@clear-capabilities/agentic-security-scanner 0.80.0 → 0.84.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/178.index.js +1 -1
- package/dist/384.index.js +1 -1
- package/dist/637.index.js +1 -1
- package/dist/838.index.js +1 -1
- package/dist/839.index.js +170 -0
- package/dist/985.index.js +51 -1
- package/dist/agentic-security.mjs +83 -83
- package/dist/agentic-security.mjs.sha256 +1 -1
- package/package.json +3 -3
- package/src/.agentic-security/findings.json +21283 -8189
- package/src/.agentic-security/last-scan.json +21283 -8189
- package/src/.agentic-security/last-scan.json.sig +1 -1
- package/src/.agentic-security/scan-history.json +512 -128
- package/src/.agentic-security/streak.json +3 -3
- package/src/engine.js +41 -0
- package/src/mcp/.agentic-security/findings.json +4 -4
- package/src/mcp/.agentic-security/last-scan.json +4 -4
- package/src/mcp/.agentic-security/last-scan.json.sig +1 -1
- package/src/mcp/.agentic-security/scan-history.json +188 -0
- package/src/mcp/.agentic-security/streak.json +5 -5
- package/src/mcp/tools.js +51 -1
- package/src/posture/.agentic-security/findings.json +17234 -4057
- package/src/posture/.agentic-security/last-scan.json +17234 -4057
- package/src/posture/.agentic-security/last-scan.json.sig +1 -1
- package/src/posture/.agentic-security/scan-history.json +1942 -200
- package/src/posture/.agentic-security/streak.json +3 -3
- package/src/posture/auditor-walkthrough.js +252 -0
- package/src/posture/claude-authorship.js +197 -0
- package/src/posture/compliance-frameworks/.agentic-security/findings.json +80 -0
- package/src/posture/compliance-frameworks/.agentic-security/last-scan.json +80 -0
- package/src/posture/compliance-frameworks/.agentic-security/last-scan.json.sig +1 -0
- package/src/posture/compliance-frameworks/.agentic-security/scan-history.json +90 -0
- package/src/posture/compliance-frameworks/.agentic-security/streak.json +22 -0
- package/src/posture/compliance-frameworks/ccpa.json +32 -0
- package/src/posture/compliance-frameworks/eu-ai-act.json +51 -0
- package/src/posture/compliance-frameworks/gdpr.json +45 -0
- package/src/posture/compliance-frameworks/hipaa-security-rule.json +56 -0
- package/src/posture/compliance-frameworks/nist-ai-600-1.json +51 -0
- package/src/posture/compliance-frameworks/nist-csf-2.json +73 -0
- package/src/posture/compliance-frameworks/owasp-asvs-5.json +79 -0
- package/src/posture/compliance-frameworks/owasp-llm-top-10.json +69 -0
- package/src/posture/cross-repo-memory.js +180 -0
- package/src/posture/dep-add-guard.js +197 -0
- package/src/posture/findings-memory.js +152 -0
- package/src/posture/fix-style-mirror.js +118 -0
- package/src/posture/git-history.js +141 -0
- package/src/posture/intent-context.js +175 -0
- package/src/posture/model-rescan.js +76 -0
- package/src/posture/pattern-propagation.js +39 -0
- package/src/posture/pr-augment.js +234 -0
- package/src/posture/risk-dollars.js +158 -0
- package/src/posture/threat-model-grounding.js +169 -0
- package/src/posture/time-to-fix.js +129 -0
- package/src/posture/triage-memory.js +151 -0
- package/src/posture/triage.js +15 -1
- package/src/posture/watch-mode.js +171 -0
- package/src/posture/workflow-installer.js +231 -0
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
[
|
|
2
2
|
{
|
|
3
|
-
"timestamp": "2026-05-
|
|
3
|
+
"timestamp": "2026-05-29T14:15:18.821Z",
|
|
4
4
|
"label": "scan",
|
|
5
|
-
"total":
|
|
5
|
+
"total": 404,
|
|
6
6
|
"critical": 0,
|
|
7
7
|
"high": 0,
|
|
8
8
|
"medium": 16,
|
|
9
|
-
"low":
|
|
9
|
+
"low": 388,
|
|
10
10
|
"kev": 0,
|
|
11
11
|
"ids": [
|
|
12
12
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -232,6 +232,8 @@
|
|
|
232
232
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
233
233
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
234
234
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
235
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
236
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
235
237
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
236
238
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
237
239
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -414,13 +416,13 @@
|
|
|
414
416
|
]
|
|
415
417
|
},
|
|
416
418
|
{
|
|
417
|
-
"timestamp": "2026-05-
|
|
419
|
+
"timestamp": "2026-05-29T14:15:32.283Z",
|
|
418
420
|
"label": "scan",
|
|
419
|
-
"total":
|
|
421
|
+
"total": 404,
|
|
420
422
|
"critical": 0,
|
|
421
423
|
"high": 0,
|
|
422
424
|
"medium": 16,
|
|
423
|
-
"low":
|
|
425
|
+
"low": 388,
|
|
424
426
|
"kev": 0,
|
|
425
427
|
"ids": [
|
|
426
428
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -646,6 +648,8 @@
|
|
|
646
648
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
647
649
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
648
650
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
651
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
652
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
649
653
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
650
654
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
651
655
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -828,13 +832,13 @@
|
|
|
828
832
|
]
|
|
829
833
|
},
|
|
830
834
|
{
|
|
831
|
-
"timestamp": "2026-05-
|
|
835
|
+
"timestamp": "2026-05-29T14:15:42.308Z",
|
|
832
836
|
"label": "scan",
|
|
833
|
-
"total":
|
|
837
|
+
"total": 404,
|
|
834
838
|
"critical": 0,
|
|
835
839
|
"high": 0,
|
|
836
840
|
"medium": 16,
|
|
837
|
-
"low":
|
|
841
|
+
"low": 388,
|
|
838
842
|
"kev": 0,
|
|
839
843
|
"ids": [
|
|
840
844
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -1060,6 +1064,8 @@
|
|
|
1060
1064
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1061
1065
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1062
1066
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1067
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1068
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1063
1069
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1064
1070
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1065
1071
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -1242,13 +1248,13 @@
|
|
|
1242
1248
|
]
|
|
1243
1249
|
},
|
|
1244
1250
|
{
|
|
1245
|
-
"timestamp": "2026-05-29T14:
|
|
1251
|
+
"timestamp": "2026-05-29T14:27:46.340Z",
|
|
1246
1252
|
"label": "scan",
|
|
1247
|
-
"total":
|
|
1253
|
+
"total": 404,
|
|
1248
1254
|
"critical": 0,
|
|
1249
1255
|
"high": 0,
|
|
1250
1256
|
"medium": 16,
|
|
1251
|
-
"low":
|
|
1257
|
+
"low": 388,
|
|
1252
1258
|
"kev": 0,
|
|
1253
1259
|
"ids": [
|
|
1254
1260
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -1474,6 +1480,8 @@
|
|
|
1474
1480
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1475
1481
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1476
1482
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1483
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1484
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1477
1485
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1478
1486
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1479
1487
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -1656,13 +1664,13 @@
|
|
|
1656
1664
|
]
|
|
1657
1665
|
},
|
|
1658
1666
|
{
|
|
1659
|
-
"timestamp": "2026-05-29T14:
|
|
1667
|
+
"timestamp": "2026-05-29T14:27:58.240Z",
|
|
1660
1668
|
"label": "scan",
|
|
1661
|
-
"total":
|
|
1669
|
+
"total": 404,
|
|
1662
1670
|
"critical": 0,
|
|
1663
1671
|
"high": 0,
|
|
1664
1672
|
"medium": 16,
|
|
1665
|
-
"low":
|
|
1673
|
+
"low": 388,
|
|
1666
1674
|
"kev": 0,
|
|
1667
1675
|
"ids": [
|
|
1668
1676
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -1888,6 +1896,8 @@
|
|
|
1888
1896
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1889
1897
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1890
1898
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1899
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1900
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1891
1901
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1892
1902
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
1893
1903
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -2070,13 +2080,13 @@
|
|
|
2070
2080
|
]
|
|
2071
2081
|
},
|
|
2072
2082
|
{
|
|
2073
|
-
"timestamp": "2026-05-
|
|
2083
|
+
"timestamp": "2026-05-29T15:10:18.741Z",
|
|
2074
2084
|
"label": "scan",
|
|
2075
|
-
"total":
|
|
2085
|
+
"total": 405,
|
|
2076
2086
|
"critical": 0,
|
|
2077
2087
|
"high": 0,
|
|
2078
2088
|
"medium": 16,
|
|
2079
|
-
"low":
|
|
2089
|
+
"low": 389,
|
|
2080
2090
|
"kev": 0,
|
|
2081
2091
|
"ids": [
|
|
2082
2092
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -2094,6 +2104,7 @@
|
|
|
2094
2104
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
2095
2105
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2096
2106
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2107
|
+
"prompt-tpl:sast/k8s-admission.js:140:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2097
2108
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2098
2109
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
2099
2110
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -2302,6 +2313,8 @@
|
|
|
2302
2313
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2303
2314
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2304
2315
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2316
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2317
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2305
2318
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2306
2319
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2307
2320
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -2484,13 +2497,13 @@
|
|
|
2484
2497
|
]
|
|
2485
2498
|
},
|
|
2486
2499
|
{
|
|
2487
|
-
"timestamp": "2026-05-
|
|
2500
|
+
"timestamp": "2026-05-29T15:10:30.246Z",
|
|
2488
2501
|
"label": "scan",
|
|
2489
|
-
"total":
|
|
2502
|
+
"total": 405,
|
|
2490
2503
|
"critical": 0,
|
|
2491
2504
|
"high": 0,
|
|
2492
2505
|
"medium": 16,
|
|
2493
|
-
"low":
|
|
2506
|
+
"low": 389,
|
|
2494
2507
|
"kev": 0,
|
|
2495
2508
|
"ids": [
|
|
2496
2509
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -2508,6 +2521,7 @@
|
|
|
2508
2521
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
2509
2522
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2510
2523
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2524
|
+
"prompt-tpl:sast/k8s-admission.js:140:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2511
2525
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2512
2526
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
2513
2527
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -2716,6 +2730,8 @@
|
|
|
2716
2730
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2717
2731
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2718
2732
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2733
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2734
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2719
2735
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2720
2736
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
2721
2737
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -2898,13 +2914,13 @@
|
|
|
2898
2914
|
]
|
|
2899
2915
|
},
|
|
2900
2916
|
{
|
|
2901
|
-
"timestamp": "2026-05-
|
|
2917
|
+
"timestamp": "2026-05-29T15:48:35.140Z",
|
|
2902
2918
|
"label": "scan",
|
|
2903
|
-
"total":
|
|
2919
|
+
"total": 410,
|
|
2904
2920
|
"critical": 0,
|
|
2905
2921
|
"high": 0,
|
|
2906
2922
|
"medium": 16,
|
|
2907
|
-
"low":
|
|
2923
|
+
"low": 394,
|
|
2908
2924
|
"kev": 0,
|
|
2909
2925
|
"ids": [
|
|
2910
2926
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -2922,6 +2938,7 @@
|
|
|
2922
2938
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
2923
2939
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2924
2940
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2941
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2925
2942
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
2926
2943
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
2927
2944
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -3120,6 +3137,10 @@
|
|
|
3120
3137
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3121
3138
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3122
3139
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3140
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3141
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3142
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3143
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3123
3144
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3124
3145
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3125
3146
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -3130,6 +3151,8 @@
|
|
|
3130
3151
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3131
3152
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3132
3153
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3154
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3155
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3133
3156
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3134
3157
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3135
3158
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -3278,6 +3301,7 @@
|
|
|
3278
3301
|
"toctou-fs:posture/integrity.js:43",
|
|
3279
3302
|
"toctou-fs:posture/integrity.js:77",
|
|
3280
3303
|
"toctou-fs:posture/learning.js:30",
|
|
3304
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
3281
3305
|
"toctou-fs:posture/license-policy.js:30",
|
|
3282
3306
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
3283
3307
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -3312,13 +3336,13 @@
|
|
|
3312
3336
|
]
|
|
3313
3337
|
},
|
|
3314
3338
|
{
|
|
3315
|
-
"timestamp": "2026-05-
|
|
3339
|
+
"timestamp": "2026-05-29T15:48:45.713Z",
|
|
3316
3340
|
"label": "scan",
|
|
3317
|
-
"total":
|
|
3341
|
+
"total": 410,
|
|
3318
3342
|
"critical": 0,
|
|
3319
3343
|
"high": 0,
|
|
3320
3344
|
"medium": 16,
|
|
3321
|
-
"low":
|
|
3345
|
+
"low": 394,
|
|
3322
3346
|
"kev": 0,
|
|
3323
3347
|
"ids": [
|
|
3324
3348
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -3336,6 +3360,7 @@
|
|
|
3336
3360
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
3337
3361
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
3338
3362
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
3363
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
3339
3364
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
3340
3365
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
3341
3366
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -3534,6 +3559,10 @@
|
|
|
3534
3559
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3535
3560
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3536
3561
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3562
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3563
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3564
