Summary
Security audit of plugin-cloudquery against OWASP Top 10 (2025), CWE Top 25, OWASP ASVS Level 1, Kestra Plugin-Specific Threats (KPS), and Supply Chain Dependency Hygiene.
Audit date: 2026-06-30
Auditor: AI-assisted scan (kestra-plugin-security-auditing skill)
Findings Overview
CRITICAL (tracked as sub-issues)
None
HIGH (tracked as sub-issues)
- Credential env map included in Lombok @tostring output —
src/main/java/io/kestra/plugin/cloudquery/AbstractCloudQueryCommand.java:31
MEDIUM (no sub-issue — remediate during next sprint)
None
LOW (no sub-issue — address opportunistically)
None
Acceptance Criteria
Standards
View full audit report as Artifact
Summary
Security audit of
plugin-cloudqueryagainst OWASP Top 10 (2025), CWE Top 25, OWASP ASVS Level 1, Kestra Plugin-Specific Threats (KPS), and Supply Chain Dependency Hygiene.Audit date: 2026-06-30
Auditor: AI-assisted scan (
kestra-plugin-security-auditingskill)Findings Overview
CRITICAL (tracked as sub-issues)
None
HIGH (tracked as sub-issues)
src/main/java/io/kestra/plugin/cloudquery/AbstractCloudQueryCommand.java:31MEDIUM (no sub-issue — remediate during next sprint)
None
LOW (no sub-issue — address opportunistically)
None
Acceptance Criteria
Standards
View full audit report as Artifact