current open findings

CRITICAL

HIGH

MEDIUM

LOW

SCA_DEPS

#01

245SCANNED

2 HIGH5 MED

> LAST_SCAN: 2h_ago

SAST_CODE

#02

1247SCANNED

1 CRIT3 HIGH8 MED

> LAST_SCAN: 2h_ago

SECRETS

#03

89SCANNED

1 HIGH

> LAST_SCAN: 2h_ago

CONTAINER

#04

34SCANNED

2 MED

> LAST_SCAN: 1d_ago

Security Findings

criticalCVE-2024-1234SAST

SQL Injection vulnerability in query parser

User input is directly concatenated into SQL query without proper sanitization.

src/api/users.ts:42api-serviceCWE-89First seen: 2 days ago

open

highCVE-2024-5678DAST

Cross-Site Scripting (XSS) in input handler

User-supplied data is rendered without escaping, allowing script injection.

src/components/Input.tsx:15web-appCWE-79First seen: 5 days ago

open

highGHSA-xxxx-xxxxSCA

Prototype pollution in lodash < 4.17.21

Vulnerable version of lodash allows prototype pollution attacks.

package.jsonweb-appCWE-1321First seen: 1 week ago

open

highSECRET-001Secrets

Exposed AWS API key in configuration file

AWS access key found in committed configuration file.

.env.example:12mobile-backendCWE-798First seen: 3 days ago

fixed

mediumCVE-2024-9012Container

OpenSSL vulnerability in container base image

Base image contains vulnerable OpenSSL version with known CVE.

Dockerfileapi-serviceCWE-327First seen: 2 weeks ago

accepted

mediumSAST-0042SAST

Hardcoded credentials in test file

Test file contains hardcoded database credentials.

tests/db.test.ts:8api-serviceCWE-798First seen: 4 days ago

open

Recent Scans

Full Security Scan

passed

web-app

2M5L

4m 32s•2 hours ago

SCA Scan

warning

api-service

2H3M8L

1m 15s•3 hours ago

SAST Scan

failed

mobile-backend

1C1H4M12L

6m 48s•5 hours ago

Container Scan

running

api-service

2m 10s•Running

Secrets Scan

passed

web-app

0m 45s•1 day ago