Scan Date: 2026-04-06 09:37:35 UTC Tool Version: v0.1.0
Total repositories scanned: 10 Repositories with issues: 6 Total issues found: 18
| Repository | Total Issues | Critical | High | Medium | Low | Status |
|---|---|---|---|---|---|---|
| avelino/awesome-go | 0 | 0 | 0 | 0 | 0 | ✓ Clean |
| fatedier/frp | 9 | 0 | 3 | 6 | 0 | ✗ High |
| gin/gonic-gin | 0 | 0 | 0 | 0 | 0 | ✓ Clean |
| gohugoio/hugo | 6 | 0 | 6 | 0 | 0 | ✗ High |
| jesseduffield/lazygit | 2 | 0 | 2 | 0 | 0 | ✗ High |
| junegunn/fzf | 0 | 0 | 0 | 0 | 0 | ✓ Clean |
| kubernetes/kubernetes | 0 | 0 | 0 | 0 | 0 | ✓ Clean |
| ollama/ollama | 1 | 0 | 1 | 0 | 0 | ✗ High |
| syncthing/syncthing | 0 | 0 | 0 | 0 | 0 | ✓ Clean |
| Rule ID | Description | Severity | Count | CWE |
|---|---|---|---|---|
| CRYPTO001 | MD5 usage for security purposes | HIGH | - | CWE-328 |
| CRYPTO002 | SHA1 usage for security purposes | HIGH | - | CWE-328 |
| CRYPTO010 | Hardcoded cryptographic key | CRITICAL | - | CWE-321 |
| CRYPTO020 | Static IV/nonce detected | CRITICAL | - | CWE-329 |
| CRYPTO040 | Quantum-vulnerable algorithm | MEDIUM | - | CWE-327 |
- Immediate Review: All CRITICAL severity issues should be reviewed immediately
- Remediation Plan: Create tickets for HIGH severity issues
- Security Best Practices:
- Never hardcode cryptographic keys
- Use crypto/rand for IV/nonce generation
- Replace MD5/SHA1 with SHA-256 or stronger
- Consider post-quantum cryptography for long-term secrets
- Review all CRITICAL findings
- Patch hardcoded keys immediately
- Update cryptographic algorithms
- Implement secure key management
- Run follow-up scan after remediation
Report generated by CryptoGuard-Go - Automated Cryptographic Vulnerability Scanner For questions or issues, please visit: https://github.com/ravisastryk/cryptoguard-go/issues