[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) from=syft
NAME                INSTALLED  FIXED IN  TYPE    VULNERABILITY        SEVERITY  EPSS        RISK   
pygments            2.19.2     2.20.0    python  GHSA-5239-wwwm-4pmq  Low       0.2% (5th)  < 0.1  
cryptography        46.0.7     48.0.1    python  GHSA-537c-gmf6-5ccf  High      N/A         N/A    
pymdown-extensions  10.16.1    10.21.3   python  GHSA-62q4-447f-wv8h  Medium    N/A         N/A
[0063] ERROR discovered vulnerabilities at or above the severity threshold

Scanning dir .
Starting filesystem walk for root: /
Scanned poetry.lock file and found 61 packages
End status: 35 dirs visited, 117 inodes visited, 1 Extract calls, 15.04137ms elapsed, 15.041561ms wall time

Total 3 packages affected by 3 known vulnerabilities (0 Critical, 1 High, 1 Medium, 1 Low, 0 Unknown) from 1 ecosystem.
3 vulnerabilities can be fixed.

+-------------------------------------+------+-----------+--------------------+---------+---------------+-------------+
| OSV URL                             | CVSS | ECOSYSTEM | PACKAGE            | VERSION | FIXED VERSION | SOURCE      |
+-------------------------------------+------+-----------+--------------------+---------+---------------+-------------+
| https://osv.dev/GHSA-537c-gmf6-5ccf | 7.5  | PyPI      | cryptography       | 46.0.7  | 48.0.1        | poetry.lock |
| https://osv.dev/GHSA-5239-wwwm-4pmq | 3.3  | PyPI      | pygments (dev)     | 2.19.2  | 2.20.0        | poetry.lock |
| https://osv.dev/GHSA-62q4-447f-wv8h | 4.3  | PyPI      | pymdown-extensions | 10.16.1 | 10.21.3       | poetry.lock |
+-------------------------------------+------+-----------+--------------------+---------+---------------+-------------+

Checking formatting...
[warn] mkdocs.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 83.72 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 83.72 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 78.32 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 78.32 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 78.32 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 73.27 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 73.27 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 73.27 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 68.54 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 68.54 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 68.54 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 64.12 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 64.12 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 64.12 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 59.98 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [---------------------------------------------->] 100.00% 59.98 MiB p/s ETA 0s96.56 MiB / 96.56 MiB [-------------------------------------------------] 100.00% 15.48 MiB p/s 6.4s2026-06-18T10:17:48Z	INFO	[vulndb] Artifact successfully downloaded	repo="mirror.gcr.io/aquasec/trivy-db:2"
2026-06-18T10:17:48Z	INFO	[vuln] Vulnerability scanning is enabled
2026-06-18T10:17:48Z	INFO	[misconfig] Misconfiguration scanning is enabled
2026-06-18T10:17:48Z	INFO	[checks-client] Need to update the checks bundle
2026-06-18T10:17:48Z	INFO	[checks-client] Downloading the checks bundle...
234.65 KiB / 234.65 KiB [------------------------------------------------------] 100.00% ? p/s 200ms2026-06-18T10:17:52Z	INFO	[terraform scanner] Scanning root module	file_path="terraform"
2026-06-18T10:17:52Z	WARN	[terraform parser] Variable values were not found in the environment or variable files. Evaluating may not work correctly.	module="root" variables="aws_access_key_id, aws_account_id, aws_secret_access_key, aws_secret_name, github_app_client_id"
2026-06-18T10:17:53Z	INFO	Suppressing dependencies for development and testing. To display them, try the '--include-dev-deps' flag.
2026-06-18T10:17:53Z	INFO	Number of language-specific files	num=1
2026-06-18T10:17:53Z	INFO	[poetry] Detecting vulnerabilities...
2026-06-18T10:17:53Z	INFO	Detected config files	num=4

Report Summary

┌───────────────────┬────────────┬─────────────────┬───────────────────┐
│      Target       │    Type    │ Vulnerabilities │ Misconfigurations │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ poetry.lock       │   poetry   │        1        │         -         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ Dockerfile        │ dockerfile │        -        │         0         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ catalog-info.yaml │ kubernetes │        -        │         0         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ terraform         │ terraform  │        -        │         0         │
├───────────────────┼────────────┼─────────────────┼───────────────────┤
│ terraform/main.tf │ terraform  │        -        │         0         │
└───────────────────┴────────────┴─────────────────┴───────────────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.70/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


poetry.lock (poetry)
====================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

┌──────────────┬─────────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────┐
│   Library    │    Vulnerability    │ Severity │ Status │ Installed Version │ Fixed Version │                       Title                        │
├──────────────┼─────────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────┤
│ cryptography │ GHSA-537c-gmf6-5ccf │ HIGH     │ fixed  │ 46.0.7            │ 48.0.1        │ Vulnerable OpenSSL included in cryptography wheels │
│              │                     │          │        │                   │               │ https://github.com/advisories/GHSA-537c-gmf6-5ccf  │
└──────────────┴─────────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────┘

📣 Notices:
  - Version 0.71.1 of Trivy is now available, current version is 0.70.0

To suppress version checks, run Trivy scans with the --skip-version-check flag

(Truncated to last 5714 characters out of 7518)

.checkov.yml
  25:4      warning  missing starting space in comment  (comments)

.github/workflows/deploy_mkdocs.yml
  4:1       warning  truthy value should be one of [false, true]  (truthy)

concourse/ci.yml
  33:3      warning  comment not indented like content  (comments-indentation)

mkdocs.yml
  11:5      error    wrong indentation: expected 6 but found 4  (indentation)

INFO zizmor: 🌈 zizmor v1.25.0
 INFO audit: zizmor: 🌈 completed .github/workflows/ci.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/deploy_mkdocs.yml
 INFO audit: zizmor: 🌈 completed .github/workflows/megalinter.yml
warning[artipacked]: credential persistence through GitHub Actions artifacts
  --> .github/workflows/deploy_mkdocs.yml:15:9
   |
15 |       - uses: actions/checkout@HIDDEN_BY_MEGALINTER# v4
   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ does not set persist-credentials: false
   |
   = note: audit confidence → Low
   = note: this finding has an auto-fix
   = help: audit documentation → https://docs.zizmor.sh/audits/#artipacked

21 findings (20 suppressed, 1 unsafe fixes): 0 informational, 0 low, 1 medium, 0 high

Results of bash-exec linter (version 5.3.3)
See documentation on https://megalinter.io/9.5.0/descriptors/bash_bash_exec/
-----------------------------------------------

❌ [ERROR] concourse/scripts/assume_role.sh
    Error: File:[concourse/scripts/assume_role.sh] is not executable

✅ [SUCCESS] concourse/scripts/build_image.sh
✅ [SUCCESS] concourse/scripts/set_pipeline.sh
❌ [ERROR] concourse/scripts/terraform_infra.sh
    Error: File:[concourse/scripts/terraform_infra.sh] is not executable

❌ [ERROR] shell_scripts/md_fix.sh
    Error: File:[shell_scripts/md_fix.sh] is not executable

❌ [ERROR] shell_scripts/md_lint.sh
    Error: File:[shell_scripts/md_lint.sh] is not executable