PLAYGROUND SCAN
Generated 2026-06-08 16:41:05 UTC
Download SARIF

https://github.com/vulnerable-apps/verademo

Playground scan · GitHub repository · Nixer
25
RISK SCORE
MEDIUM
1 Critical
0 High
0 Medium
0 Low
1 Total findings
playground Scan profile
Full scan on your stack
npx nixer scan https://github.com/vulnerable-apps/verademo

Findings Playground profile — full scan via CLI runs 6× more probes

CRITICAL secrets-scan #1

Exposed Hardcoded Password

app/src/main/java/com/veracode/verademo/controller/UserController.java:347

Detected Hardcoded Password in app/src/main/java/com/veracode/verademo/controller/UserController.java:347. Value: Password val***

Remediation

Remove or rotate this credential immediately. Use environment variables instead: process.env.API_KEY.

🏅

Add your Nixer Score badge

Embed this in your README — links back to this report so visitors see exactly what was found.

Nixer Score badge preview
[![Nixer Score](https://nixer.polsia.app/badge/9bdf2d8b4a54dac65ecad24e.svg)](https://nixer.polsia.app/try/r/9bdf2d8b4a54dac65ecad24e)
See all repos on the leaderboard →
This was the playground profile — 10 probes, 60s cap.

Scan this on every PR — catch findings before they ship.

One line in your GitHub Actions workflow. Fails the build on critical findings. Free for public repos.

npx nixer scan https://github.com/vulnerable-apps/verademo
Install GitHub Action → Scan another target → Private repos? See Pro →