Skip to content

chore(deps): bump @anthropic-ai/sdk from 0.73.0 to 0.80.0#28

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/anthropic-ai/sdk-0.80.0
Open

chore(deps): bump @anthropic-ai/sdk from 0.73.0 to 0.80.0#28
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/anthropic-ai/sdk-0.80.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 23, 2026

Copy link
Copy Markdown

Bumps @anthropic-ai/sdk from 0.73.0 to 0.80.0.

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.80.0

0.80.0 (2026-03-18)

Full Changelog: sdk-v0.79.0...sdk-v0.80.0

Features

Chores

  • internal: tweak CI branches (4a5819e)

sdk: v0.79.0

0.79.0 (2026-03-16)

Full Changelog: sdk-v0.78.0...sdk-v0.79.0

Features

  • add support for filesystem memory tools (#599) (1064199)
  • api: chore(config): clean up model enum list (#31) (07727a6)
  • api: GA thinking-display-setting (4dc8df4)
  • tests: update mock server (e5c3be9)

Bug Fixes

  • docs/contributing: correct pnpm link command (16bf66c)
  • internal: skip tests that depend on mock server (07417e5)
  • zod: use v4 import path for Zod ^3.25 compatibility (#925) (c6c0ac8)

Chores

  • client: remove unused import (3827ab5)
  • internal: codegen related update (2c1fc10)
  • internal: improve import alias names (5b9615b)
  • internal: move stringifyQuery implementation to internal function (16239f3)
  • internal: update dependencies to address dependabot vulnerabilities (6fdea5e)
  • mcp-server: improve instructions (66e5363)
  • remove accidentally committed file (#929) (0989113)
  • tests: unskip tests that are now supported in steady (616a98a)

Documentation

... (truncated)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.80.0 (2026-03-18)

Full Changelog: sdk-v0.79.0...sdk-v0.80.0

Features

Chores

  • internal: tweak CI branches (4a5819e)

0.79.0 (2026-03-16)

Full Changelog: sdk-v0.78.0...sdk-v0.79.0

Features

  • add support for filesystem memory tools (#599) (1064199)
  • api: chore(config): clean up model enum list (#31) (07727a6)
  • api: GA thinking-display-setting (4dc8df4)
  • tests: update mock server (e5c3be9)

Bug Fixes

  • docs/contributing: correct pnpm link command (16bf66c)
  • internal: skip tests that depend on mock server (07417e5)
  • zod: use v4 import path for Zod ^3.25 compatibility (#925) (c6c0ac8)

Chores

  • client: remove unused import (3827ab5)
  • internal: codegen related update (2c1fc10)
  • internal: improve import alias names (5b9615b)
  • internal: move stringifyQuery implementation to internal function (16239f3)
  • internal: update dependencies to address dependabot vulnerabilities (6fdea5e)
  • mcp-server: improve instructions (66e5363)
  • remove accidentally committed file (#929) (0989113)
  • tests: unskip tests that are now supported in steady (616a98a)

Documentation

0.78.0 (2026-02-19)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot @github

dependabot Bot commented on behalf of github Mar 23, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@vercel

vercel Bot commented Mar 23, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
verification-layer Error Error Apr 4, 2026 4:42pm

@github-actions

github-actions Bot commented Mar 23, 2026

Copy link
Copy Markdown

🏥 HIPAA Compliance Report

⚠️ undefined new findings require attention.

Severity Count
🔴 Critical undefined
🟠 High undefined
🟡 Medium undefined
🔵 Low undefined
⚪ Info undefined

🔴 Critical (54)

