npm - @clear-capabilities/agentic-security-scanner - Versions diffs - 0.79.0 → 0.80.0 - Mend

@clear-capabilities/agentic-security-scanner 0.79.0 → 0.80.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (91) hide show

package/dist/178.index.js +1 -1
package/dist/333.index.js +283 -0
package/dist/384.index.js +1 -1
package/dist/637.index.js +1 -1
package/dist/838.index.js +1 -1
package/dist/985.index.js +90 -1
package/dist/agentic-security.mjs +83 -83
package/dist/agentic-security.mjs.sha256 +1 -1
package/package.json +6 -4
package/src/.agentic-security/findings.json +104638 -0
package/src/.agentic-security/last-scan.json +104638 -0
package/src/.agentic-security/last-scan.json.sig +1 -0
package/src/.agentic-security/scan-history.json +12562 -0
package/src/.agentic-security/streak.json +21 -0
package/src/dataflow/.agentic-security/findings.json +6086 -0
package/src/dataflow/.agentic-security/last-scan.json +6086 -0
package/src/dataflow/.agentic-security/last-scan.json.sig +1 -0
package/src/dataflow/.agentic-security/scan-history.json +250 -0
package/src/dataflow/.agentic-security/streak.json +21 -0
package/src/dataflow/cross-service-taint.js +201 -0
package/src/dataflow/formal-verify.js +204 -0
package/src/dataflow/ifds-precise.js +222 -0
package/src/dataflow/k2-summary-cache.js +153 -0
package/src/dataflow/lib-taint-summaries.js +198 -0
package/src/dataflow/privacy-taint.js +205 -0
package/src/dataflow/smt-feasibility.js +189 -0
package/src/engine.js +784 -127
package/src/ir/.agentic-security/findings.json +4011 -0
package/src/ir/.agentic-security/last-scan.json +4011 -0
package/src/ir/.agentic-security/last-scan.json.sig +1 -0
package/src/ir/.agentic-security/scan-history.json +193 -0
package/src/ir/.agentic-security/streak.json +20 -0
package/src/ir/cpp-preprocessor.js +142 -0
package/src/ir/csharp-ir.js +604 -0
package/src/ir/universal-ir.js +403 -0
package/src/mcp/.agentic-security/findings.json +8632 -0
package/src/mcp/.agentic-security/last-scan.json +8632 -0
package/src/mcp/.agentic-security/last-scan.json.sig +1 -0
package/src/mcp/.agentic-security/scan-history.json +143 -0
package/src/mcp/.agentic-security/streak.json +20 -0
package/src/mcp/tools.js +90 -1
package/src/posture/.agentic-security/findings.json +64004 -0
package/src/posture/.agentic-security/last-scan.json +64004 -0
package/src/posture/.agentic-security/last-scan.json.sig +1 -0
package/src/posture/.agentic-security/scan-history.json +7162 -0
package/src/posture/.agentic-security/streak.json +21 -0
package/src/posture/api-contract.js +193 -0
package/src/posture/attack-taxonomy.js +227 -0
package/src/posture/compliance-policy.js +218 -0
package/src/posture/composite-risk.js +122 -0
package/src/posture/csharp-analysis.js +330 -0
package/src/posture/exploit-bundle.js +210 -0
package/src/posture/federated-learning.js +172 -0
package/src/posture/license-attributions.js +94 -0
package/src/posture/license-graph.js +238 -0
package/src/posture/pqc-migration-plan.js +158 -0
package/src/posture/reachability-filter.js +33 -2
package/src/posture/realtime-cve-monitor.js +214 -0
package/src/posture/runtime-correlation.js +174 -0
package/src/posture/sbom-diff.js +171 -0
package/src/posture/sca-policy.js +235 -0
package/src/posture/sca-upgrade.js +259 -0
package/src/posture/threat-model-auto.js +268 -0
package/src/posture/triage-learning.js +170 -0
package/src/posture/triage.js +26 -1
package/src/sast/.agentic-security/findings.json +6154 -0
package/src/sast/.agentic-security/last-scan.json +6154 -0
package/src/sast/.agentic-security/last-scan.json.sig +1 -0
package/src/sast/.agentic-security/scan-history.json +941 -0
package/src/sast/.agentic-security/streak.json +22 -0
package/src/sast/_secret-entropy.js +145 -0
package/src/sast/cloud-iam.js +312 -0
package/src/sast/cpp.js +138 -4
package/src/sast/crypto-protocol.js +388 -0
package/src/sast/csharp-tokenizer.js +392 -0
package/src/sast/csharp.js +924 -138
package/src/sast/dapp-frontend.js +200 -0
package/src/sast/k8s-admission.js +271 -0
package/src/sast/llm-app.js +272 -0
package/src/sast/ml-supply-chain.js +259 -0
package/src/sast/mobile.js +224 -0
package/src/sast/post-quantum-crypto.js +348 -0
package/src/sast/web3-advanced.js +375 -0
package/src/sca/.agentic-security/findings.json +7460 -0
package/src/sca/.agentic-security/last-scan.json +7460 -0
package/src/sca/.agentic-security/last-scan.json.sig +1 -0
package/src/sca/.agentic-security/scan-history.json +113 -0
package/src/sca/.agentic-security/streak.json +21 -0
package/src/sca/CLAUDE.md +161 -0
package/src/sca/binary-metadata.js +37 -15
package/src/sca/sigstore-verify.js +215 -0

