← Legacy view v2 (rp.*)

confluentinc/quickstart-streaming-agents

https://github.com/confluentinc/quickstart-streaming-agents · lang: python · LOC: · source: user_submitted

Quality
71.1
Grade B
Security
72.4
Findings
8
2 critical · 1 high
Status
completed
May 15, 2026 14:47
info: 3 critical: 2 medium: 2 high: 1
Top rules by occurrence
RuleSeverityCount
SEC020 Secret Printed to Logs high 3
SEC001 Hardcoded Password critical 2
SEC022 Database URL With Embedded Credential critical 2
SEC003 Hardcoded Secret critical 1
First 8 findings (severity-sorted)
critical SEC022 Database URL With Embedded Credential
scripts/common/clear_mongodb.py:133 · conf 1.00 
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…
critical SEC022 Database URL With Embedded Credential
scripts/common/validate.py:254 · conf 1.00 
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…
high SEC020 Secret Printed to Logs
scripts/setup_rtce.py:88 · conf 0.72 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
medium SEC001 Hardcoded Password
scripts/common/tfvars.py:157 · conf 0.30 
[SEC001] Hardcoded Password: Hardcoded password found in source code.
medium SEC003 Hardcoded Secret
scripts/common/tfvars.py:100 · conf 0.30 
[SEC003] Hardcoded Secret: Hardcoded secret key found in source code.
info SEC001 Hardcoded Password
scripts/common/datagen_helpers.py:119 · conf 0.10 
[SEC001] Hardcoded Password: Hardcoded password found in source code.
info SEC020 Secret Printed to Logs
scripts/common/validate.py:887 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…
info SEC020 Secret Printed to Logs
scripts/common/workshop_key_manager.py:1103 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/1be990eb-99e8-42fb-9096-fc9bf6f5319f/.