Finding File Line HIPAA Ref
PHI Data in Error Logs or Thrown Errors /home/runner/work/verification-layer/verification-layer/src/cli.ts 1484 45 CFR §164.312(c) - Integrity Controls
PHI Data in Error Logs or Thrown Errors /home/runner/work/verification-layer/verification-layer/src/cli.ts 1524 45 CFR §164.312(c) - Integrity Controls
PHI Data in Error Logs or Thrown Errors /home/runner/work/verification-layer/verification-layer/src/cli.ts 1484 45 CFR §164.312(c) - Integrity Controls
PHI Data in Error Logs or Thrown Errors /home/runner/work/verification-layer/verification-layer/src/cli.ts 1524 45 CFR §164.312(c) - Integrity Controls
Potential SSN detected /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 406 §164.502, §164.514
Potential SSN detected /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 408 §164.502, §164.514
Potential SSN detected /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 434 §164.502, §164.514
Potential SSN detected /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 508 §164.502, §164.514
PHI in URL query parameter /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 508 §164.502, §164.514
PHI Data in Error Logs or Thrown Errors /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 304 45 CFR §164.312(c) - Integrity Controls
PHI Data in Error Logs or Thrown Errors /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 456 45 CFR §164.312(c) - Integrity Controls
Weak cryptography: DES encryption /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 178 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
Weak cryptography: DES encryption /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 184 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
Weak cryptography: DES encryption /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 151 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
Weak cryptography: DES encryption /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 173 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
Weak Password Hashing Algorithm Detected /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 179 45 CFR §164.312(d) - Person or Entity Authentication
PHI Data in Error Logs or Thrown Errors /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 304 45 CFR §164.312(c) - Integrity Controls
PHI Data in Error Logs or Thrown Errors /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 456 45 CFR §164.312(c) - Integrity Controls
Potential authentication bypass /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 265 §164.312(a)(1), §164.312(d)
SQL query with template literal interpolation /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 381 §164.312(a)(1), §164.312(d)
Missing Network Segmentation for PHI /home/runner/work/verification-layer/verification-layer/vscode-vlayer/src/codeActions.ts 57 45 CFR §164.312(e)(1) - Transmission Security (Required)
Missing Multi-Factor Authentication for PHI Access /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 150 45 CFR §164.312(a)(2)(i) - Access Control (Required)
Missing Breach Notification Mechanism /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 324 45 CFR §164.308(a)(6)(ii) - Security Incident Procedures (Required)
Missing Breach Notification Mechanism /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 502 45 CFR §164.308(a)(6)(ii) - Security Incident Procedures (Required)
Missing Network Segmentation for PHI /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 359 45 CFR §164.312(e)(1) - Transmission Security (Required)
Missing Network Segmentation for PHI /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 409 45 CFR §164.312(e)(1) - Transmission Security (Required)
Missing Multi-Factor Authentication for PHI Access /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 590 45 CFR §164.312(a)(2)(i) - Access Control (Required)
Missing Network Segmentation for PHI /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 595 45 CFR §164.312(e)(1) - Transmission Security (Required)
Missing Multi-Factor Authentication for PHI Access /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 327 45 CFR §164.312(a)(2)(i) - Access Control (Required)
Missing Multi-Factor Authentication for PHI Access /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 328 45 CFR §164.312(a)(2)(i) - Access Control (Required)
Missing Immediate Access Revocation /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 566 45 CFR §164.308(a)(3)(ii)(C) - Termination Procedures (Required)
MFA Bypass Detected in Code /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 249 NPRM §164.312(d) - Person or Entity Authentication
MFA Bypass Detected in Code /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 486 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/lib/storage.ts 1 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/lib/plans.ts 1 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/components/Sidebar.tsx 5 NPRM §164.312(d) - Person or Entity Authentication
Weak Password Hashing Algorithm Detected /home/runner/work/verification-layer/verification-layer/dashboard/components/RescanButton.tsx 31 45 CFR §164.312(d) - Person or Entity Authentication
Weak cryptography: DES encryption /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/phi-encryption.ts 14 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
Weak cryptography: RC4 encryption /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/phi-encryption.ts 14 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
Weak cryptography: DES encryption /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/phi-encryption.ts 25 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
Weak cryptography: RC4 encryption /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/phi-encryption.ts 25 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
Weak Password Hashing Algorithm Detected /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/phi-encryption.ts 25 45 CFR §164.312(d) - Person or Entity Authentication
Potential authentication bypass /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/rbac-check.ts 14 §164.312(a)(1), §164.312(d)
Missing Multi-Factor Authentication for PHI Access /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/rbac-check.ts 12 45 CFR §164.312(a)(2)(i) - Access Control (Required)
Missing Network Segmentation for PHI /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/phi-encryption.ts 17 45 CFR §164.312(e)(1) - Transmission Security (Required)
Missing Network Segmentation for PHI /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/minimum-access.ts 17 45 CFR §164.312(e)(1) - Transmission Security (Required)
Missing Network Segmentation for PHI /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/audit-logging.ts 27 45 CFR §164.312(e)(1) - Transmission Security (Required)
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/lib/supabase/server.ts 2 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/app/signup/page.tsx 4 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/app/settings/page.tsx 4 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/app/login/page.tsx 4 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/app/api/subscription/route.ts 2 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/app/api/portal/route.ts 3 NPRM §164.312(d) - Person or Entity Authentication
Authentication Configuration Without MFA Enabled /home/runner/work/verification-layer/verification-layer/dashboard/app/api/stripe/checkout/route.ts 3 NPRM §164.312(d) - Person or Entity Authentication

