← Scan another repo

github.com/labstack/echo

@ 70b31c2ca513

Submitted 7/13/2026, 9:35:10 PM · Status: ok

Risk grade
C
30 / 100
Findings
42
0 critical2 high3 medium0 low37 info0 on CISA KEV0ATT&CK
Showing 42 of 42 findings

Findings

  • Detected private-key: Identified a Private Key, which may compromise cryptographic security and sensitive data encryption
    Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.
    gitleaks
  • Private Key detected. This is a sensitive credential and should not be hardcoded here. Instead, store this in a separate, private file.
    semgrep_fixture/certs/key.pem:1
  • A session cookie was detected without setting the 'HttpOnly' flag. The 'HttpOnly' flag for cookies instructs the browser to forbid client-side scripts from reading the cookie which mitigates XSS attac
    A session cookie was detected without setting the 'HttpOnly' flag. The 'HttpOnly' flag for cookies instructs the browser to forbid client-side scripts from reading the cookie which mitigates XSS attacks. Set the 'HttpOnly' flag by setting 'HttpOnly' to 'true' in the Cookie.
    semgrepmiddleware/csrf.go:226
  • A session cookie was detected without setting the 'Secure' flag. The 'secure' flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the 'Secure' fl
    A session cookie was detected without setting the 'Secure' flag. The 'secure' flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the 'Secure' flag by setting 'Secure' to 'true' in the Options struct.
    semgrepmiddleware/csrf.go:226
  • Do not use `math/rand`. Use `crypto/rand` instead.
    semgrepmiddleware/proxy.go:13

This report is public.