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3565
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3537
3566
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3538
3567
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3539
3568
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -3544,6 +3573,8 @@
|
|
|
3544
3573
|
"struct:posture/policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3545
3574
|
"struct:posture/policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3546
3575
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3576
|
+
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3577
|
+
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3547
3578
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3548
3579
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3549
3580
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -3692,6 +3723,7 @@
|
|
|
3692
3723
|
"toctou-fs:posture/integrity.js:43",
|
|
3693
3724
|
"toctou-fs:posture/integrity.js:77",
|
|
3694
3725
|
"toctou-fs:posture/learning.js:30",
|
|
3726
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
3695
3727
|
"toctou-fs:posture/license-policy.js:30",
|
|
3696
3728
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
3697
3729
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -3726,13 +3758,13 @@
|
|
|
3726
3758
|
]
|
|
3727
3759
|
},
|
|
3728
3760
|
{
|
|
3729
|
-
"timestamp": "2026-05-
|
|
3761
|
+
"timestamp": "2026-05-29T15:49:01.447Z",
|
|
3730
3762
|
"label": "scan",
|
|
3731
|
-
"total":
|
|
3763
|
+
"total": 410,
|
|
3732
3764
|
"critical": 0,
|
|
3733
3765
|
"high": 0,
|
|
3734
3766
|
"medium": 16,
|
|
3735
|
-
"low":
|
|
3767
|
+
"low": 394,
|
|
3736
3768
|
"kev": 0,
|
|
3737
3769
|
"ids": [
|
|
3738
3770
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -3750,6 +3782,7 @@
|
|
|
3750
3782
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
3751
3783
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
3752
3784
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
3785
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
3753
3786
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
3754
3787
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
3755
3788
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -3948,6 +3981,10 @@
|
|
|
3948
3981
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3949
3982
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3950
3983
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3984
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3985
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3986
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3987
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3951
3988
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3952
3989
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
3953
3990
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -4108,6 +4145,7 @@
|
|
|
4108
4145
|
"toctou-fs:posture/integrity.js:43",
|
|
4109
4146
|
"toctou-fs:posture/integrity.js:77",
|
|
4110
4147
|
"toctou-fs:posture/learning.js:30",
|
|
4148
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
4111
4149
|
"toctou-fs:posture/license-policy.js:30",
|
|
4112
4150
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
4113
4151
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -4142,13 +4180,13 @@
|
|
|
4142
4180
|
]
|
|
4143
4181
|
},
|
|
4144
4182
|
{
|
|
4145
|
-
"timestamp": "2026-05-
|
|
4183
|
+
"timestamp": "2026-05-29T15:49:12.382Z",
|
|
4146
4184
|
"label": "scan",
|
|
4147
|
-
"total":
|
|
4185
|
+
"total": 410,
|
|
4148
4186
|
"critical": 0,
|
|
4149
4187
|
"high": 0,
|
|
4150
4188
|
"medium": 16,
|
|
4151
|
-
"low":
|
|
4189
|
+
"low": 394,
|
|
4152
4190
|
"kev": 0,
|
|
4153
4191
|
"ids": [
|
|
4154
4192
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -4166,6 +4204,7 @@
|
|
|
4166
4204
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
4167
4205
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
4168
4206
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
4207
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
4169
4208
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
4170
4209
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
4171
4210
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -4364,6 +4403,10 @@
|
|
|
4364
4403
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4365
4404
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4366
4405
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4406
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4407
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4408
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4409
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4367
4410
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4368
4411
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4369
4412
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -4524,6 +4567,7 @@
|
|
|
4524
4567
|
"toctou-fs:posture/integrity.js:43",
|
|
4525
4568
|
"toctou-fs:posture/integrity.js:77",
|
|
4526
4569
|
"toctou-fs:posture/learning.js:30",
|
|
4570
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
4527
4571
|
"toctou-fs:posture/license-policy.js:30",
|
|
4528
4572
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
4529
4573
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -4558,16 +4602,18 @@
|
|
|
4558
4602
|
]
|
|
4559
4603
|
},
|
|
4560
4604
|
{
|
|
4561
|
-
"timestamp": "2026-05-
|
|
4605
|
+
"timestamp": "2026-05-29T16:09:55.600Z",
|
|
4562
4606
|
"label": "scan",
|
|
4563
|
-
"total":
|
|
4607
|
+
"total": 412,
|
|
4564
4608
|
"critical": 0,
|
|
4565
4609
|
"high": 0,
|
|
4566
4610
|
"medium": 16,
|
|
4567
|
-
"low":
|
|
4611
|
+
"low": 396,
|
|
4568
4612
|
"kev": 0,
|
|
4569
4613
|
"ids": [
|
|
4570
4614
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
4615
|
+
"authz:sast/crypto-protocol.js:329:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
4616
|
+
"authz:sast/crypto-protocol.js:330:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
4571
4617
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
4572
4618
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
4573
4619
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -4582,6 +4628,7 @@
|
|
|
4582
4628
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
4583
4629
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
4584
4630
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
4631
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
4585
4632
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
4586
4633
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
4587
4634
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -4780,6 +4827,10 @@
|
|
|
4780
4827
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4781
4828
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4782
4829
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4830
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4831
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4832
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4833
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4783
4834
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4784
4835
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
4785
4836
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -4940,6 +4991,7 @@
|
|
|
4940
4991
|
"toctou-fs:posture/integrity.js:43",
|
|
4941
4992
|
"toctou-fs:posture/integrity.js:77",
|
|
4942
4993
|
"toctou-fs:posture/learning.js:30",
|
|
4994
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
4943
4995
|
"toctou-fs:posture/license-policy.js:30",
|
|
4944
4996
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
4945
4997
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -4974,16 +5026,18 @@
|
|
|
4974
5026
|
]
|
|
4975
5027
|
},
|
|
4976
5028
|
{
|
|
4977
|
-
"timestamp": "2026-05-
|
|
5029
|
+
"timestamp": "2026-05-29T16:10:06.004Z",
|
|
4978
5030
|
"label": "scan",
|
|
4979
|
-
"total":
|
|
5031
|
+
"total": 412,
|
|
4980
5032
|
"critical": 0,
|
|
4981
5033
|
"high": 0,
|
|
4982
5034
|
"medium": 16,
|
|
4983
|
-
"low":
|
|
5035
|
+
"low": 396,
|
|
4984
5036
|
"kev": 0,
|
|
4985
5037
|
"ids": [
|
|
4986
5038
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
5039
|
+
"authz:sast/crypto-protocol.js:329:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
5040
|
+
"authz:sast/crypto-protocol.js:330:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
4987
5041
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
4988
5042
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
4989
5043
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -4998,6 +5052,7 @@
|
|
|
4998
5052
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
4999
5053
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5000
5054
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5055
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5001
5056
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5002
5057
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
5003
5058
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -5196,6 +5251,10 @@
|
|
|
5196
5251
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5197
5252
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5198
5253
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5254
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5255
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5256
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5257
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5199
5258
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5200
5259
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5201
5260
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -5356,6 +5415,7 @@
|
|
|
5356
5415
|
"toctou-fs:posture/integrity.js:43",
|
|
5357
5416
|
"toctou-fs:posture/integrity.js:77",
|
|
5358
5417
|
"toctou-fs:posture/learning.js:30",
|
|
5418
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
5359
5419
|
"toctou-fs:posture/license-policy.js:30",
|
|
5360
5420
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
5361
5421
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -5390,16 +5450,18 @@
|
|
|
5390
5450
|
]
|
|
5391
5451
|
},
|
|
5392
5452
|
{
|
|
5393
|
-
"timestamp": "2026-05-
|
|
5453
|
+
"timestamp": "2026-05-29T16:32:20.744Z",
|
|
5394
5454
|
"label": "scan",
|
|
5395
|
-
"total":
|
|
5455
|
+
"total": 412,
|
|
5396
5456
|
"critical": 0,
|
|
5397
5457
|
"high": 0,
|
|
5398
5458
|
"medium": 16,
|
|
5399
|
-
"low":
|
|
5459
|
+
"low": 396,
|
|
5400
5460
|
"kev": 0,
|
|
5401
5461
|
"ids": [
|
|
5402
5462
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
5463
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
5464
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
5403
5465
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
5404
5466
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
5405
5467
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -5414,6 +5476,7 @@
|
|
|
5414
5476
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
5415
5477
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5416
5478
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5479
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5417
5480
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5418
5481
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
5419
5482
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -5612,6 +5675,10 @@
|
|
|
5612
5675
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5613
5676
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5614
5677
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5678
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5679
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5680
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5681
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5615
5682
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5616
5683
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
5617
5684
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -5772,6 +5839,7 @@
|
|
|
5772
5839
|
"toctou-fs:posture/integrity.js:43",
|
|
5773
5840
|
"toctou-fs:posture/integrity.js:77",
|
|
5774
5841
|
"toctou-fs:posture/learning.js:30",
|
|
5842
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
5775
5843
|
"toctou-fs:posture/license-policy.js:30",
|
|
5776
5844
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
5777
5845
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -5806,16 +5874,18 @@
|
|
|
5806
5874
|
]
|
|
5807
5875
|
},
|
|
5808
5876
|
{
|
|
5809
|
-
"timestamp": "2026-05-
|
|
5877
|
+
"timestamp": "2026-05-29T16:32:31.511Z",
|
|
5810
5878
|
"label": "scan",
|
|
5811
|
-
"total":
|
|
5879
|
+
"total": 412,
|
|
5812
5880
|
"critical": 0,
|
|
5813
5881
|
"high": 0,
|
|
5814
5882
|
"medium": 16,
|
|
5815
|
-
"low":
|
|
5883
|
+
"low": 396,
|
|
5816
5884
|
"kev": 0,
|
|
5817
5885
|
"ids": [
|
|
5818
5886
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
5887
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
5888
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
5819
5889
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
5820
5890
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
5821
5891
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -5830,6 +5900,7 @@
|
|
|
5830
5900
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
5831
5901
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5832
5902
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5903
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5833
5904
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
5834
5905
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
5835
5906
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -6028,6 +6099,10 @@
|
|
|
6028
6099
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6029
6100
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6030
6101
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6102
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6103
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6104
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6105
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6031
6106
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6032
6107
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6033
6108
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -6188,6 +6263,7 @@
|
|
|
6188
6263
|
"toctou-fs:posture/integrity.js:43",
|
|
6189
6264
|
"toctou-fs:posture/integrity.js:77",
|
|
6190
6265
|
"toctou-fs:posture/learning.js:30",
|
|
6266
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
6191
6267
|
"toctou-fs:posture/license-policy.js:30",
|
|
6192
6268
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
6193
6269
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -6222,16 +6298,18 @@
|
|
|
6222
6298
|
]
|
|
6223
6299
|
},
|
|
6224
6300
|
{
|
|
6225
|
-
"timestamp": "2026-05-
|
|
6301
|
+
"timestamp": "2026-05-29T16:39:10.545Z",
|
|
6226
6302
|
"label": "scan",
|
|
6227
|
-
"total":
|
|
6303
|
+
"total": 412,
|
|
6228
6304
|
"critical": 0,