Recommendation: Never log PHI in error messages. Redact sensitive data before logging. Example: logger.error("Error processing patient", { patientId: redact(patient.id) }). Use patient IDs only, never full PHI.

🟠 High (97)

Finding File Line HIPAA Ref
PHI logged without redaction /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 304 §164.502, §164.514
PHI logged without redaction /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 482 §164.502, §164.514
Patient data in authorization context /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 328 §164.502, §164.514
Weak cryptography: Deprecated cipher method /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 173 §164.312(a)(2)(iv), §164.312(e)(2)(ii)
CORS wildcard origin /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 460 §164.312(a)(1), §164.312(d)
Cookie configuration missing security flags /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 113 §164.312(a)(1), §164.312(d)
Cookie configuration missing security flags /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 126 §164.312(a)(1), §164.312(d)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 71 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 125 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 134 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 93 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 112 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 125 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 137 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 524 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 543 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 569 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 527 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 528 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 530 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 538 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 542 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 544 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 546 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 557 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 566 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 578 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 580 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 593 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 838 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Login Flow Without Second Factor Authentication /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 121 NPRM §164.312(d) - Person or Entity Authentication
PHI Data Access Without Role/Permission Verification /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 408 45 CFR §164.312(a)(1) - Access Control
PHI Data Access Without Role/Permission Verification /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 381 45 CFR §164.312(a)(1) - Access Control
PHI Data Access Without Role/Permission Verification /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 395 45 CFR §164.312(a)(1) - Access Control
JWT Without Server-Side Revocation Mechanism /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 569 NPRM §164.308(a)(3)(ii)(C) - Access Revocation
Authentication Routes Without Rate Limiting /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 243 45 CFR §164.312(a)(1) - Access Control
Authentication Routes Without Rate Limiting /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 537 45 CFR §164.312(a)(1) - Access Control
Open CORS Configuration (origin: "*") /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 540 45 CFR §164.312(e)(1) - Transmission Security
PHI Data in URL Query Parameters /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 508 45 CFR §164.312(a)(1) - Access Control
Authentication Routes Without Rate Limiting /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 483 45 CFR §164.312(a)(1) - Access Control
Authentication Routes Without Rate Limiting /home/runner/work/verification-layer/verification-layer/src/marketplace/registry.ts 486 45 CFR §164.312(a)(1) - Access Control
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/components/RescanButton.tsx 10 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/components/RescanButton.tsx 40 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/index.ts 28 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/index.ts 29 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/index.ts 30 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/index.ts 70 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/index.ts 72 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/index.ts 73 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Unsanitized Error Details Sent to User /home/runner/work/verification-layer/verification-layer/dashboard/app/api/portal/route.ts 34 45 CFR §164.312(b) - Audit Controls
Unsanitized Error Details Sent to User /home/runner/work/verification-layer/verification-layer/dashboard/app/api/webhook/scan-results/route.ts 121 45 CFR §164.312(b) - Audit Controls
Unsanitized Error Details Sent to User /home/runner/work/verification-layer/verification-layer/dashboard/app/api/reports/generate/route.ts 339 45 CFR §164.312(b) - Audit Controls
Unsanitized Error Details Sent to User /home/runner/work/verification-layer/verification-layer/dashboard/app/api/github/webhook/route.ts 42 45 CFR §164.312(b) - Audit Controls
Unsanitized Error Details Sent to User /home/runner/work/verification-layer/verification-layer/dashboard/app/api/portal/route.ts 34 45 CFR §164.312(b) - Audit Controls
Unsanitized Error Details Sent to User /home/runner/work/verification-layer/verification-layer/dashboard/app/api/webhook/scan-results/route.ts 121 45 CFR §164.312(b) - Audit Controls
Unsanitized Error Details Sent to User /home/runner/work/verification-layer/verification-layer/dashboard/app/api/reports/generate/route.ts 339 45 CFR §164.312(b) - Audit Controls
Unsanitized Error Details Sent to User /home/runner/work/verification-layer/verification-layer/dashboard/app/api/github/webhook/route.ts 42 45 CFR §164.312(b) - Audit Controls
CORS wildcard origin /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/rbac-check.ts 23 §164.312(a)(1), §164.312(d)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/lib/supabase/server.ts 44 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/lib/github/auth.ts 17 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/pricing/page.tsx 39 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 6 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 11 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 12 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 13 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 14 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 15 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 16 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 17 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 18 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 21 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 24 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 25 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 26 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 27 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 33 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 36 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 37 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/session-management.ts 45 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/src/ai/rules/prompts/phi-encryption.ts 23 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/legal/privacy/page.tsx 190 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/portal/route.ts 26 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/portal/route.ts 31 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/webhooks/stripe/route.ts 26 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/webhooks/stripe/route.ts 27 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/webhooks/stripe/route.ts 28 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/webhooks/stripe/route.ts 29 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/webhooks/stripe/route.ts 34 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/webhooks/stripe/route.ts 38 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/stripe/checkout/route.ts 46 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/stripe/checkout/route.ts 123 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/stripe/checkout/route.ts 124 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/stripe/checkout/route.ts 142 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/stripe/checkout/route.ts 143 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/stripe/checkout/route.ts 145 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
Missing Automatic Session Timeout /home/runner/work/verification-layer/verification-layer/dashboard/app/api/stripe/checkout/route.ts 157 45 CFR §164.312(a)(2)(iii) - Session Control (Required)
JWT Without Server-Side Revocation Mechanism /home/runner/work/verification-layer/verification-layer/dashboard/lib/github/auth.ts 17 NPRM §164.308(a)(3)(ii)(C) - Access Revocation

