Dashboard
Dashboard

Documentation

Demo Call with CEO

Blog

Slack

Get Started

CodeAnt AI
Setup
Control Center
Pull Request Review
IDE
Compliance
Anti-Patterns
Code Governance
Infrastructure Security Database
Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
  - Aws-lambda
  - Gin
  - Gorilla
  - Gorm
  - Grpc
  - Jwt-go
    - Security
    - Security
  - Lang
  - Net
  - Otto
  - Secrets
  - Template
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Open Source
Blogs

Jwt-go

Security

jwt-go-none-algorithm

Detected use of the ‘none’ algorithm in a JWT token. The ‘none’ algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the ‘none’ algorithm. Instead, use an algorithm such as ‘HS256’.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

hardcoded-jwt-key

A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-798: Use of Hard-coded Credentials
OWASP:
- A07:2021 - Identification and Authentication Failures

Grpc tainted url host Audit

twitter linkedin

Powered by Mintlify

Assistant

Responses are generated using AI and may contain mistakes.