Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
Initial release of insecure-defaults. - Detects fail-open insecure defaults including hardcoded secrets, weak authentication, and permissive security configurations in production-reachable code. - Helps with audits, code reviews, and configuration management by focusing on environment variable handling and insecure defaults. - Clearly distinguishes between fail-open (critical) and fail-secure (safe) patterns. - Provides search guidance and verification workflow, including example patterns and report template. - Includes a thorough checklist of common insecure defaults and guidance on when findings are relevant.