← Scan another repo

github.com/JoshuaCooper/worf

Submitted 6/10/2026, 3:55:02 AM · Status: ok

Risk grade
C
33 / 100
Findings
7
0 critical2 high4 medium1 low0 info0 on CISA KEV0ATT&CK
Showing 7 of 7 findings

Findings

  • 'apk add' is missing '--no-cache'
    You should use 'apk add' with '--no-cache' to clean package cached data and reduce image size.
    trivyinfra/apko_server/Dockerfile:5
  • 'RUN <package-manager> update' instruction alone
    The instruction 'RUN <package-manager> update' should always be followed by '<package-manager> install' in the same RUN statement.
    trivyinfra/apko_server/Dockerfile:4
  • Ensure that HEALTHCHECK instructions have been added to container images
    Ensure that HEALTHCHECK instructions have been added to container images on /infra/apko_server/Dockerfile.
    checkovinfra/apko_server/Dockerfile:1
  • Detected a dynamic value being used with urllib. urllib supports 'file://' schemes, so a dynamic value controlled by a malicious actor may allow them to read arbitrary files. Audit uses of urllib call
    Detected a dynamic value being used with urllib. urllib supports 'file://' schemes, so a dynamic value controlled by a malicious actor may allow them to read arbitrary files. Audit uses of urllib calls to ensure user data cannot control the URLs, or consider using the 'requests' …
    semgrep/tmp/scan-psc_10c610cd7071dd17d10bf75dddee1954/repo/infra/apko_server/package_index.py:152
  • Detected a dynamic value being used with urllib. urllib supports 'file://' schemes, so a dynamic value controlled by a malicious actor may allow them to read arbitrary files. Audit uses of urllib call
    Detected a dynamic value being used with urllib. urllib supports 'file://' schemes, so a dynamic value controlled by a malicious actor may allow them to read arbitrary files. Audit uses of urllib calls to ensure user data cannot control the URLs, or consider using the 'requests' …
    semgrep/tmp/scan-psc_10c610cd7071dd17d10bf75dddee1954/repo/infra/support_files/seed_local_repo.py:87
  • Running flask app with host 0.0.0.0 could expose the server publicly.
    semgrep/tmp/scan-psc_10c610cd7071dd17d10bf75dddee1954/repo/infra/apko_server/apko_flask_server.py:292
  • No HEALTHCHECK defined
    You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
    trivyinfra/apko_server/Dockerfile:0

This report is public.