fix(security): Security scan report - 2026-05-25 (0 findings)

[factory-droid]

Security Scan Report

See .factory/security/reports/security-report-2026-05-25.md for details.

Summary

Severity	Count	Auto-fixed	Manual Required
CRITICAL	0	0	0
HIGH	0	0	0
MEDIUM	0	0	0
LOW	0	0	0

Key Findings

• 0 vulnerabilities found at or above medium severity threshold
• 1 commit scanned (bbced1a)
• 1627 files changed in the scanned commit

Security Posture

• ✅ No hardcoded secrets found
• ✅ enforced workspace-wide
• ✅ GitHub Actions follow security best practices
• ✅ All subprocess calls have timeouts
• ✅ Dependency scanning configured (cargo-deny + dependency-review-action)

Threat Model

A new threat model was generated and is available at .factory/threat-model.md.

Scanned Files

The weekly scan covered changes from the large merge commit including:

• Rust source code (crates/ripr/src/)
• GitHub Actions workflows (.github/workflows/)
• Policy files (policy/, .ripr/)
• Documentation and fixtures

[codecov]

❌ 1 Tests Failed:

Tests completed	Failed	Passed	Skipped
2380	1	2379	0

View the top 1 failed test(s) by shortest run time

xtask::bin/xtask::tests::policy_checker_facade_runs_current_repo_checks

Stack Traces | 0.301s run time

Error: "check-static-language failed; see .../ripr/reports/static-language.md\n..../security/reports/security-report-2026-05-25.md:41 contains prohibited static-language term `killed`\n..../security/reports/security-report-2026-05-25.md:41 contains prohibited static-language term `survived`"

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}