company/web-app

Last scanned: 1/15/2024, 10:30:00 AM

SOC 2 Readiness Score

Medium Risk

Your repository has 27 security and compliance issues that need attention, according to Codinel.

SOC 2 Trust Principles Assessment

Evaluation of your repository against the five SOC 2 Trust Principles using Codinel

security

Needs Improvement

availability

Good

confidentiality

Needs Improvement

processing Integrity

Good

privacy

Needs Improvement

Critical

High

Medium

Low

Security Findings

Detailed analysis of security and compliance issues found in your repository by Codinel

Hardcoded API Key Detected

Security

critical

API key found in configuration file

File: src/config/api.js:15

const API_KEY = "sk-1234567890abcdef"; // This should be in env vars

Recommendation:

Move API keys to environment variables and use a secrets management system

SQL Injection Vulnerability

Security

critical

Unsanitized user input in database query

File: src/api/users.js:42

db.query("SELECT * FROM users WHERE id = " + userId); // Vulnerable

Recommendation:

Use parameterized queries or an ORM to prevent SQL injection

Missing HTTPS Enforcement

Confidentiality

high

Application allows HTTP connections

File: server.js:8

app.listen(3000); // Should enforce HTTPS

Recommendation:

Implement HTTPS redirect and HSTS headers

Weak Password Policy

Security

high

No password complexity requirements

File: src/auth/validation.js:23

if (password.length < 6) return false; // Too weak

Recommendation:

Implement strong password requirements (length, complexity, etc.)

Missing Audit Logging

Processing Integrity

medium

No logging for user authentication events

File: src/auth/login.js:35

// Missing: logger.audit('user_login', { userId, timestamp })

Recommendation:

Add comprehensive audit logging for all authentication events