Code Security Report: 2 findings [main]

[renovate]

Code Security Report

Scan Metadata

Latest Scan: 2026-03-17 02:50PM
Total Findings: 2 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 25
Detected Programming Languages: 4 (JavaScript / TypeScript*, Groovy, Kotlin, Python*)

Most Relevant Findings

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
Medium	Heap Inspection	CWE-244	init.gradle.kts:24	1	2026-03-17 02:51PM
Vulnerable Code mend-examples/Repo-Integration/Private-Registries-No-HostRules/Gradle/Kotlin/init.gradle.kts Lines 20 to 29 in fdb0a20 val globalProperties = readPropertiesFromFile(globalPropertiesFile) val repositoryUrl = projectProperties?.getProperty("repositoryUrl") ?: globalProperties?.getProperty("repositoryUrl") ?: System.getenv("MAVEN_REGISTRY") val repositoryUsername = projectProperties?.getProperty("repositoryUsername") ?: globalProperties?.getProperty("repositoryUsername") ?: System.getenv("MAVEN_USER") val repositoryPassword = projectProperties?.getProperty("repositoryPassword") ?: globalProperties?.getProperty("repositoryPassword") ?: System.getenv("MAVEN_PASS") //Should point to a registry with an upstream remote of: https://plugins.gralde.org/m2/ val pluginRepositoryUrl = projectProperties?.getProperty("pluginRepositoryUrl") ?: globalProperties?.getProperty("pluginRepositoryUrl") ?: System.getenv("GRADLE_PLUGIN_REGISTRY") val pluginRepositoryUsername = projectProperties?.getProperty("pluginRepositoryUsername") ?: globalProperties?.getProperty("pluginRepositoryUsername") ?: System.getenv("GRADLE_PLUGIN_USER") val pluginRepositoryPassword = projectProperties?.getProperty("pluginRepositoryPassword") ?: globalProperties?.getProperty("pluginRepositoryPassword") ?: System.getenv("GRADLE_PLUGIN_PASS") Data Flows (1 detected) mend-examples/Repo-Integration/Private-Registries-No-HostRules/Gradle/Kotlin/init.gradle.kts Line 24 in fdb0a20 val repositoryPassword = projectProperties?.getProperty("repositoryPassword") ?: globalProperties?.getProperty("repositoryPassword") ?: System.getenv("MAVEN_PASS") mend-examples/Repo-Integration/Private-Registries-No-HostRules/Gradle/Kotlin/init.gradle.kts Line 24 in fdb0a20 val repositoryPassword = projectProperties?.getProperty("repositoryPassword") ?: globalProperties?.getProperty("repositoryPassword") ?: System.getenv("MAVEN_PASS")
Medium	Heap Inspection	CWE-244	init.gradle.kts:29	1	2026-03-17 02:51PM
Vulnerable Code mend-examples/Repo-Integration/Private-Registries-No-HostRules/Gradle/Kotlin/init.gradle.kts Lines 25 to 34 in fdb0a20 //Should point to a registry with an upstream remote of: https://plugins.gralde.org/m2/ val pluginRepositoryUrl = projectProperties?.getProperty("pluginRepositoryUrl") ?: globalProperties?.getProperty("pluginRepositoryUrl") ?: System.getenv("GRADLE_PLUGIN_REGISTRY") val pluginRepositoryUsername = projectProperties?.getProperty("pluginRepositoryUsername") ?: globalProperties?.getProperty("pluginRepositoryUsername") ?: System.getenv("GRADLE_PLUGIN_USER") val pluginRepositoryPassword = projectProperties?.getProperty("pluginRepositoryPassword") ?: globalProperties?.getProperty("pluginRepositoryPassword") ?: System.getenv("GRADLE_PLUGIN_PASS") // Plugin repositories section using the same variables settingsEvaluated { dependencyResolutionManagement { repositoriesMode.set(RepositoriesMode.PREFER_SETTINGS) Data Flows (1 detected) mend-examples/Repo-Integration/Private-Registries-No-HostRules/Gradle/Kotlin/init.gradle.kts Line 29 in fdb0a20 val pluginRepositoryPassword = projectProperties?.getProperty("pluginRepositoryPassword") ?: globalProperties?.getProperty("pluginRepositoryPassword") ?: System.getenv("GRADLE_PLUGIN_PASS") mend-examples/Repo-Integration/Private-Registries-No-HostRules/Gradle/Kotlin/init.gradle.kts Line 29 in fdb0a20 val pluginRepositoryPassword = projectProperties?.getProperty("pluginRepositoryPassword") ?: globalProperties?.getProperty("pluginRepositoryPassword") ?: System.getenv("GRADLE_PLUGIN_PASS")

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
Medium	Heap Inspection	CWE-244	Kotlin	2