dashlane

clawhub:dashlane

View source

100/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

System package manager install EXTDL_011

external-download L15

Detects system-level package installation via brew, apt, yum, or dnf

brew install d

FIX

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

FP?

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.

LOW

Docker environment credentials CRED_017

credential-leak L140

Detects Docker or docker-compose commands passing credentials via environment variables

docker run -e DASHLANE_MASTER_PASSWORD=

FIX

Remove credential values from Docker environment flags (-e) and docker-compose environment sections. Use Docker secrets, .env files (in .dockerignore), or a secrets manager.

FP?

Likely FP if the Docker environment variable has an empty or placeholder value (e.g., -e API_KEY= or -e PASSWORD=changeme) in setup documentation.