Recommendation: Implement PHI redaction in logging. Use structured logging with automatic PII masking.

🟡 Medium (15)

Finding File Line HIPAA Ref
Encryption issue: Backup storage without encryption specified /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 150 §164.312(e)(1)
SELECT * on sensitive table /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 408 §164.312(a)(1), §164.312(d)
SELECT * on sensitive table /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 381 §164.312(a)(1), §164.312(d)
SELECT * on sensitive table /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 395 §164.312(a)(1), §164.312(d)
SELECT * on PHI Tables Violates Minimum Necessary Principle /home/runner/work/verification-layer/verification-layer/src/training/questions.ts 408 45 CFR §164.502(b) - Minimum Necessary Requirement
SELECT * on PHI Tables Violates Minimum Necessary Principle /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 381 45 CFR §164.502(b) - Minimum Necessary Requirement
SELECT * on PHI Tables Violates Minimum Necessary Principle /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 395 45 CFR §164.502(b) - Minimum Necessary Requirement
SELECT * on PHI Tables Violates Minimum Necessary Principle /home/runner/work/verification-layer/verification-layer/dashboard/lib/storage.ts 71 45 CFR §164.502(b) - Minimum Necessary Requirement
SELECT * on PHI Tables Violates Minimum Necessary Principle /home/runner/work/verification-layer/verification-layer/dashboard/lib/storage.ts 81 45 CFR §164.502(b) - Minimum Necessary Requirement
SELECT * on PHI Tables Violates Minimum Necessary Principle /home/runner/work/verification-layer/verification-layer/dashboard/lib/storage.ts 199 45 CFR §164.502(b) - Minimum Necessary Requirement
SELECT * on PHI Tables Violates Minimum Necessary Principle /home/runner/work/verification-layer/verification-layer/dashboard/lib/storage.ts 250 45 CFR §164.502(b) - Minimum Necessary Requirement
SELECT * on PHI Tables Violates Minimum Necessary Principle /home/runner/work/verification-layer/verification-layer/dashboard/lib/storage.ts 304 45 CFR §164.502(b) - Minimum Necessary Requirement
Excessive Token Expiration Time /home/runner/work/verification-layer/verification-layer/src/training/modules.ts 547 NPRM §164.308(a)(3)(ii)(C) - Access Revocation
Patient email handling detected /home/runner/work/verification-layer/verification-layer/dashboard/components/RescanButton.tsx 13 §164.502, §164.514
Encryption issue: Backup storage without encryption specified /home/runner/work/verification-layer/verification-layer/dashboard/components/RescanButton.tsx 37 §164.312(e)(1)

Recommendation: Enforce TLS 1.2+ for all data transmission containing PHI.