package/src/sast/.agentic-security/scan-history.json ADDED Viewed

@@ -0,0 +1,941 @@
+[
+  {
+    "timestamp": "2026-05-28T21:53:59.953Z",
+    "label": "scan",
+    "total": 17,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 15,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-28T21:55:15.110Z",
+    "label": "scan",
+    "total": 17,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 15,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-28T21:55:49.362Z",
+    "label": "scan",
+    "total": 17,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 15,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-28T21:56:14.244Z",
+    "label": "scan",
+    "total": 17,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 15,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-28T21:56:19.253Z",
+    "label": "scan",
+    "total": 17,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 15,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T06:46:02.197Z",
+    "label": "scan",
+    "total": 18,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 16,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T06:48:50.278Z",
+    "label": "scan",
+    "total": 18,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 16,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T14:13:35.120Z",
+    "label": "scan",
+    "total": 18,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 16,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T14:26:21.588Z",
+    "label": "scan",
+    "total": 18,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 16,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T14:27:33.225Z",
+    "label": "scan",
+    "total": 18,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 16,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T14:30:05.515Z",
+    "label": "scan",
+    "total": 18,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 16,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T15:08:40.086Z",
+    "label": "scan",
+    "total": 18,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 16,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T15:10:05.268Z",
+    "label": "scan",
+    "total": 19,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 17,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:140:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T15:12:36.888Z",
+    "label": "scan",
+    "total": 19,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 17,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T15:12:45.140Z",
+    "label": "scan",
+    "total": 19,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 17,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T15:12:52.802Z",
+    "label": "scan",
+    "total": 19,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 17,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T15:13:01.692Z",
+    "label": "scan",
+    "total": 19,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 17,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T16:09:42.230Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:329:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:330:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T16:12:29.038Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T16:13:59.607Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T16:32:06.484Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T16:33:51.164Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T17:02:03.828Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T17:02:12.361Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T17:02:20.453Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T17:03:04.332Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T17:03:11.818Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T17:03:19.497Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T17:04:00.294Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  },
+  {
+    "timestamp": "2026-05-29T17:04:08.176Z",
+    "label": "scan",
+    "total": 21,
+    "critical": 0,
+    "high": 0,
+    "medium": 2,
+    "low": 19,
+    "kev": 0,
+    "ids": [
+      "authz:authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "authz:crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
+      "client-side:CLIENT_EVAL:client-side.js:135",
+      "client-side:CLIENT_EVAL:client-side.js:139",
+      "client-side:CLIENT_EVAL:client-side.js:140",
+      "llm-owasp:llm-owasp.js:180:llm01-dynamic-system:concat",
+      "llm-owasp:llm-owasp.js:181:llm01-dynamic-system:fstring",
+      "llm-owasp:llm-owasp.js:182:llm01-dynamic-system:template",
+      "llm-owasp:llm-owasp.js:183:llm10-no-token-budget",
+      "llm-redteam:noPromptInjectionDefense:llm-app.js:104",
+      "prompt-tpl:k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "prompt-tpl:llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
+      "spec-drift:rate-limit-impl:rate-limit.js:34",
+      "spec-drift:rate-limit-impl:rate-limit.js:77",
+      "ssrf-meta-hardcoded:go-extended.js:39",
+      "ssrf-meta-hardcoded:python-sinks.js:186",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:15",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:48",
+      "ssrf-meta-hardcoded:ssrf-cloud-metadata.js:73",
+      "zip-slip:zip-slip.js:192:node-entry"
+    ]
+  }
+]