This pull request contains multiple security vulnerabilities, including hardcoded database credentials and a potential authorization bypass in the GraphQL project update mutation, which could expose sensitive authentication information and compromise access controls.

✨ Code Policies (1)

Policy	hardcoded-creds
Result	Yes, the change includes a hard-coded password "lsjdfa8u4uqf" directly embedded in the database configuration file. Guidance: refer issues to the security team

💭 Unconfirmed Findings (2)

Vulnerability	Authorization Bypass Potential
Description	A vulnerability in the GraphQL mutation's authorization logic for project updates was identified in app/graphql/mutations/projects/update_project.rb. The modification of the authorization mechanism could potentially compromise access control by weakening the existing authorization checks.

Vulnerability	Hardcoded Credentials
Description	Sensitive database credentials were found hardcoded in the config/database.yml file. This static definition of database passwords exposes authentication information and creates a security risk that could allow unauthorized database access.

---

All finding details can be found in the DryRun Security Dashboard.