📋 View 349 acknowledged findings

🔴 Critical (103)

  • Weak cryptography: DES encryption in package-lock.json

    📝 Package lock file may contain references to cryptographic algorithms in dependency names or metadata. These are dependency references, not actual usage in production code.

  • Weak cryptography: DES encryption in package-lock.json

    📝 Package lock file may contain references to cryptographic algorithms in dependency names or metadata. These are dependency references, not actual usage in production code.

  • Potential SSN detected in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • PHI stored in localStorage in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • PHI in URL query parameter in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • PHI Data in Error Logs or Thrown Errors in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • PHI Data in Error Logs or Thrown Errors in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in index.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • PHI Data in Error Logs or Thrown Errors in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • PHI Data in Error Logs or Thrown Errors in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Potential authentication bypass in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • SQL query string concatenation in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • PostgreSQL URI with credentials in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • SQL query with template literal interpolation in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • SQL query string concatenation in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Hardcoded password detected in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Missing Multi-Factor Authentication for PHI Access in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Network Segmentation for PHI in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Network Segmentation for PHI in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Network Segmentation for PHI in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Network Segmentation for PHI in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Network Segmentation for PHI in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Multi-Factor Authentication for PHI Access in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Multi-Factor Authentication for PHI Access in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Multi-Factor Authentication for PHI Access in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Multi-Factor Authentication for PHI Access in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Network Segmentation for PHI in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Network Segmentation for PHI in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Network Segmentation for PHI in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Network Segmentation for PHI in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Network Segmentation for PHI in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Network Segmentation for PHI in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Multi-Factor Authentication for PHI Access in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Network Segmentation for PHI in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Network Segmentation for PHI in fix-report.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Multi-Factor Authentication for PHI Access in audit-report.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • ePHI Stored Without Encryption at Rest in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Missing Network Segmentation for PHI in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Missing Network Segmentation for PHI in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Authentication Configuration Without MFA Enabled in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Potential SSN detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in URL query parameter in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Weak cryptography: DES encryption in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Weak cryptography: RC4 encryption in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Encryption issue: PHI backup without encryption in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Secrets Exposed to Client via NEXT_PUBLIC_ Prefix in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Potential authentication bypass in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Potential authentication bypass in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Potential authentication bypass in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Potential authentication bypass in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Potential authentication bypass in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Potential authentication bypass in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Password field with public visibility in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Password field with public visibility in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Password field with public visibility in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • eval() usage detected in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • eval() usage detected in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • eval() usage detected in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • eval() usage detected in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing encryption for PHI storage in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Multi-Factor Authentication for PHI Access in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Multi-Factor Authentication for PHI Access in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Multi-Factor Authentication for PHI Access in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Immediate Access Revocation in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Immediate Access Revocation in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Immediate Access Revocation in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Multi-Factor Authentication for PHI Access in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Multi-Factor Authentication for PHI Access in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Network Segmentation for PHI in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Multi-Factor Authentication for PHI Access in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Authentication Configuration Without MFA Enabled in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • MFA Bypass Detected in Code in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • MFA Bypass Detected in Code in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • MFA Bypass Detected in Code in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • MFA Bypass Detected in Code in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • MFA Bypass Detected in Code in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

🟠 High (205)

  • Encryption issue: Unencrypted HTTP URL in vlayer-rules.example.yaml

    📝 Example configuration file contains sample patterns including HTTP URLs for demonstration purposes. This is documentation, not production configuration.

  • PHI logged without redaction in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • PHI in fetch URL in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • PHI logged without redaction in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • PHI logged without redaction in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • PHI logged without redaction in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Encryption issue: Unencrypted HTTP URL in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Unencrypted HTTP URL in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Database backup without SSL in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Database backup without SSL in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Unencrypted backup file format in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Unencrypted backup file format in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Unencrypted backup file format in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Database backup without SSL in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Unencrypted backup file format in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Unencrypted backup file format in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Unencrypted backup file format in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Encryption issue: Unencrypted backup file format in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Hardcoded admin role in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Unsanitized innerHTML assignment in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Unsanitized innerHTML assignment in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • dangerouslySetInnerHTML usage in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Unsanitized innerHTML assignment in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Cookie without httpOnly flag in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Cookie configuration missing security flags in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Cookie configuration missing security flags in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • Missing Automatic Session Timeout in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Missing Automatic Session Timeout in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Missing Automatic Session Timeout in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • PHI Data Access Without Role/Permission Verification in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • PHI Data Access Without Role/Permission Verification in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • PHI Data Access Without Role/Permission Verification in stack-guides.ts

    📝 Stack detection guides contain example code snippets and configuration patterns for various frameworks. These examples may include security anti-patterns for educational purposes.

