First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
84/100
Findings (2)
Detects path traversal patterns targeting sensitive files, including URL-encoded variants
%2e%2e%Pin Git dependencies to specific commit hashes instead of branch names or tags. Branches and tags are mutable and can be updated to point to malicious code.
Likely FP if the Git reference points to a tagged release of a well-known repository, though tags are technically mutable.
Detects reads of sensitive system or credential files
cat /etc/passwdPrevent the tool from reading environment variables and sending them to external endpoints. If env access is needed, restrict it to specific variable names via an allowlist.
Likely FP if the match is documentation about how to configure environment variables, not code that reads and transmits them.