|
|
6229
6305
|
"high": 0,
|
|
6230
6306
|
"medium": 16,
|
|
6231
|
-
"low":
|
|
6307
|
+
"low": 396,
|
|
6232
6308
|
"kev": 0,
|
|
6233
6309
|
"ids": [
|
|
6234
6310
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
6311
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
6312
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
6235
6313
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
6236
6314
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
6237
6315
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -6246,7 +6324,7 @@
|
|
|
6246
6324
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
6247
6325
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
6248
6326
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
6249
|
-
"prompt-tpl:sast/k8s-admission.js:
|
|
6327
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
6250
6328
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
6251
6329
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
6252
6330
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -6445,6 +6523,10 @@
|
|
|
6445
6523
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6446
6524
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6447
6525
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6526
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6527
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6528
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6529
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6448
6530
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6449
6531
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6450
6532
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -6605,6 +6687,7 @@
|
|
|
6605
6687
|
"toctou-fs:posture/integrity.js:43",
|
|
6606
6688
|
"toctou-fs:posture/integrity.js:77",
|
|
6607
6689
|
"toctou-fs:posture/learning.js:30",
|
|
6690
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
6608
6691
|
"toctou-fs:posture/license-policy.js:30",
|
|
6609
6692
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
6610
6693
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -6639,16 +6722,18 @@
|
|
|
6639
6722
|
]
|
|
6640
6723
|
},
|
|
6641
6724
|
{
|
|
6642
|
-
"timestamp": "2026-05-
|
|
6725
|
+
"timestamp": "2026-05-29T16:39:34.432Z",
|
|
6643
6726
|
"label": "scan",
|
|
6644
|
-
"total":
|
|
6727
|
+
"total": 412,
|
|
6645
6728
|
"critical": 0,
|
|
6646
6729
|
"high": 0,
|
|
6647
6730
|
"medium": 16,
|
|
6648
|
-
"low":
|
|
6731
|
+
"low": 396,
|
|
6649
6732
|
"kev": 0,
|
|
6650
6733
|
"ids": [
|
|
6651
6734
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
6735
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
6736
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
6652
6737
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
6653
6738
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
6654
6739
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -6663,7 +6748,7 @@
|
|
|
6663
6748
|
"prompt-firewall:MISSING_MAX_TOKENS:posture/aibom.js:31",
|
|
6664
6749
|
"prompt-tpl:llm-validator/index.js:58:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
6665
6750
|
"prompt-tpl:posture/llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
6666
|
-
"prompt-tpl:sast/k8s-admission.js:
|
|
6751
|
+
"prompt-tpl:sast/k8s-admission.js:139:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
6667
6752
|
"prompt-tpl:sast/llm-owasp.js:125:Prompt_Template__user_input_interpolated_into_prompt_string_",
|
|
6668
6753
|
"prototype-pollution-direct:posture/adversarial-self-test.js:60",
|
|
6669
6754
|
"spec-drift:rate-limit-impl:sast/rate-limit.js:34",
|
|
@@ -6862,6 +6947,10 @@
|
|
|
6862
6947
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6863
6948
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6864
6949
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6950
|
+
"struct:posture/license-attributions.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6951
|
+
"struct:posture/license-attributions.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6952
|
+
"struct:posture/license-graph.js:227:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6953
|
+
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6865
6954
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6866
6955
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
6867
6956
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -7022,6 +7111,7 @@
|
|
|
7022
7111
|
"toctou-fs:posture/integrity.js:43",
|
|
7023
7112
|
"toctou-fs:posture/integrity.js:77",
|
|
7024
7113
|
"toctou-fs:posture/learning.js:30",
|
|
7114
|
+
"toctou-fs:posture/license-graph.js:227",
|
|
7025
7115
|
"toctou-fs:posture/license-policy.js:30",
|
|
7026
7116
|
"toctou-fs:posture/network-policy-import.js:85",
|
|
7027
7117
|
"toctou-fs:posture/policy-gate.js:154",
|
|
@@ -7056,16 +7146,18 @@
|
|
|
7056
7146
|
]
|
|
7057
7147
|
},
|
|
7058
7148
|
{
|
|
7059
|
-
"timestamp": "2026-05-
|
|
7149
|
+
"timestamp": "2026-05-29T16:39:46.289Z",
|
|
7060
7150
|
"label": "scan",
|
|
7061
|
-
"total":
|
|
7151
|
+
"total": 412,
|
|
7062
7152
|
"critical": 0,
|
|
7063
7153
|
"high": 0,
|
|
7064
7154
|
"medium": 16,
|
|
7065
|
-
"low":
|
|
7155
|
+
"low": 396,
|
|
7066
7156
|
"kev": 0,
|
|
7067
7157
|
"ids": [
|
|
7068
7158
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
7159
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
7160
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
7069
7161
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
7070
7162
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
7071
7163
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -7478,16 +7570,18 @@
|
|
|
7478
7570
|
]
|
|
7479
7571
|
},
|
|
7480
7572
|
{
|
|
7481
|
-
"timestamp": "2026-05-
|
|
7573
|
+
"timestamp": "2026-05-29T16:39:58.515Z",
|
|
7482
7574
|
"label": "scan",
|
|
7483
|
-
"total":
|
|
7575
|
+
"total": 412,
|
|
7484
7576
|
"critical": 0,
|
|
7485
7577
|
"high": 0,
|
|
7486
7578
|
"medium": 16,
|
|
7487
|
-
"low":
|
|
7579
|
+
"low": 396,
|
|
7488
7580
|
"kev": 0,
|
|
7489
7581
|
"ids": [
|
|
7490
7582
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
7583
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
7584
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
7491
7585
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
7492
7586
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
7493
7587
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -7900,16 +7994,18 @@
|
|
|
7900
7994
|
]
|
|
7901
7995
|
},
|
|
7902
7996
|
{
|
|
7903
|
-
"timestamp": "2026-05-
|
|
7997
|
+
"timestamp": "2026-05-29T16:40:09.881Z",
|
|
7904
7998
|
"label": "scan",
|
|
7905
|
-
"total":
|
|
7999
|
+
"total": 412,
|
|
7906
8000
|
"critical": 0,
|
|
7907
8001
|
"high": 0,
|
|
7908
8002
|
"medium": 16,
|
|
7909
|
-
"low":
|
|
8003
|
+
"low": 396,
|
|
7910
8004
|
"kev": 0,
|
|
7911
8005
|
"ids": [
|
|
7912
8006
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
8007
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
8008
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
7913
8009
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
7914
8010
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
7915
8011
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -8322,16 +8418,18 @@
|
|
|
8322
8418
|
]
|
|
8323
8419
|
},
|
|
8324
8420
|
{
|
|
8325
|
-
"timestamp": "2026-05-
|
|
8421
|
+
"timestamp": "2026-05-29T20:12:08.077Z",
|
|
8326
8422
|
"label": "scan",
|
|
8327
|
-
"total":
|
|
8423
|
+
"total": 417,
|
|
8328
8424
|
"critical": 0,
|
|
8329
8425
|
"high": 0,
|
|
8330
8426
|
"medium": 16,
|
|
8331
|
-
"low":
|
|
8427
|
+
"low": 401,
|
|
8332
8428
|
"kev": 0,
|
|
8333
8429
|
"ids": [
|
|
8334
8430
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
8431
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
8432
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
8335
8433
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
8336
8434
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
8337
8435
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -8373,7 +8471,7 @@
|
|
|
8373
8471
|
"state-machine:posture/fix-history.js:325:applied",
|
|
8374
8472
|
"state-machine:posture/fix-history.js:330:failed",
|
|
8375
8473
|
"state-machine:posture/fix-history.js:335:failed",
|
|
8376
|
-
"state-machine:posture/triage.js:
|
|
8474
|
+
"state-machine:posture/triage.js:67:fixed",
|
|
8377
8475
|
"state-machine:sast/logic.js:29:completed",
|
|
8378
8476
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8379
8477
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -8626,8 +8724,12 @@
|
|
|
8626
8724
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8627
8725
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8628
8726
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8629
|
-
"struct:posture/triage.js:
|
|
8727
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8728
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8729
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8730
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8630
8731
|
"struct:posture/triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8732
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8631
8733
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8632
8734
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8633
8735
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -8730,7 +8832,8 @@
|
|
|
8730
8832
|
"toctou-fs:posture/suppressions.js:24",
|
|
8731
8833
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
8732
8834
|
"toctou-fs:posture/triage-learning.js:49",
|
|
8733
|
-
"toctou-fs:posture/triage.js:
|
|
8835
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
8836
|
+
"toctou-fs:posture/triage.js:19",
|
|
8734
8837
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
8735
8838
|
"toctou-fs:posture/verifier-target.js:66",
|
|
8736
8839
|
"toctou-fs:posture/version.js:43",
|
|
@@ -8744,18 +8847,18 @@
|
|
|
8744
8847
|
]
|
|
8745
8848
|
},
|
|
8746
8849
|
{
|
|
8747
|
-
"timestamp": "2026-05-
|
|
8850
|
+
"timestamp": "2026-05-29T20:12:23.579Z",
|
|
8748
8851
|
"label": "scan",
|
|
8749
|
-
"total":
|
|
8852
|
+
"total": 417,
|
|
8750
8853
|
"critical": 0,
|
|
8751
8854
|
"high": 0,
|
|
8752
8855
|
"medium": 16,
|
|
8753
|
-
"low":
|
|
8856
|
+
"low": 401,
|
|
8754
8857
|
"kev": 0,
|
|
8755
8858
|
"ids": [
|
|
8756
8859
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
8757
|
-
"authz:sast/crypto-protocol.js:
|
|
8758
|
-
"authz:sast/crypto-protocol.js:
|
|
8860
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
8861
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
8759
8862
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
8760
8863
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
8761
8864
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -8797,7 +8900,7 @@
|
|
|
8797
8900
|
"state-machine:posture/fix-history.js:325:applied",
|
|
8798
8901
|
"state-machine:posture/fix-history.js:330:failed",
|
|
8799
8902
|
"state-machine:posture/fix-history.js:335:failed",
|
|
8800
|
-
"state-machine:posture/triage.js:
|
|
8903
|
+
"state-machine:posture/triage.js:67:fixed",
|
|
8801
8904
|
"state-machine:sast/logic.js:29:completed",
|
|
8802
8905
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
8803
8906
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9050,8 +9153,12 @@
|
|
|
9050
9153
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9051
9154
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9052
9155
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9053
|
-
"struct:posture/triage.js:
|
|
9156
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9157
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9158
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9159
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9054
9160
|
"struct:posture/triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9161
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9055
9162
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9056
9163
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9057
9164
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9154,7 +9261,8 @@
|
|
|
9154
9261
|
"toctou-fs:posture/suppressions.js:24",
|
|
9155
9262
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
9156
9263
|
"toctou-fs:posture/triage-learning.js:49",
|
|
9157
|
-
"toctou-fs:posture/triage.js:
|
|
9264
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
9265
|
+
"toctou-fs:posture/triage.js:19",
|
|
9158
9266
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
9159
9267
|
"toctou-fs:posture/verifier-target.js:66",
|
|
9160
9268
|
"toctou-fs:posture/version.js:43",
|
|
@@ -9168,18 +9276,18 @@
|
|
|
9168
9276
|
]
|
|
9169
9277
|
},
|
|
9170
9278
|
{
|
|
9171
|
-
"timestamp": "2026-05-
|
|
9279
|
+
"timestamp": "2026-05-29T20:34:48.245Z",
|
|
9172
9280
|
"label": "scan",
|
|
9173
|
-
"total":
|
|
9281
|
+
"total": 427,
|
|
9174
9282
|
"critical": 0,
|
|
9175
9283
|
"high": 0,
|
|
9176
9284
|
"medium": 16,
|
|
9177
|
-
"low":
|
|
9285
|
+
"low": 411,
|
|
9178
9286
|
"kev": 0,
|
|
9179
9287
|
"ids": [
|
|
9180
9288
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
9181
|
-
"authz:sast/crypto-protocol.js:
|
|
9182
|
-
"authz:sast/crypto-protocol.js:
|
|
9289
|
+
"authz:sast/crypto-protocol.js:332:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
9290
|
+
"authz:sast/crypto-protocol.js:333:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
9183
9291
|
"client-side:CLIENT_EVAL:sast/client-side.js:135",
|
|
9184
9292
|
"client-side:CLIENT_EVAL:sast/client-side.js:139",
|
|
9185
9293
|
"client-side:CLIENT_EVAL:sast/client-side.js:140",
|
|
@@ -9221,7 +9329,7 @@
|
|
|
9221
9329
|
"state-machine:posture/fix-history.js:325:applied",
|
|
9222
9330
|
"state-machine:posture/fix-history.js:330:failed",
|
|
9223
9331
|
"state-machine:posture/fix-history.js:335:failed",
|
|
9224
|
-
"state-machine:posture/triage.js:
|
|
9332
|
+
"state-machine:posture/triage.js:67:fixed",
|
|
9225
9333
|
"state-machine:sast/logic.js:29:completed",
|
|
9226
9334
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9227
9335
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9368,6 +9476,10 @@
|
|
|
9368
9476
|
"struct:posture/federated-learning.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9369
9477
|
"struct:posture/federated-learning.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9370
9478
|
"struct:posture/federated-learning.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9479
|
+
"struct:posture/findings-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9480
|
+
"struct:posture/findings-memory.js:104:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9481
|
+
"struct:posture/findings-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9482
|
+
"struct:posture/findings-memory.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9371
9483
|
"struct:posture/fix-history.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9372
9484
|
"struct:posture/fix-history.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9373
9485
|
