Skip to content

Add Database Read-Only User and Update to Next.js#1206

Open
aurbac wants to merge 15 commits intoawslabs:mainfrom
aurbac:data-analyst-assistant-new
Open

Add Database Read-Only User and Update to Next.js#1206
aurbac wants to merge 15 commits intoawslabs:mainfrom
aurbac:data-analyst-assistant-new

Conversation

@aurbac
Copy link
Copy Markdown
Contributor

@aurbac aurbac commented Mar 29, 2026

No description provided.

@github-actions github-actions bot added 02-use-cases 02-use-cases video-games-sales-assistant 02-use-cases/video-games-sales-assistant labels Mar 29, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 29, 2026
edited
Loading

Latest scan for commit: 8349e7b | Updated: 2026-04-03 04:50:46 UTC

Security Scan Results

Scan Metadata

  • Project: ASH
  • Scan executed: 2026-04-03T04:50:35+00:00
  • ASH version: 3.0.0

Summary

Scanner Results

The table below shows findings by scanner, with status based on severity thresholds and dependencies:

Column Explanations:

Severity Levels (S/C/H/M/L/I):

  • Suppressed (S): Security findings that have been explicitly suppressed/ignored and don't affect the scanner's pass/fail status
  • Critical (C): The most severe security vulnerabilities requiring immediate remediation (e.g., SQL injection, remote code execution)
  • High (H): Serious security vulnerabilities that should be addressed promptly (e.g., authentication bypasses, privilege escalation)
  • Medium (M): Moderate security risks that should be addressed in normal development cycles (e.g., weak encryption, input validation issues)
  • Low (L): Minor security concerns with limited impact (e.g., information disclosure, weak recommendations)
  • Info (I): Informational findings for awareness with minimal security risk (e.g., code quality suggestions, best practice recommendations)

Other Columns:

  • Time: Duration taken by each scanner to complete its analysis
  • Action: Total number of actionable findings at or above the configured severity threshold that require attention

Scanner Results:

  • PASSED: Scanner found no security issues at or above the configured severity threshold - code is clean for this scanner
  • FAILED: Scanner found security vulnerabilities at or above the threshold that require attention and remediation
  • MISSING: Scanner could not run because required dependencies/tools are not installed or available
  • SKIPPED: Scanner was intentionally disabled or excluded from this scan
  • ERROR: Scanner encountered an execution error and could not complete successfully

Severity Thresholds (Thresh Column):

  • CRITICAL: Only Critical severity findings cause scanner to fail
  • HIGH: High and Critical severity findings cause scanner to fail
  • MEDIUM (MED): Medium, High, and Critical severity findings cause scanner to fail
  • LOW: Low, Medium, High, and Critical severity findings cause scanner to fail
  • ALL: Any finding of any severity level causes scanner to fail

Threshold Source: Values in parentheses indicate where the threshold is configured:

  • (g) = global: Set in the global_settings section of ASH configuration
  • (c) = config: Set in the individual scanner configuration section
  • (s) = scanner: Default threshold built into the scanner itself

Statistics calculation:

  • All statistics are calculated from the final aggregated SARIF report
  • Suppressed findings are counted separately and do not contribute to actionable findings
  • Scanner status is determined by comparing actionable findings to the threshold
Scanner S C H M L I Time Action Result Thresh
bandit 0 0 0 0 0 0 392ms 0 PASSED MED (g)
cdk-nag 0 0 0 0 0 0 38.0s 0 PASSED MED (g)
cfn-nag 0 0 0 0 0 0 2.0s 0 PASSED MED (g)
checkov 0 0 0 0 0 0 5.3s 0 PASSED MED (g)
detect-secrets 0 0 0 0 0 0 1.4s 0 PASSED MED (g)
grype 0 1 0 1 0 0 39.3s 2 FAILED MED (g)
npm-audit 0 0 0 0 0 0 196ms 0 PASSED MED (g)
opengrep 0 0 0 0 0 0 <1ms 0 SKIPPED MED (g)
semgrep 0 0 0 0 0 0 23.7s 0 PASSED MED (g)
syft 0 0 0 0 0 0 4.6s 0 PASSED MED (g)

Detailed Findings

Show 2 actionable findings

Finding 1: GHSA-8gc5-j5rx-235r-fast-xml-parser

  • Severity: HIGH
  • Scanner: grype
  • Rule ID: GHSA-8gc5-j5rx-235r-fast-xml-parser
  • Location: 02-use-cases/video-games-sales-assistant/amplify-video-games-sales-assistant-agentcore-strands/pnpm-lock.yaml:1

Description:
A high vulnerability in npm package: fast-xml-parser, version 5.4.1 was found at: /02-use-cases/video-games-sales-assistant/amplify-video-games-sales-assistant-agentcore-strands/pnpm-lock.yaml

Finding 2: GHSA-jp2q-39xq-3w4g-fast-xml-parser

  • Severity: MEDIUM
  • Scanner: grype
  • Rule ID: GHSA-jp2q-39xq-3w4g-fast-xml-parser
  • Location: 02-use-cases/video-games-sales-assistant/amplify-video-games-sales-assistant-agentcore-strands/pnpm-lock.yaml:1

Description:
A medium vulnerability in npm package: fast-xml-parser, version 5.4.1 was found at: /02-use-cases/video-games-sales-assistant/amplify-video-games-sales-assistant-agentcore-strands/pnpm-lock.yaml

Report generated by Automated Security Helper (ASH) at 2026-04-03T04:50:29+00:00

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

02-use-cases 02-use-cases video-games-sales-assistant 02-use-cases/video-games-sales-assistant

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aurbac