← Scan another repo

github.com/juice-shop/juice-shop

Submitted 6/8/2026, 10:37:51 PM · Status: ok

Risk grade
F
100 / 100
Findings
40
0 critical36 high2 medium2 low0 info0 on CISA KEV0ATT&CK
Showing 40 of 40 findings

Findings

  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected generic-api-key: Detected a Generic API Key, potentially exposing access to various services and sensitive operations
    Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected jwt: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data
    Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.
    gitleaks
  • Detected private-key: Identified a Private Key, which may compromise cryptographic security and sensitive data encryption
    Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.
    gitleaks
  • 'apk add' is missing '--no-cache'
    You should use 'apk add' with '--no-cache' to clean package cached data and reduce image size.
    trivytest/smoke/Dockerfile:3
  • Image user should not be 'root'
    Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.
    trivytest/smoke/Dockerfile:0
  • ':latest' tag used
    When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated.
    trivytest/smoke/Dockerfile:1
  • ':latest' tag used
    When using a 'FROM' statement you should use a specific tag to avoid uncontrolled behavior when the image is updated.
    trivyDockerfile:22
  • No HEALTHCHECK defined
    You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
    trivyDockerfile:0
  • No HEALTHCHECK defined
    You should add HEALTHCHECK instruction in your docker container images to perform the health check on running containers.
    trivytest/smoke/Dockerfile:0

This report is public.