← Legacy view v2 (rp.*)

kite-org/kite

https://github.com/kite-org/kite.git · lang: typescript · LOC: · source: user_submitted

Quality
67.7
Grade B-
Security
32.3
Findings
10
1 critical · 0 high
Status
completed
May 16, 2026 04:21
info: 6 medium: 3 critical: 1
Top rules by occurrence
RuleSeverityCount
SEC007 Unsafe Deserialization medium 4
SEC015 Insecure Randomness for Security medium 3
SEC001 Hardcoded Password critical 1
SEC020 Secret Printed to Logs high 1
SEC022 Database URL With Embedded Credential critical 1
First 10 findings (severity-sorted)
critical SEC022 Database URL With Embedded Credential
pkg/handlers/template_handler.go:307 · conf 1.00 
[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working c…
medium SEC007 Unsafe Deserialization
ui/src/components/helm-install-dialog.tsx:98 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC007 Unsafe Deserialization
ui/src/components/yaml-editor.tsx:82 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
medium SEC007 Unsafe Deserialization
ui/src/pages/helmrelease-detail.tsx:324 · conf 1.00 
[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.
info SEC001 Hardcoded Password
pkg/model/oauth.go:8 · conf 0.15 
[SEC001] Hardcoded Password: Hardcoded password found in source code.
info SEC007 Unsafe Deserialization
· conf 0.20 
[SEC007] Unsafe Deserialization (and 2 more): Same pattern found in 2 additional files. Review if needed.
info SEC015 Insecure Randomness for Security
ui/src/components/resource-table.tsx:249 · conf 0.15 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
ui/src/components/ui/sidebar.tsx:612 · conf 0.15 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
ui/src/hooks/use-ai-chat.ts:32 · conf 0.15 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC020 Secret Printed to Logs
ui/src/contexts/auth-context.tsx:188 · conf 0.15 
[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for tro…

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/ce9853f6-8ab9-4432-9aca-64784de14cc8/.