azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-27 11:01:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
184cbd5459ee88dbbfade34c2220e97fc450f7c3
satellite-provider/_docs/05_security/security_report_cycle13.md
T
Oleksandr Bezdieniezhnykh 80ef5608f1 chore: WIP pre-implement cycle 14 baseline 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-26 16:13:37 +03:00

1.6 KiB
Raw Blame History

Security Audit Report (Cycle 13)

Date: 2026-06-26 Scope: Cycle-13 delta — AZ-1126 (capturedAt DateTimeOffset / F-AZ810-2 closure). Trigger: /autodev Step 14 — user chose A) Run security audit. Verdict (cycle-13 delta): PASS — F-AZ810-2 resolved; 0 new Critical/High/Medium. Verdict (cumulative): PASS_WITH_WARNINGS — D-AZ795-1, D2-cy4 remain open.

Summary

Severity Cycle 13 at audit Cumulative open
Critical 0 0
High 0 0
Medium 0 1 (D2-cy4 test-runtime)
Low 0 new 1 (D-AZ795-1)

OWASP Top 10:2021 (cycle-13 delta)

See owasp_review_cycle13.md — A08/A09 improved; all other categories unchanged PASS/N/A.

Findings

# Severity Category Location Title Status
F-AZ810-2 Low Time-handling (A08/A09) UavTileMetadata.CapturedAt DateTime vs DateTimeOffset RESOLVED (AZ-1126)

Carry-overs (still open)

  • D-AZ795-1 — FluentValidation 12.0.0 → 12.1.1
  • D2-cy4 — test SDK transitive JWT advisory (Moderate, test-runtime only)

Recommendations

Immediate

  • None blocking cycle 13 ship.

Short-term

  • D-AZ795-1: bump FluentValidation when a coordinated package bump task lands.

Long-term

  • D2-cy4: pin JWT test packages when upstream resolves GHSA-59j7-ghrg-fj52 for 7.0.3 line.

Artifacts

  • dependency_scan_cycle13.md
  • static_analysis_cycle13.md
  • owasp_review_cycle13.md
  • infrastructure_review_cycle13.md
Reference in New Issue View Git Blame Copy Permalink