Artifact Analysis Reports
ARK built artifacts undergo regular security scanning to identify vulnerabilities in containers, binaries, tools, and Helm charts before deployment.
Given the fast pace that we are integrating other parts of our tech stack, we are balancing initial speed against technical debt. We gate our build in such a way that the trend of issues in any category must be downwards - this will force us to a zero issue codebase (potentially with exceptions if appropriate).
However, for full transparency, here is a summary of recent scans.
Report Overview - 2025-08-20
| Artifact | Critical | High | Medium | Low | Status |
|---|---|---|---|---|---|
| ark-controller | 0 | 0 | 0 | 0 | ✅ Pass |
| ark-mcp | 0 | 4 | 1 | 21 | ⚠️ Exceptions Documented and Approved |
| ark-api | 3 | 11 | 14 | 41 | ⚠️ Fix in progress |
| ark-api-a2a | 3 | 9 | 14 | 35 | ⚠️ Fix in progress |
| ark-dashboard | 0 | 0 | 0 | 0 | ✅ Pass |
Thematically these issues are in Debian packages with known vulterabilities (such as sqllite) and in certain versions of PIP. All are in progress and gated to ensure trend is downwards.
Last updated on