  • PHI Data Access Without Role/Permission Verification in index.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • PHI logged without redaction in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI potentially stored in IndexedDB in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI potentially stored in IndexedDB in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI potentially stored in IndexedDB in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI potentially stored in IndexedDB in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI potentially stored in IndexedDB in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient data in authorization context in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient data in authorization context in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient data in authorization context in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient data in authorization context in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in email template in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI in email template in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI written to log file in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI logged without redaction in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Encryption issue: Database backup without SSL in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Encryption issue: Database backup without SSL in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Weak cryptography: ECB mode encryption in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • CORS wildcard origin in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Credential scraping detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Credential scraping detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Credential scraping detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Credential scraping detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Credential scraping detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Credential scraping detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Credential scraping detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Obfuscated command execution in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Obfuscated command execution in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Obfuscated command execution in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI logged to console/files in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Obfuscated command execution in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Obfuscated command execution in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Obfuscated command execution in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Missing Automatic Session Timeout in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data Access Without Role/Permission Verification in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Open CORS Configuration (origin: "*") in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Open CORS Configuration (origin: "*") in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Open CORS Configuration (origin: "*") in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Open CORS Configuration (origin: "*") in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Open CORS Configuration (origin: "*") in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Open CORS Configuration (origin: "*") in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI Data in URL Query Parameters in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Backup may be disabled in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Backup may be disabled in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Backup may be disabled in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Backup may be disabled in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Backup may be disabled in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

🟡 Medium (40)

  • PHI delete operation may lack audit logging in auditor-report.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • PHI create operation may lack audit logging in auditor-report.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • PHI update operation may lack audit logging in auditor-report.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • SELECT * on sensitive table in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • SELECT * on sensitive table in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • SELECT * on sensitive table in remediation-guides.ts

    📝 Reporter code handles and displays finding data which may contain PHI-like strings in examples and remediation guides. This is necessary for report generation and documentation, not actual PHI or production code.

  • SELECT * on sensitive table in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • SELECT * on sensitive table in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • SELECT * on sensitive table in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • SELECT * on sensitive table in strategies.ts

    📝 Fixer code intentionally contains before/after examples of vulnerable code patterns for transformation strategies. These are fix templates used to demonstrate remediation, not production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient address handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient phone handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient phone handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient phone handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient address handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient address handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient address handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient address handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Potential PHI in email subject in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Patient email handling detected in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI read operation may lack audit logging in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI read operation may lack audit logging in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI read operation may lack audit logging in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • SELECT * on sensitive table in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • SELECT * on sensitive table in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Skill from unknown/unverified source in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • Skill from unknown/unverified source in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • SELECT * on PHI Tables Violates Minimum Necessary Principle in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI caching detected in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

  • PHI caching detected in index.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.

🔵 Low (1)

  • JSON Body Parser Without Size Limit in patterns.ts

    📝 Scanner source code contains intentional example patterns for detecting PHI exposure, weak encryption, and security vulnerabilities. These are demonstration patterns used for detection logic, not actual production code.


📊 Scanned 192 files in 5.2s | Powered by vlayer

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/anthropic-ai/sdk-0.80.0 branch from a63aa58 to aaaf673 Compare April 4, 2026 16:38
Bumps [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) from 0.73.0 to 0.80.0.
- [Release notes](https://github.com/anthropics/anthropic-sdk-typescript/releases)
- [Changelog](https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md)
- [Commits](anthropics/anthropic-sdk-typescript@sdk-v0.73.0...sdk-v0.80.0)

---
updated-dependencies:
- dependency-name: "@anthropic-ai/sdk"
  dependency-version: 0.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/anthropic-ai/sdk-0.80.0 branch from aaaf673 to 99e5ce2 Compare April 4, 2026 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants