First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
4
Score
92/100
Findings (4)
Detects database connection strings with credentials
postgres://user:pass@prod.db.com:Remove the database connection string and replace it with an environment variable reference. Rotate the database password if the connection string was exposed publicly.
Likely FP if the connection string uses localhost with no password (e.g., mongodb://localhost:27017/mydb) or is a documented example URI.
Detects system-level package installation via brew, apt, yum, or dnf
apt install pPin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.
Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.
Detects git clone of repositories followed by execution of cloned content
git clone https://github.com/pgvector/pgvector.git + cd pgvector
make
sudoReview the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.
Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.
Detects system-level package installation via brew, apt, yum, or dnf
apt install pPin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.
Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.