peteski22/security
Check code changes for security vulnerabilities
56
Quality
71%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Securityby
Passed
No known issues
contract.json
{
"name": "security",
"version": "1.1.0",
"input": ["git diff (all files)"],
"output_schema": "hard/should/warn with JSON structure (unified)",
"assumes": [],
"scope": [
"Hardcoded secrets and credentials",
"Injection vulnerabilities (SQL, command, XSS)",
"Path traversal",
"Insecure configurations",
"Authentication/authorization gaps"
],
"excludes": [
"Code style or formatting",
"Language idioms",
"Performance",
"Test coverage"
],
"hard_rules": [
"Secrets and Credentials",
"Injection Vulnerabilities",
"Path Traversal",
"Authentication/Authorization gaps"
],
"should_rules": [
"Insecure Configurations"
],
"warn_rules": [
"Potential issues (placeholders, deprecated functions, missing headers)"
],
"references": [
"OWASP Top 10"
],
"batch_size": 50
}