"struct:posture/fix-history.js:354:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9390,6 +9502,9 @@
|
|
|
9390
9502
|
"struct:posture/integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9391
9503
|
"struct:posture/integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9392
9504
|
"struct:posture/integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
|
|
9505
|
+
"struct:posture/intent-context.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9506
|
+
"struct:posture/intent-context.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9507
|
+
"struct:posture/intent-context.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9393
9508
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9394
9509
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9395
9510
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9409,6 +9524,9 @@
|
|
|
9409
9524
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9410
9525
|
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9411
9526
|
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9527
|
+
"struct:posture/pr-augment.js:113:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9528
|
+
"struct:posture/pr-augment.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9529
|
+
"struct:posture/pr-augment.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9412
9530
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9413
9531
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9414
9532
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9474,8 +9592,12 @@
|
|
|
9474
9592
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9475
9593
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9476
9594
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9477
|
-
"struct:posture/triage.js:
|
|
9595
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9596
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9597
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9598
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9478
9599
|
"struct:posture/triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9600
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9479
9601
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9480
9602
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9481
9603
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9578,7 +9700,8 @@
|
|
|
9578
9700
|
"toctou-fs:posture/suppressions.js:24",
|
|
9579
9701
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
9580
9702
|
"toctou-fs:posture/triage-learning.js:49",
|
|
9581
|
-
"toctou-fs:posture/triage.js:
|
|
9703
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
9704
|
+
"toctou-fs:posture/triage.js:19",
|
|
9582
9705
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
9583
9706
|
"toctou-fs:posture/verifier-target.js:66",
|
|
9584
9707
|
"toctou-fs:posture/version.js:43",
|
|
@@ -9592,13 +9715,13 @@
|
|
|
9592
9715
|
]
|
|
9593
9716
|
},
|
|
9594
9717
|
{
|
|
9595
|
-
"timestamp": "2026-05-
|
|
9718
|
+
"timestamp": "2026-05-29T20:35:03.426Z",
|
|
9596
9719
|
"label": "scan",
|
|
9597
|
-
"total":
|
|
9720
|
+
"total": 427,
|
|
9598
9721
|
"critical": 0,
|
|
9599
9722
|
"high": 0,
|
|
9600
9723
|
"medium": 16,
|
|
9601
|
-
"low":
|
|
9724
|
+
"low": 411,
|
|
9602
9725
|
"kev": 0,
|
|
9603
9726
|
"ids": [
|
|
9604
9727
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -9645,7 +9768,7 @@
|
|
|
9645
9768
|
"state-machine:posture/fix-history.js:325:applied",
|
|
9646
9769
|
"state-machine:posture/fix-history.js:330:failed",
|
|
9647
9770
|
"state-machine:posture/fix-history.js:335:failed",
|
|
9648
|
-
"state-machine:posture/triage.js:
|
|
9771
|
+
"state-machine:posture/triage.js:67:fixed",
|
|
9649
9772
|
"state-machine:sast/logic.js:29:completed",
|
|
9650
9773
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9651
9774
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9792,6 +9915,10 @@
|
|
|
9792
9915
|
"struct:posture/federated-learning.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9793
9916
|
"struct:posture/federated-learning.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9794
9917
|
"struct:posture/federated-learning.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9918
|
+
"struct:posture/findings-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9919
|
+
"struct:posture/findings-memory.js:104:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9920
|
+
"struct:posture/findings-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9921
|
+
"struct:posture/findings-memory.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9795
9922
|
"struct:posture/fix-history.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9796
9923
|
"struct:posture/fix-history.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9797
9924
|
"struct:posture/fix-history.js:354:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9814,6 +9941,9 @@
|
|
|
9814
9941
|
"struct:posture/integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9815
9942
|
"struct:posture/integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9816
9943
|
"struct:posture/integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
|
|
9944
|
+
"struct:posture/intent-context.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9945
|
+
"struct:posture/intent-context.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9946
|
+
"struct:posture/intent-context.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9817
9947
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9818
9948
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9819
9949
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9833,6 +9963,9 @@
|
|
|
9833
9963
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9834
9964
|
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9835
9965
|
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9966
|
+
"struct:posture/pr-augment.js:113:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9967
|
+
"struct:posture/pr-augment.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9968
|
+
"struct:posture/pr-augment.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9836
9969
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9837
9970
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9838
9971
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -9898,8 +10031,12 @@
|
|
|
9898
10031
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9899
10032
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9900
10033
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9901
|
-
"struct:posture/triage.js:
|
|
10034
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10035
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10036
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10037
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9902
10038
|
"struct:posture/triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10039
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9903
10040
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9904
10041
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
9905
10042
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10002,7 +10139,8 @@
|
|
|
10002
10139
|
"toctou-fs:posture/suppressions.js:24",
|
|
10003
10140
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
10004
10141
|
"toctou-fs:posture/triage-learning.js:49",
|
|
10005
|
-
"toctou-fs:posture/triage.js:
|
|
10142
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
10143
|
+
"toctou-fs:posture/triage.js:19",
|
|
10006
10144
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
10007
10145
|
"toctou-fs:posture/verifier-target.js:66",
|
|
10008
10146
|
"toctou-fs:posture/version.js:43",
|
|
@@ -10016,13 +10154,13 @@
|
|
|
10016
10154
|
]
|
|
10017
10155
|
},
|
|
10018
10156
|
{
|
|
10019
|
-
"timestamp": "2026-05-
|
|
10157
|
+
"timestamp": "2026-05-29T20:39:41.476Z",
|
|
10020
10158
|
"label": "scan",
|
|
10021
|
-
"total":
|
|
10159
|
+
"total": 434,
|
|
10022
10160
|
"critical": 0,
|
|
10023
10161
|
"high": 0,
|
|
10024
10162
|
"medium": 16,
|
|
10025
|
-
"low":
|
|
10163
|
+
"low": 418,
|
|
10026
10164
|
"kev": 0,
|
|
10027
10165
|
"ids": [
|
|
10028
10166
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -10069,7 +10207,7 @@
|
|
|
10069
10207
|
"state-machine:posture/fix-history.js:325:applied",
|
|
10070
10208
|
"state-machine:posture/fix-history.js:330:failed",
|
|
10071
10209
|
"state-machine:posture/fix-history.js:335:failed",
|
|
10072
|
-
"state-machine:posture/triage.js:
|
|
10210
|
+
"state-machine:posture/triage.js:67:fixed",
|
|
10073
10211
|
"state-machine:sast/logic.js:29:completed",
|
|
10074
10212
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10075
10213
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10216,6 +10354,10 @@
|
|
|
10216
10354
|
"struct:posture/federated-learning.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10217
10355
|
"struct:posture/federated-learning.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10218
10356
|
"struct:posture/federated-learning.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10357
|
+
"struct:posture/findings-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10358
|
+
"struct:posture/findings-memory.js:104:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10359
|
+
"struct:posture/findings-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10360
|
+
"struct:posture/findings-memory.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10219
10361
|
"struct:posture/fix-history.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10220
10362
|
"struct:posture/fix-history.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10221
10363
|
"struct:posture/fix-history.js:354:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10223,6 +10365,11 @@
|
|
|
10223
10365
|
"struct:posture/fix-history.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10224
10366
|
"struct:posture/fix-history.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10225
10367
|
"struct:posture/fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10368
|
+
"struct:posture/fix-style-mirror.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10369
|
+
"struct:posture/fix-style-mirror.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10370
|
+
"struct:posture/fix-style-mirror.js:62:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10371
|
+
"struct:posture/fix-style-mirror.js:97:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10372
|
+
"struct:posture/fix-style-mirror.js:99:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10226
10373
|
"struct:posture/fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10227
10374
|
"struct:posture/fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10228
10375
|
"struct:posture/fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10238,6 +10385,9 @@
|
|
|
10238
10385
|
"struct:posture/integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10239
10386
|
"struct:posture/integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10240
10387
|
"struct:posture/integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
|
|
10388
|
+
"struct:posture/intent-context.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10389
|
+
"struct:posture/intent-context.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10390
|
+
"struct:posture/intent-context.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10241
10391
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10242
10392
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10243
10393
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10257,6 +10407,9 @@
|
|
|
10257
10407
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10258
10408
|
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10259
10409
|
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10410
|
+
"struct:posture/pr-augment.js:113:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10411
|
+
"struct:posture/pr-augment.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10412
|
+
"struct:posture/pr-augment.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10260
10413
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10261
10414
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10262
10415
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10320,10 +10473,15 @@
|
|
|
10320
10473
|
"struct:posture/telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10321
10474
|
"struct:posture/threat-model-auto.js:216:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10322
10475
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10476
|
+
"struct:posture/threat-model-grounding.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10323
10477
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10324
10478
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10325
|
-
"struct:posture/triage.js:
|
|
10479
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10480
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10481
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10482
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10326
10483
|
"struct:posture/triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10484
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10327
10485
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10328
10486
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10329
10487
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10398,6 +10556,7 @@
|
|
|
10398
10556
|
"toctou-fs:posture/federated-learning.js:60",
|
|
10399
10557
|
"toctou-fs:posture/fix-history.js:31",
|
|
10400
10558
|
"toctou-fs:posture/fix-history.js:48",
|
|
10559
|
+
"toctou-fs:posture/fix-style-mirror.js:97",
|
|
10401
10560
|
"toctou-fs:posture/fix-verify-loop.js:33",
|
|
10402
10561
|
"toctou-fs:posture/grader-calibration.js:34",
|
|
10403
10562
|
"toctou-fs:posture/harness-discovery.js:39",
|
|
@@ -10426,7 +10585,8 @@
|
|
|
10426
10585
|
"toctou-fs:posture/suppressions.js:24",
|
|
10427
10586
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
10428
10587
|
"toctou-fs:posture/triage-learning.js:49",
|
|
10429
|
-
"toctou-fs:posture/triage.js:
|
|
10588
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
10589
|
+
"toctou-fs:posture/triage.js:19",
|
|
10430
10590
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
10431
10591
|
"toctou-fs:posture/verifier-target.js:66",
|
|
10432
10592
|
"toctou-fs:posture/version.js:43",
|
|
@@ -10440,13 +10600,13 @@
|
|
|
10440
10600
|
]
|
|
10441
10601
|
},
|
|
10442
10602
|
{
|
|
10443
|
-
"timestamp": "2026-05-
|
|
10603
|
+
"timestamp": "2026-05-29T20:39:57.389Z",
|
|
10444
10604
|
"label": "scan",
|
|
10445
|
-
"total":
|
|
10605
|
+
"total": 434,
|
|
10446
10606
|
"critical": 0,
|
|
10447
10607
|
"high": 0,
|
|
10448
10608
|
"medium": 16,
|
|
10449
|
-
"low":
|
|
10609
|
+
"low": 418,
|
|
10450
10610
|
"kev": 0,
|
|
10451
10611
|
"ids": [
|
|
10452
10612
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -10493,7 +10653,7 @@
|
|
|
10493
10653
|
"state-machine:posture/fix-history.js:325:applied",
|
|
10494
10654
|
"state-machine:posture/fix-history.js:330:failed",
|
|
10495
10655
|
"state-machine:posture/fix-history.js:335:failed",
|
