Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Scrutinizer Config - Detect" module is designed to detect misconfigurations in the Scrutinizer configuration. Scrutinizer is a code quality and security analysis tool used by developers to identify issues in their code. This module focuses on identifying misconfigurations in the Scrutinizer configuration file, specifically the ".scrutinizer.yml" file.
This module has an informative severity level, meaning it provides valuable information but does not indicate a direct vulnerability or security risk.
This module was authored by DhiyaneshDK.
The impact of a misconfigured Scrutinizer configuration can vary depending on the specific misconfiguration. However, it can potentially lead to inaccurate code quality and security analysis results, which may affect the overall reliability and security of the software being analyzed.
The "Scrutinizer Config - Detect" module works by sending an HTTP GET request to the ".scrutinizer.yml" file. It then applies matching conditions to determine if any misconfigurations are present.
Here is an example of the HTTP request sent by the module:
GET /.scrutinizer.yml
The module applies the following matching conditions:
- The response body must contain the words "build:", "filter:", and "tools:". - The response status code must be 200 (OK).If both matching conditions are met, the module will report that a Scrutinizer configuration has been detected.
Reference:
- https://scrutinizer-ci.com/docs/configuration - https://scrutinizer-ci.com/Metadata:
verified: true