First Seen
Feb 20, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
75/100
Findings (2)
Text combines credential access with network transmission
sites, domains, composer-credentials, npm-credentials, heartbeats, deployments, webhooks, commands, redirects, security, integrations, jobs (site)Remove the combination of credential access and network transmission from the tool. If the tool needs credentials, access them via a secrets manager and never transmit them externally.
Likely FP if the tool legitimately uses credentials for API authentication (e.g., reading an API key to make authenticated requests to the same service).
Detects system-level package installation via brew, apt, yum, or dnf
apt-get install nPin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.
Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.