|
10496
|
-
"state-machine:posture/triage.js:
|
|
10656
|
+
"state-machine:posture/triage.js:67:fixed",
|
|
10497
10657
|
"state-machine:sast/logic.js:29:completed",
|
|
10498
10658
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10499
10659
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10640,6 +10800,10 @@
|
|
|
10640
10800
|
"struct:posture/federated-learning.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10641
10801
|
"struct:posture/federated-learning.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10642
10802
|
"struct:posture/federated-learning.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10803
|
+
"struct:posture/findings-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10804
|
+
"struct:posture/findings-memory.js:104:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10805
|
+
"struct:posture/findings-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10806
|
+
"struct:posture/findings-memory.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10643
10807
|
"struct:posture/fix-history.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10644
10808
|
"struct:posture/fix-history.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10645
10809
|
"struct:posture/fix-history.js:354:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10647,6 +10811,11 @@
|
|
|
10647
10811
|
"struct:posture/fix-history.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10648
10812
|
"struct:posture/fix-history.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10649
10813
|
"struct:posture/fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10814
|
+
"struct:posture/fix-style-mirror.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10815
|
+
"struct:posture/fix-style-mirror.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10816
|
+
"struct:posture/fix-style-mirror.js:62:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10817
|
+
"struct:posture/fix-style-mirror.js:97:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10818
|
+
"struct:posture/fix-style-mirror.js:99:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10650
10819
|
"struct:posture/fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10651
10820
|
"struct:posture/fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10652
10821
|
"struct:posture/fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10662,6 +10831,9 @@
|
|
|
10662
10831
|
"struct:posture/integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10663
10832
|
"struct:posture/integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10664
10833
|
"struct:posture/integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
|
|
10834
|
+
"struct:posture/intent-context.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10835
|
+
"struct:posture/intent-context.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10836
|
+
"struct:posture/intent-context.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10665
10837
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10666
10838
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10667
10839
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10681,6 +10853,9 @@
|
|
|
10681
10853
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10682
10854
|
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10683
10855
|
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10856
|
+
"struct:posture/pr-augment.js:113:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10857
|
+
"struct:posture/pr-augment.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10858
|
+
"struct:posture/pr-augment.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10684
10859
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10685
10860
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10686
10861
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10744,10 +10919,15 @@
|
|
|
10744
10919
|
"struct:posture/telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10745
10920
|
"struct:posture/threat-model-auto.js:216:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10746
10921
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10922
|
+
"struct:posture/threat-model-grounding.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10747
10923
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10748
10924
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10749
|
-
"struct:posture/triage.js:
|
|
10925
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10926
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10927
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10928
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10750
10929
|
"struct:posture/triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10930
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10751
10931
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10752
10932
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10753
10933
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -10822,6 +11002,7 @@
|
|
|
10822
11002
|
"toctou-fs:posture/federated-learning.js:60",
|
|
10823
11003
|
"toctou-fs:posture/fix-history.js:31",
|
|
10824
11004
|
"toctou-fs:posture/fix-history.js:48",
|
|
11005
|
+
"toctou-fs:posture/fix-style-mirror.js:97",
|
|
10825
11006
|
"toctou-fs:posture/fix-verify-loop.js:33",
|
|
10826
11007
|
"toctou-fs:posture/grader-calibration.js:34",
|
|
10827
11008
|
"toctou-fs:posture/harness-discovery.js:39",
|
|
@@ -10850,7 +11031,8 @@
|
|
|
10850
11031
|
"toctou-fs:posture/suppressions.js:24",
|
|
10851
11032
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
10852
11033
|
"toctou-fs:posture/triage-learning.js:49",
|
|
10853
|
-
"toctou-fs:posture/triage.js:
|
|
11034
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
11035
|
+
"toctou-fs:posture/triage.js:19",
|
|
10854
11036
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
10855
11037
|
"toctou-fs:posture/verifier-target.js:66",
|
|
10856
11038
|
"toctou-fs:posture/version.js:43",
|
|
@@ -10864,13 +11046,13 @@
|
|
|
10864
11046
|
]
|
|
10865
11047
|
},
|
|
10866
11048
|
{
|
|
10867
|
-
"timestamp": "2026-05-
|
|
11049
|
+
"timestamp": "2026-05-29T22:30:00.774Z",
|
|
10868
11050
|
"label": "scan",
|
|
10869
|
-
"total":
|
|
11051
|
+
"total": 458,
|
|
10870
11052
|
"critical": 0,
|
|
10871
11053
|
"high": 0,
|
|
10872
11054
|
"medium": 16,
|
|
10873
|
-
"low":
|
|
11055
|
+
"low": 442,
|
|
10874
11056
|
"kev": 0,
|
|
10875
11057
|
"ids": [
|
|
10876
11058
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -10917,7 +11099,7 @@
|
|
|
10917
11099
|
"state-machine:posture/fix-history.js:325:applied",
|
|
10918
11100
|
"state-machine:posture/fix-history.js:330:failed",
|
|
10919
11101
|
"state-machine:posture/fix-history.js:335:failed",
|
|
10920
|
-
"state-machine:posture/triage.js:
|
|
11102
|
+
"state-machine:posture/triage.js:67:fixed",
|
|
10921
11103
|
"state-machine:sast/logic.js:29:completed",
|
|
10922
11104
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
10923
11105
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11010,6 +11192,14 @@
|
|
|
11010
11192
|
"struct:posture/agents-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11011
11193
|
"struct:posture/api-contract.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11012
11194
|
"struct:posture/api-contract.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11195
|
+
"struct:posture/auditor-walkthrough.js:164:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11196
|
+
"struct:posture/auditor-walkthrough.js:248:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11197
|
+
"struct:posture/auditor-walkthrough.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11198
|
+
"struct:posture/auditor-walkthrough.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11199
|
+
"struct:posture/auditor-walkthrough.js:56:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11200
|
+
"struct:posture/auditor-walkthrough.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11201
|
+
"struct:posture/auditor-walkthrough.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11202
|
+
"struct:posture/auditor-walkthrough.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11013
11203
|
"struct:posture/auth-posture-import.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11014
11204
|
"struct:posture/auth-posture-import.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11015
11205
|
"struct:posture/blast-radius.js:201:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11033,6 +11223,11 @@
|
|
|
11033
11223
|
"struct:posture/compliance-policy.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11034
11224
|
"struct:posture/compliance-policy.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11035
11225
|
"struct:posture/compliance-policy.js:98:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11226
|
+
"struct:posture/cross-repo-memory.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11227
|
+
"struct:posture/cross-repo-memory.js:59:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11228
|
+
"struct:posture/cross-repo-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11229
|
+
"struct:posture/cross-repo-memory.js:63:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11230
|
+
"struct:posture/cross-repo-memory.js:70:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11036
11231
|
"struct:posture/custom-rules.js:323:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11037
11232
|
"struct:posture/custom-rules.js:345:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11038
11233
|
"struct:posture/custom-rules.js:57:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11048,6 +11243,11 @@
|
|
|
11048
11243
|
"struct:posture/cve-lookup.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11049
11244
|
"struct:posture/cve-lookup.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11050
11245
|
"struct:posture/cve-lookup.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11246
|
+
"struct:posture/dep-add-guard.js:28:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11247
|
+
"struct:posture/dep-add-guard.js:29:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11248
|
+
"struct:posture/dep-add-guard.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11249
|
+
"struct:posture/dep-add-guard.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11250
|
+
"struct:posture/dep-add-guard.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11051
11251
|
"struct:posture/deploy-platform.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11052
11252
|
"struct:posture/deploy-platform.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11053
11253
|
"struct:posture/deterministic.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11064,6 +11264,10 @@
|
|
|
11064
11264
|
"struct:posture/federated-learning.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11065
11265
|
"struct:posture/federated-learning.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11066
11266
|
"struct:posture/federated-learning.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11267
|
+
"struct:posture/findings-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11268
|
+
"struct:posture/findings-memory.js:104:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11269
|
+
"struct:posture/findings-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11270
|
+
"struct:posture/findings-memory.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11067
11271
|
"struct:posture/fix-history.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11068
11272
|
"struct:posture/fix-history.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11069
11273
|
"struct:posture/fix-history.js:354:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11071,6 +11275,11 @@
|
|
|
11071
11275
|
"struct:posture/fix-history.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11072
11276
|
"struct:posture/fix-history.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11073
11277
|
"struct:posture/fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11278
|
+
"struct:posture/fix-style-mirror.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11279
|
+
"struct:posture/fix-style-mirror.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11280
|
+
"struct:posture/fix-style-mirror.js:62:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11281
|
+
"struct:posture/fix-style-mirror.js:97:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11282
|
+
"struct:posture/fix-style-mirror.js:99:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11074
11283
|
"struct:posture/fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11075
11284
|
"struct:posture/fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11076
11285
|
"struct:posture/fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11086,6 +11295,9 @@
|
|
|
11086
11295
|
"struct:posture/integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11087
11296
|
"struct:posture/integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11088
11297
|
"struct:posture/integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
|
|
11298
|
+
"struct:posture/intent-context.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11299
|
+
"struct:posture/intent-context.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11300
|
+
"struct:posture/intent-context.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11089
11301
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11090
11302
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11091
11303
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11095,6 +11307,8 @@
|
|
|
11095
11307
|
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11096
11308
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11097
11309
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11310
|
+
"struct:posture/model-rescan.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11311
|
+
"struct:posture/model-rescan.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11098
11312
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11099
11313
|
"struct:posture/network-policy-import.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11100
11314
|
"struct:posture/network-policy-import.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11105,6 +11319,9 @@
|
|
|
11105
11319
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11106
11320
|
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11107
11321
|
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11322
|
+
"struct:posture/pr-augment.js:113:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11323
|
+
"struct:posture/pr-augment.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11324
|
+
"struct:posture/pr-augment.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11108
11325
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11109
11326
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11110
11327
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11168,10 +11385,15 @@
|
|
|
11168
11385
|
"struct:posture/telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11169
11386
|
"struct:posture/threat-model-auto.js:216:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11170
11387
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11388
|
+
"struct:posture/threat-model-grounding.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11171
11389
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11172
11390
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11173
|
-
"struct:posture/triage.js:
|
|
11391
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11392
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11393
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11394
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11174
11395
|
"struct:posture/triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11396
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11175
11397
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11176
11398
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11177
11399
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11232,13 +11454,17 @@
|
|
|
11232
11454
|
"toctou-fs:posture/agents-memory.js:44",
|
|
11233
11455
|
"toctou-fs:posture/agents-memory.js:69",
|
|
11234
11456
|
"toctou-fs:posture/agents-memory.js:72",
|
|
11457
|
+
"toctou-fs:posture/auditor-walkthrough.js:60",
|
|
11235
11458
|
"toctou-fs:posture/auth-posture-import.js:53",
|
|
11236
11459
|
"toctou-fs:posture/calibration-drift.js:40",
|
|
11237
11460
|
"toctou-fs:posture/compliance-policy.js:109",
|
|
11238
11461
|
"toctou-fs:posture/compliance-policy.js:48",
|
|
11462
|
+
"toctou-fs:posture/cross-repo-memory.js:59",
|
|
11239
11463
|
"toctou-fs:posture/cve-alert-daemon.js:271",
|
|
11240
11464
|
"toctou-fs:posture/cve-alert-daemon.js:289",
|
|
11241
11465
|
"toctou-fs:posture/cve-lookup.js:32",
|
|
11466
|
+
"toctou-fs:posture/dep-add-guard.js:28",
|
|
11467
|
+
"toctou-fs:posture/dep-add-guard.js:65",
|
|
11242
11468
|
"toctou-fs:posture/deterministic.js:53",
|
|
11243
11469
|
"toctou-fs:posture/epss.js:34",
|
|
11244
11470
|
"toctou-fs:posture/exploitability-probability.js:142",
|
|
@@ -11246,6 +11472,7 @@
|
|
|
11246
11472
|
"toctou-fs:posture/federated-learning.js:60",
|
|
11247
11473
|
"toctou-fs:posture/fix-history.js:31",
|
|
11248
11474
|
"toctou-fs:posture/fix-history.js:48",
|
|
11475
|
+
"toctou-fs:posture/fix-style-mirror.js:97",
|
|
11249
11476
|
"toctou-fs:posture/fix-verify-loop.js:33",
|
|
11250
11477
|
"toctou-fs:posture/grader-calibration.js:34",
|
|
11251
11478
|
"toctou-fs:posture/harness-discovery.js:39",
|
|
@@ -11274,7 +11501,8 @@
|
|
|
11274
11501
|
"toctou-fs:posture/suppressions.js:24",
|
|
11275
11502
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
11276
11503
|
"toctou-fs:posture/triage-learning.js:49",
|
|
11277
|
-
"toctou-fs:posture/triage.js:
|
|
11504
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
11505
|
+
"toctou-fs:posture/triage.js:19",
|
|
11278
11506
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
11279
11507
|
"toctou-fs:posture/verifier-target.js:66",
|
|
11280
11508
|
"toctou-fs:posture/version.js:43",
|
|
@@ -11288,13 +11516,13 @@
|
|
|
11288
11516
|
]
|
|
11289
11517
|
},
|
|
11290
11518
|
{
|
|
11291
|
-
"timestamp": "2026-05-
|
|
11519
|
+
"timestamp": "2026-05-29T22:30:16.361Z",
|
|
11292
11520
|
"label": "scan",
|
|
11293
|
-
"total":
|
|
11521
|
+
"total": 458,
|
|
11294
11522
|
"critical": 0,
|
|
11295
11523
|
"high": 0,
|
|
11296
11524
|
"medium": 16,
|
|
11297
|
-
"low":
|
|
11525
|
+
"low": 442,
|
|
11298
11526
|
"kev": 0,
|
|
11299
11527
|
"ids": [
|
|
11300
11528
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -11341,7 +11569,7 @@
|
|
|
11341
11569
|
"state-machine:posture/fix-history.js:325:applied",
|
|
11342
11570
|
"state-machine:posture/fix-history.js:330:failed",
|
|
11343
11571
|
"state-machine:posture/fix-history.js:335:failed",
|
|
11344
|
-
"state-machine:posture/triage.js:
|
|
11572
|
+
"state-machine:posture/triage.js:67:fixed",
|
|
11345
11573
|
"state-machine:sast/logic.js:29:completed",
|
|
11346
11574
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11347
11575
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11434,6 +11662,14 @@
|
|
|
11434
11662
|
"struct:posture/agents-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11435
11663
|
"struct:posture/api-contract.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11436
11664
|
"struct:posture/api-contract.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11665
|
+
"struct:posture/auditor-walkthrough.js:164:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11666
|
+
"struct:posture/auditor-walkthrough.js:248:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11667
|
+
"struct:posture/auditor-walkthrough.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11668
|
+
"struct:posture/auditor-walkthrough.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11669
|
+
"struct:posture/auditor-walkthrough.js:56:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11670
|
+
"struct:posture/auditor-walkthrough.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11671
|
+
"struct:posture/auditor-walkthrough.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11672
|
+
"struct:posture/auditor-walkthrough.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11437
11673
|
"struct:posture/auth-posture-import.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11438
11674
|
"struct:posture/auth-posture-import.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11439
11675
|
"struct:posture/blast-radius.js:201:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11457,6 +11693,11 @@
|
|
|
11457
11693
|
"struct:posture/compliance-policy.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11458
11694
|
"struct:posture/compliance-policy.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11459
11695
|
"struct:posture/compliance-policy.js:98:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11696
|
+
"struct:posture/cross-repo-memory.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11697
|
+
"struct:posture/cross-repo-memory.js:59:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11698
|
+
"struct:posture/cross-repo-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11699
|
+
"struct:posture/cross-repo-memory.js:63:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11700
|
+
"struct:posture/cross-repo-memory.js:70:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11460
11701
|
"struct:posture/custom-rules.js:323:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11461
11702
|
"struct:posture/custom-rules.js:345:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11462
11703
|
"struct:posture/custom-rules.js:57:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11472,6 +11713,11 @@
|
|
|
11472
11713
|
"struct:posture/cve-lookup.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11473
11714
|
"struct:posture/cve-lookup.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11474
11715
|
"struct:posture/cve-lookup.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11716
|
+
"struct:posture/dep-add-guard.js:28:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11717
|
+
"struct:posture/dep-add-guard.js:29:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11718
|
+
"struct:posture/dep-add-guard.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11719
|
+
"struct:posture/dep-add-guard.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11720
|
+
"struct:posture/dep-add-guard.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11475
11721
|
"struct:posture/deploy-platform.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11476
11722
|
"struct:posture/deploy-platform.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11477
11723
|
"struct:posture/deterministic.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11488,6 +11734,10 @@
|
|
|
11488
11734
|
"struct:posture/federated-learning.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11489
11735
|
"struct:posture/federated-learning.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11490
11736
|
"struct:posture/federated-learning.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11737
|
+
"struct:posture/findings-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11738
|
+
"struct:posture/findings-memory.js:104:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11739
|
+
"struct:posture/findings-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11740
|
+
"struct:posture/findings-memory.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11491
11741
|
"struct:posture/fix-history.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11492
11742
|
"struct:posture/fix-history.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11493
11743
|
"struct:posture/fix-history.js:354:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11495,6 +11745,11 @@
|
|
|
11495
11745
|
"struct:posture/fix-history.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11496
11746
|
"struct:posture/fix-history.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11497
11747
|
"struct:posture/fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11748
|
+
"struct:posture/fix-style-mirror.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11749
|
+
"struct:posture/fix-style-mirror.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11750
|
+
"struct:posture/fix-style-mirror.js:62:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11751
|
+
"struct:posture/fix-style-mirror.js:97:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11752
|
+
"struct:posture/fix-style-mirror.js:99:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11498
11753
|
"struct:posture/fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11499
11754
|
"struct:posture/fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11500
11755
|
"struct:posture/fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11510,6 +11765,9 @@
|
|
|
11510
11765
|
"struct:posture/integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11511
11766
|
"struct:posture/integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11512
11767
|
"struct:posture/integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
|
|
11768
|
+
"struct:posture/intent-context.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11769
|
+
"struct:posture/intent-context.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11770
|
+
"struct:posture/intent-context.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11513
11771
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11514
11772
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11515
11773
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11519,6 +11777,8 @@
|
|
|
11519
11777
|
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11520
11778
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11521
11779
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11780
|
+
"struct:posture/model-rescan.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11781
|
+
"struct:posture/model-rescan.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11522
11782
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11523
11783
|
"struct:posture/network-policy-import.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11524
11784
|
"struct:posture/network-policy-import.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11529,6 +11789,9 @@
|
|
|
11529
11789
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11530
11790
|
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11531
11791
|
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11792
|
+
"struct:posture/pr-augment.js:113:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11793
|
+
"struct:posture/pr-augment.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11794
|
+
"struct:posture/pr-augment.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11532
11795
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11533
11796
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11534
11797
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11592,10 +11855,15 @@
|
|
|
11592
11855
|
"struct:posture/telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11593
11856
|
"struct:posture/threat-model-auto.js:216:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11594
11857
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11858
|
+
"struct:posture/threat-model-grounding.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11595
11859
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11596
11860
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11597
|
-
"struct:posture/triage.js:
|
|
11861
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11862
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11863
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11864
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11598
11865
|
"struct:posture/triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11866
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11599
11867
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11600
11868
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11601
11869
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11656,13 +11924,17 @@
|
|
|
11656
11924
|
"toctou-fs:posture/agents-memory.js:44",
|
|
11657
11925
|
"toctou-fs:posture/agents-memory.js:69",
|
|
11658
11926
|
"toctou-fs:posture/agents-memory.js:72",
|
|
11927
|
+
"toctou-fs:posture/auditor-walkthrough.js:60",
|
|
11659
11928
|
"toctou-fs:posture/auth-posture-import.js:53",
|
|
11660
11929
|
"toctou-fs:posture/calibration-drift.js:40",
|
|
11661
11930
|
"toctou-fs:posture/compliance-policy.js:109",
|
|
11662
11931
|
"toctou-fs:posture/compliance-policy.js:48",
|
|
11932
|
+
"toctou-fs:posture/cross-repo-memory.js:59",
|
|
11663
11933
|
"toctou-fs:posture/cve-alert-daemon.js:271",
|
|
11664
11934
|
"toctou-fs:posture/cve-alert-daemon.js:289",
|
|
11665
11935
|
"toctou-fs:posture/cve-lookup.js:32",
|
|
11936
|
+
"toctou-fs:posture/dep-add-guard.js:28",
|
|
11937
|
+
"toctou-fs:posture/dep-add-guard.js:65",
|
|
11666
11938
|
"toctou-fs:posture/deterministic.js:53",
|
|
11667
11939
|
"toctou-fs:posture/epss.js:34",
|
|
11668
11940
|
"toctou-fs:posture/exploitability-probability.js:142",
|
|
@@ -11670,6 +11942,7 @@
|
|
|
11670
11942
|
"toctou-fs:posture/federated-learning.js:60",
|
|
11671
11943
|
"toctou-fs:posture/fix-history.js:31",
|
|
11672
11944
|
"toctou-fs:posture/fix-history.js:48",
|
|
11945
|
+
"toctou-fs:posture/fix-style-mirror.js:97",
|
|
11673
11946
|
"toctou-fs:posture/fix-verify-loop.js:33",
|
|
11674
11947
|
"toctou-fs:posture/grader-calibration.js:34",
|
|
11675
11948
|
"toctou-fs:posture/harness-discovery.js:39",
|
|
@@ -11698,7 +11971,8 @@
|
|
|
11698
11971
|
"toctou-fs:posture/suppressions.js:24",
|
|
11699
11972
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
11700
11973
|
"toctou-fs:posture/triage-learning.js:49",
|
|
11701
|
-
"toctou-fs:posture/triage.js:
|
|
11974
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
11975
|
+
"toctou-fs:posture/triage.js:19",
|
|
11702
11976
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
11703
11977
|
"toctou-fs:posture/verifier-target.js:66",
|
|
11704
11978
|
"toctou-fs:posture/version.js:43",
|
|
@@ -11712,13 +11986,13 @@
|
|
|
11712
11986
|
]
|
|
11713
11987
|
},
|
|
11714
11988
|
{
|
|
11715
|
-
"timestamp": "2026-05-
|
|
11989
|
+
"timestamp": "2026-05-29T22:33:11.457Z",
|
|
11716
11990
|
"label": "scan",
|
|
11717
|
-
"total":
|
|
11991
|
+
"total": 467,
|
|
11718
11992
|
"critical": 0,
|
|
11719
11993
|
"high": 0,
|
|
11720
11994
|
"medium": 16,
|
|
11721
|
-
"low":
|
|
11995
|
+
"low": 451,
|
|
11722
11996
|
"kev": 0,
|
|
11723
11997
|
"ids": [
|
|
11724
11998
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -11765,7 +12039,7 @@
|
|
|
11765
12039
|
"state-machine:posture/fix-history.js:325:applied",
|
|
11766
12040
|
"state-machine:posture/fix-history.js:330:failed",
|
|
11767
12041
|
"state-machine:posture/fix-history.js:335:failed",
|
|
11768
|
-
"state-machine:posture/triage.js:
|
|
12042
|
+
"state-machine:posture/triage.js:68:fixed",
|
|
11769
12043
|
"state-machine:sast/logic.js:29:completed",
|
|
11770
12044
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11771
12045
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11858,6 +12132,14 @@
|
|
|
11858
12132
|
"struct:posture/agents-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11859
12133
|
"struct:posture/api-contract.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11860
12134
|
"struct:posture/api-contract.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12135
|
+
"struct:posture/auditor-walkthrough.js:164:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12136
|
+
"struct:posture/auditor-walkthrough.js:248:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12137
|
+
"struct:posture/auditor-walkthrough.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12138
|
+
"struct:posture/auditor-walkthrough.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12139
|
+
"struct:posture/auditor-walkthrough.js:56:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12140
|
+
"struct:posture/auditor-walkthrough.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12141
|
+
"struct:posture/auditor-walkthrough.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12142
|
+
"struct:posture/auditor-walkthrough.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11861
12143
|
"struct:posture/auth-posture-import.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11862
12144
|
"struct:posture/auth-posture-import.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11863
12145
|
"struct:posture/blast-radius.js:201:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11881,6 +12163,11 @@
|
|
|
11881
12163
|
"struct:posture/compliance-policy.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11882
12164
|
"struct:posture/compliance-policy.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11883
12165
|
"struct:posture/compliance-policy.js:98:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12166
|
+
"struct:posture/cross-repo-memory.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12167
|
+
"struct:posture/cross-repo-memory.js:59:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12168
|
+
"struct:posture/cross-repo-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12169
|
+
"struct:posture/cross-repo-memory.js:63:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12170
|
+
"struct:posture/cross-repo-memory.js:70:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11884
12171
|
"struct:posture/custom-rules.js:323:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11885
12172
|
"struct:posture/custom-rules.js:345:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11886
12173
|
"struct:posture/custom-rules.js:57:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11896,6 +12183,11 @@
|
|
|
11896
12183
|
"struct:posture/cve-lookup.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11897
12184
|
"struct:posture/cve-lookup.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11898
12185
|
"struct:posture/cve-lookup.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12186
|
+
"struct:posture/dep-add-guard.js:28:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12187
|
+
"struct:posture/dep-add-guard.js:29:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12188
|
+
"struct:posture/dep-add-guard.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12189
|
+
"struct:posture/dep-add-guard.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12190
|
+
"struct:posture/dep-add-guard.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11899
12191
|
"struct:posture/deploy-platform.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11900
12192
|
"struct:posture/deploy-platform.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11901
12193
|
"struct:posture/deterministic.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11912,6 +12204,10 @@
|
|
|
11912
12204
|
"struct:posture/federated-learning.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11913
12205
|
"struct:posture/federated-learning.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11914
12206
|
"struct:posture/federated-learning.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12207
|
+
"struct:posture/findings-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12208
|
+
"struct:posture/findings-memory.js:104:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12209
|
+
"struct:posture/findings-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12210
|
+
"struct:posture/findings-memory.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11915
12211
|
"struct:posture/fix-history.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11916
12212
|
"struct:posture/fix-history.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11917
12213
|
"struct:posture/fix-history.js:354:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11919,6 +12215,11 @@
|
|
|
11919
12215
|
"struct:posture/fix-history.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11920
12216
|
"struct:posture/fix-history.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11921
12217
|
"struct:posture/fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12218
|
+
"struct:posture/fix-style-mirror.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12219
|
+
"struct:posture/fix-style-mirror.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12220
|
+
"struct:posture/fix-style-mirror.js:62:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12221
|
+
"struct:posture/fix-style-mirror.js:97:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12222
|
+
"struct:posture/fix-style-mirror.js:99:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11922
12223
|
"struct:posture/fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11923
12224
|
"struct:posture/fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11924
12225
|
"struct:posture/fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11934,6 +12235,9 @@
|
|
|
11934
12235
|
"struct:posture/integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11935
12236
|
"struct:posture/integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11936
12237
|
"struct:posture/integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
|
|
12238
|
+
"struct:posture/intent-context.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12239
|
+
"struct:posture/intent-context.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12240
|
+
"struct:posture/intent-context.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11937
12241
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11938
12242
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11939
12243
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11943,6 +12247,8 @@
|
|
|
11943
12247
|
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11944
12248
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11945
12249
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12250
|
+
"struct:posture/model-rescan.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12251
|
+
"struct:posture/model-rescan.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11946
12252
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11947
12253
|
"struct:posture/network-policy-import.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11948
12254
|
"struct:posture/network-policy-import.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11953,6 +12259,9 @@
|
|
|
11953
12259
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11954
12260
|
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11955
12261
|
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12262
|
+
"struct:posture/pr-augment.js:113:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12263
|
+
"struct:posture/pr-augment.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12264
|
+
"struct:posture/pr-augment.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11956
12265
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11957
12266
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11958
12267
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -11960,6 +12269,8 @@
|
|
|
11960
12269
|
"struct:posture/profile.js:81:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11961
12270
|
"struct:posture/realtime-cve-monitor.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11962
12271
|
"struct:posture/realtime-cve-monitor.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12272
|
+
"struct:posture/risk-dollars.js:83:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12273
|
+
"struct:posture/risk-dollars.js:85:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11963
12274
|
"struct:posture/router.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11964
12275
|
"struct:posture/router.js:22:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
11965
12276
|
"struct:posture/router.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12016,10 +12327,17 @@
|
|
|
12016
12327
|
"struct:posture/telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12017
12328
|
"struct:posture/threat-model-auto.js:216:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12018
12329
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12330
|
+
"struct:posture/threat-model-grounding.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12331
|
+
"struct:posture/time-to-fix.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12332
|
+
"struct:posture/time-to-fix.js:56:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12019
12333
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12020
12334
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12021
|
-
"struct:posture/triage.js:
|
|
12022
|
-
"struct:posture/triage.js:
|
|
12335
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12336
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12337
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12338
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12339
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12340
|
+
"struct:posture/triage.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12023
12341
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12024
12342
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12025
12343
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12030,6 +12348,8 @@
|
|
|
12030
12348
|
"struct:posture/version.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12031
12349
|
"struct:posture/waf-ingest.js:138:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12032
12350
|
"struct:posture/waf-ingest.js:140:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12351
|
+
"struct:posture/workflow-installer.js:24:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12352
|
+
"struct:posture/workflow-installer.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12033
12353
|
"struct:sca/binary-metadata.js:124:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12034
12354
|
"struct:sca/binary-metadata.js:133:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12035
12355
|
"struct:sca/binary-metadata.js:139:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12080,13 +12400,17 @@
|
|
|
12080
12400
|
"toctou-fs:posture/agents-memory.js:44",
|
|
12081
12401
|
"toctou-fs:posture/agents-memory.js:69",
|
|
12082
12402
|
"toctou-fs:posture/agents-memory.js:72",
|
|
12403
|
+
"toctou-fs:posture/auditor-walkthrough.js:60",
|
|
12083
12404
|
"toctou-fs:posture/auth-posture-import.js:53",
|
|
12084
12405
|
"toctou-fs:posture/calibration-drift.js:40",
|
|
12085
12406
|
"toctou-fs:posture/compliance-policy.js:109",
|
|
12086
12407
|
"toctou-fs:posture/compliance-policy.js:48",
|
|
12408
|
+
"toctou-fs:posture/cross-repo-memory.js:59",
|
|
12087
12409
|
"toctou-fs:posture/cve-alert-daemon.js:271",
|
|
12088
12410
|
"toctou-fs:posture/cve-alert-daemon.js:289",
|
|
12089
12411
|
"toctou-fs:posture/cve-lookup.js:32",
|
|
12412
|
+
"toctou-fs:posture/dep-add-guard.js:28",
|
|
12413
|
+
"toctou-fs:posture/dep-add-guard.js:65",
|
|
12090
12414
|
"toctou-fs:posture/deterministic.js:53",
|
|
12091
12415
|
"toctou-fs:posture/epss.js:34",
|
|
12092
12416
|
"toctou-fs:posture/exploitability-probability.js:142",
|
|
@@ -12094,6 +12418,7 @@
|
|
|
12094
12418
|
"toctou-fs:posture/federated-learning.js:60",
|
|
12095
12419
|
"toctou-fs:posture/fix-history.js:31",
|
|
12096
12420
|
"toctou-fs:posture/fix-history.js:48",
|
|
12421
|
+
"toctou-fs:posture/fix-style-mirror.js:97",
|
|
12097
12422
|
"toctou-fs:posture/fix-verify-loop.js:33",
|
|
12098
12423
|
"toctou-fs:posture/grader-calibration.js:34",
|
|
12099
12424
|
"toctou-fs:posture/harness-discovery.js:39",
|
|
@@ -12108,6 +12433,7 @@
|
|
|
12108
12433
|
"toctou-fs:posture/profile.js:46",
|
|
12109
12434
|
"toctou-fs:posture/profile.js:77",
|
|
12110
12435
|
"toctou-fs:posture/realtime-cve-monitor.js:38",
|
|
12436
|
+
"toctou-fs:posture/risk-dollars.js:83",
|
|
12111
12437
|
"toctou-fs:posture/router.js:21",
|
|
12112
12438
|
"toctou-fs:posture/rule-overrides.js:22",
|
|
12113
12439
|
"toctou-fs:posture/rule-overrides.js:72",
|
|
@@ -12121,12 +12447,15 @@
|
|
|
12121
12447
|
"toctou-fs:posture/sca-upgrade.js:79",
|
|
12122
12448
|
"toctou-fs:posture/suppressions.js:24",
|
|
12123
12449
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
12450
|
+
"toctou-fs:posture/time-to-fix.js:54",
|
|
12124
12451
|
"toctou-fs:posture/triage-learning.js:49",
|
|
12125
|
-
"toctou-fs:posture/triage.js:
|
|
12452
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
12453
|
+
"toctou-fs:posture/triage.js:20",
|
|
12126
12454
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
12127
12455
|
"toctou-fs:posture/verifier-target.js:66",
|
|
12128
12456
|
"toctou-fs:posture/version.js:43",
|
|
12129
12457
|
"toctou-fs:posture/waf-ingest.js:138",
|
|
12458
|
+
"toctou-fs:posture/workflow-installer.js:24",
|
|
12130
12459
|
"toctou-fs:runScan.js:39",
|
|
12131
12460
|
"toctou-fs:sca/binary-metadata.js:47",
|
|
12132
12461
|
"toctou-fs:sca/binary-metadata.js:67",
|
|
@@ -12136,13 +12465,13 @@
|
|
|
12136
12465
|
]
|
|
12137
12466
|
},
|
|
12138
12467
|
{
|
|
12139
|
-
"timestamp": "2026-05-
|
|
12468
|
+
"timestamp": "2026-05-29T22:33:27.699Z",
|
|
12140
12469
|
"label": "scan",
|
|
12141
|
-
"total":
|
|
12470
|
+
"total": 467,
|
|
12142
12471
|
"critical": 0,
|
|
12143
12472
|
"high": 0,
|
|
12144
12473
|
"medium": 16,
|
|
12145
|
-
"low":
|
|
12474
|
+
"low": 451,
|
|
12146
12475
|
"kev": 0,
|
|
12147
12476
|
"ids": [
|
|
12148
12477
|
"authz:sast/authz.js:33:AuthZ__jwt_verify_called_without_algorithms_allow_list",
|
|
@@ -12189,7 +12518,7 @@
|
|
|
12189
12518
|
"state-machine:posture/fix-history.js:325:applied",
|
|
12190
12519
|
"state-machine:posture/fix-history.js:330:failed",
|
|
12191
12520
|
"state-machine:posture/fix-history.js:335:failed",
|
|
12192
|
-
"state-machine:posture/triage.js:
|
|
12521
|
+
"state-machine:posture/triage.js:68:fixed",
|
|
12193
12522
|
"state-machine:sast/logic.js:29:completed",
|
|
12194
12523
|
"struct:badge.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12195
12524
|
"struct:badge.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12282,6 +12611,14 @@
|
|
|
12282
12611
|
"struct:posture/agents-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12283
12612
|
"struct:posture/api-contract.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12284
12613
|
"struct:posture/api-contract.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12614
|
+
"struct:posture/auditor-walkthrough.js:164:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12615
|
+
"struct:posture/auditor-walkthrough.js:248:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12616
|
+
"struct:posture/auditor-walkthrough.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12617
|
+
"struct:posture/auditor-walkthrough.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12618
|
+
"struct:posture/auditor-walkthrough.js:56:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12619
|
+
"struct:posture/auditor-walkthrough.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12620
|
+
"struct:posture/auditor-walkthrough.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12621
|
+
"struct:posture/auditor-walkthrough.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12285
12622
|
"struct:posture/auth-posture-import.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12286
12623
|
"struct:posture/auth-posture-import.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12287
12624
|
"struct:posture/blast-radius.js:201:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12305,6 +12642,11 @@
|
|
|
12305
12642
|
"struct:posture/compliance-policy.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12306
12643
|
"struct:posture/compliance-policy.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12307
12644
|
"struct:posture/compliance-policy.js:98:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12645
|
+
"struct:posture/cross-repo-memory.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12646
|
+
"struct:posture/cross-repo-memory.js:59:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12647
|
+
"struct:posture/cross-repo-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12648
|
+
"struct:posture/cross-repo-memory.js:63:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12649
|
+
"struct:posture/cross-repo-memory.js:70:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12308
12650
|
"struct:posture/custom-rules.js:323:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12309
12651
|
"struct:posture/custom-rules.js:345:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12310
12652
|
"struct:posture/custom-rules.js:57:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12320,6 +12662,11 @@
|
|
|
12320
12662
|
"struct:posture/cve-lookup.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12321
12663
|
"struct:posture/cve-lookup.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12322
12664
|
"struct:posture/cve-lookup.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12665
|
+
"struct:posture/dep-add-guard.js:28:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12666
|
+
"struct:posture/dep-add-guard.js:29:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12667
|
+
"struct:posture/dep-add-guard.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12668
|
+
"struct:posture/dep-add-guard.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12669
|
+
"struct:posture/dep-add-guard.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12323
12670
|
"struct:posture/deploy-platform.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12324
12671
|
"struct:posture/deploy-platform.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12325
12672
|
"struct:posture/deterministic.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12336,6 +12683,10 @@
|
|
|
12336
12683
|
"struct:posture/federated-learning.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12337
12684
|
"struct:posture/federated-learning.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12338
12685
|
"struct:posture/federated-learning.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12686
|
+
"struct:posture/findings-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12687
|
+
"struct:posture/findings-memory.js:104:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12688
|
+
"struct:posture/findings-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12689
|
+
"struct:posture/findings-memory.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12339
12690
|
"struct:posture/fix-history.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12340
12691
|
"struct:posture/fix-history.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12341
12692
|
"struct:posture/fix-history.js:354:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12343,6 +12694,11 @@
|
|
|
12343
12694
|
"struct:posture/fix-history.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12344
12695
|
"struct:posture/fix-history.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12345
12696
|
"struct:posture/fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12697
|
+
"struct:posture/fix-style-mirror.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12698
|
+
"struct:posture/fix-style-mirror.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12699
|
+
"struct:posture/fix-style-mirror.js:62:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12700
|
+
"struct:posture/fix-style-mirror.js:97:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12701
|
+
"struct:posture/fix-style-mirror.js:99:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12346
12702
|
"struct:posture/fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12347
12703
|
"struct:posture/fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12348
12704
|
"struct:posture/fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12358,6 +12714,9 @@
|
|
|
12358
12714
|
"struct:posture/integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12359
12715
|
"struct:posture/integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12360
12716
|
"struct:posture/integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
|
|
12717
|
+
"struct:posture/intent-context.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12718
|
+
"struct:posture/intent-context.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12719
|
+
"struct:posture/intent-context.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12361
12720
|
"struct:posture/learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12362
12721
|
"struct:posture/learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12363
12722
|
"struct:posture/learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12367,6 +12726,8 @@
|
|
|
12367
12726
|
"struct:posture/license-graph.js:229:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12368
12727
|
"struct:posture/license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12369
12728
|
"struct:posture/license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12729
|
+
"struct:posture/model-rescan.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12730
|
+
"struct:posture/model-rescan.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12370
12731
|
"struct:posture/network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12371
12732
|
"struct:posture/network-policy-import.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12372
12733
|
"struct:posture/network-policy-import.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12377,6 +12738,9 @@
|
|
|
12377
12738
|
"struct:posture/policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12378
12739
|
"struct:posture/pqc-migration-plan.js:121:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12379
12740
|
"struct:posture/pqc-migration-plan.js:122:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12741
|
+
"struct:posture/pr-augment.js:113:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12742
|
+
"struct:posture/pr-augment.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12743
|
+
"struct:posture/pr-augment.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12380
12744
|
"struct:posture/pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12381
12745
|
"struct:posture/profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12382
12746
|
"struct:posture/profile.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12384,6 +12748,8 @@
|
|
|
12384
12748
|
"struct:posture/profile.js:81:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12385
12749
|
"struct:posture/realtime-cve-monitor.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12386
12750
|
"struct:posture/realtime-cve-monitor.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12751
|
+
"struct:posture/risk-dollars.js:83:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12752
|
+
"struct:posture/risk-dollars.js:85:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12387
12753
|
"struct:posture/router.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12388
12754
|
"struct:posture/router.js:22:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12389
12755
|
"struct:posture/router.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12440,10 +12806,17 @@
|
|
|
12440
12806
|
"struct:posture/telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12441
12807
|
"struct:posture/threat-model-auto.js:216:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12442
12808
|
"struct:posture/threat-model-auto.js:217:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12809
|
+
"struct:posture/threat-model-grounding.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12810
|
+
"struct:posture/time-to-fix.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12811
|
+
"struct:posture/time-to-fix.js:56:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12443
12812
|
"struct:posture/triage-learning.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12444
12813
|
"struct:posture/triage-learning.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12445
|
-
"struct:posture/triage.js:
|
|
12446
|
-
"struct:posture/triage.js:
|
|
12814
|
+
"struct:posture/triage-memory.js:61:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12815
|
+
"struct:posture/triage-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12816
|
+
"struct:posture/triage-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12817
|
+
"struct:posture/triage-memory.js:84:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12818
|
+
"struct:posture/triage.js:20:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12819
|
+
"struct:posture/triage.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12447
12820
|
"struct:posture/validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12448
12821
|
"struct:posture/validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12449
12822
|
"struct:posture/verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12454,6 +12827,8 @@
|
|
|
12454
12827
|
"struct:posture/version.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12455
12828
|
"struct:posture/waf-ingest.js:138:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12456
12829
|
"struct:posture/waf-ingest.js:140:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12830
|
+
"struct:posture/workflow-installer.js:24:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12831
|
+
"struct:posture/workflow-installer.js:89:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12457
12832
|
"struct:sca/binary-metadata.js:124:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12458
12833
|
"struct:sca/binary-metadata.js:133:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
12459
12834
|
"struct:sca/binary-metadata.js:139:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
|
|
@@ -12504,13 +12879,17 @@
|
|
|
12504
12879
|
"toctou-fs:posture/agents-memory.js:44",
|
|
12505
12880
|
"toctou-fs:posture/agents-memory.js:69",
|
|
12506
12881
|
"toctou-fs:posture/agents-memory.js:72",
|
|
12882
|
+
"toctou-fs:posture/auditor-walkthrough.js:60",
|
|
12507
12883
|
"toctou-fs:posture/auth-posture-import.js:53",
|
|
12508
12884
|
"toctou-fs:posture/calibration-drift.js:40",
|
|
12509
12885
|
"toctou-fs:posture/compliance-policy.js:109",
|
|
12510
12886
|
"toctou-fs:posture/compliance-policy.js:48",
|
|
12887
|
+
"toctou-fs:posture/cross-repo-memory.js:59",
|
|
12511
12888
|
"toctou-fs:posture/cve-alert-daemon.js:271",
|
|
12512
12889
|
"toctou-fs:posture/cve-alert-daemon.js:289",
|
|
12513
12890
|
"toctou-fs:posture/cve-lookup.js:32",
|
|
12891
|
+
"toctou-fs:posture/dep-add-guard.js:28",
|
|
12892
|
+
"toctou-fs:posture/dep-add-guard.js:65",
|
|
12514
12893
|
"toctou-fs:posture/deterministic.js:53",
|
|
12515
12894
|
"toctou-fs:posture/epss.js:34",
|
|
12516
12895
|
"toctou-fs:posture/exploitability-probability.js:142",
|
|
@@ -12518,6 +12897,7 @@
|
|
|
12518
12897
|
"toctou-fs:posture/federated-learning.js:60",
|
|
12519
12898
|
"toctou-fs:posture/fix-history.js:31",
|
|
12520
12899
|
"toctou-fs:posture/fix-history.js:48",
|
|
12900
|
+
"toctou-fs:posture/fix-style-mirror.js:97",
|
|
12521
12901
|
"toctou-fs:posture/fix-verify-loop.js:33",
|
|
12522
12902
|
"toctou-fs:posture/grader-calibration.js:34",
|
|
12523
12903
|
"toctou-fs:posture/harness-discovery.js:39",
|
|
@@ -12532,6 +12912,7 @@
|
|
|
12532
12912
|
"toctou-fs:posture/profile.js:46",
|
|
12533
12913
|
"toctou-fs:posture/profile.js:77",
|
|
12534
12914
|
"toctou-fs:posture/realtime-cve-monitor.js:38",
|
|
12915
|
+
"toctou-fs:posture/risk-dollars.js:83",
|
|
12535
12916
|
"toctou-fs:posture/router.js:21",
|
|
12536
12917
|
"toctou-fs:posture/rule-overrides.js:22",
|
|
12537
12918
|
"toctou-fs:posture/rule-overrides.js:72",
|
|
@@ -12545,12 +12926,15 @@
|
|
|
12545
12926
|
"toctou-fs:posture/sca-upgrade.js:79",
|
|
12546
12927
|
"toctou-fs:posture/suppressions.js:24",
|
|
12547
12928
|
"toctou-fs:posture/telemetry-ingest.js:41",
|
|
12929
|
+
"toctou-fs:posture/time-to-fix.js:54",
|
|
12548
12930
|
"toctou-fs:posture/triage-learning.js:49",
|
|
12549
|
-
"toctou-fs:posture/triage.js:
|
|
12931
|
+
"toctou-fs:posture/triage-memory.js:82",
|
|
12932
|
+
"toctou-fs:posture/triage.js:20",
|
|
12550
12933
|
"toctou-fs:posture/validator-metrics.js:35",
|
|
12551
12934
|
"toctou-fs:posture/verifier-target.js:66",
|
|
12552
12935
|
"toctou-fs:posture/version.js:43",
|
|
12553
12936
|
"toctou-fs:posture/waf-ingest.js:138",
|
|
12937
|
+
"toctou-fs:posture/workflow-installer.js:24",
|
|
12554
12938
|
"toctou-fs:runScan.js:39",
|
|
12555
12939
|
"toctou-fs:sca/binary-metadata.js:47",
|
|
12556
12940
|
"toctou-fs:sca/binary-metadata.js:67",
|