Corgea
diff --git a/‎.github/workflows/publish-insecure.yml‎
Lines changed: 4 additions & 0 deletions b/‎.github/workflows/publish-insecure.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎corgea_semgrep_3ff1a593-56a7-4ef9-8899-f0c2e52adcb9_report.json‎
Lines changed: 0 additions & 1 deletion b/‎corgea_semgrep_3ff1a593-56a7-4ef9-8899-f0c2e52adcb9_report.json‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎insecure-chart/values.yaml‎
Lines changed: 14 additions & 0 deletions b/‎insecure-chart/values.yaml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎insecure-java/README.md‎
Lines changed: 5 additions & 50 deletions b/‎insecure-java/README.md‎
Lines changed: 5 additions & 50 deletions
diff --git a/‎insecure-js/data.db‎
0 Bytes b/‎insecure-js/data.db‎
0 Bytes
@@ -31,6 +31,10 @@ jobs:
             image: confusedcrib/workload-security-evaluator
             context: ./workload-security-evaluator
             dockerfile: ./workload-security-evaluator/Dockerfile
+          - name: insecure-api
+            image: confusedcrib/insecure-api
+            context: ./insecure-api
+            dockerfile: ./insecure-api/Dockerfile
 
     steps:
       - name: Check out the repo
 
@@ -53,3 +53,17 @@ workloadSecurityEvaluator:
   ports:
     http: 8080
     ssh: 22
+
+insecureApi:
+  namespace: insecure-api
+  appName: insecure-api
+  containerName: insecure-api
+  service:
+    name: insecure-api
+    port: 8000
+    targetPort: 8000
+  replicas: 1
+  image:
+    repository: confusedcrib/insecure-api
+    tag: latest
+  containerPort: 8000
@@ -215,24 +215,7 @@ Copy code
 * Implement proper access controls.  
 * Use HTTPS for secure communication.
 
----
-
-### **4\. XML External Entities (XXE)**
-
-*Note: This vulnerability is not explicitly implemented in the application but is mentioned here for completeness.*
-
-#### **Description**
-
-XXE attacks exploit vulnerabilities in XML parsers to access or manipulate data.
-
-#### **Mitigation**
-
-* Disable external entity processing in XML parsers.  
-* Use less complex data formats like JSON.
-
----
-
-### **5\. Broken Access Control**
+### **4\. Broken Access Control**
 
 #### **Description**
 
@@ -274,7 +257,7 @@ Copy code
 
 ---
 
-### **6\. Security Misconfiguration**
+### **5\. Security Misconfiguration**
 
 #### **Description**
 
@@ -320,7 +303,7 @@ Copy code
 
 ---
 
-### **7\. Cross-Site Scripting (XSS)**
+### **6\. Cross-Site Scripting (XSS)**
 
 #### **Description**
 
@@ -371,21 +354,6 @@ Copy code
 
 ---
 
-### **8\. Insecure Deserialization**
-
-*Note: Not explicitly implemented but included for educational purposes.*
-
-#### **Description**
-
-Insecure deserialization can lead to remote code execution or privilege escalation.
-
-#### **Mitigation**
-
-* Avoid deserializing untrusted data.  
-* Use secure serialization mechanisms.
-
----
-
 ### **9\. Using Components with Known Vulnerabilities**
 
 #### **Description**
@@ -420,20 +388,7 @@ Copy code
 
 ---
 
-### **10\. Insufficient Logging & Monitoring**
-
-#### **Description**
-
-The application lacks proper logging and monitoring, hindering detection of security breaches.
-
-#### **Mitigation**
-
-* Implement comprehensive logging.  
-* Monitor logs for suspicious activities.
-
----
-
-### **11\. Insecure Direct Object References (IDOR)**
+### **10\. Insecure Direct Object References (IDOR)**
 
 #### **Description**
 
@@ -481,7 +436,7 @@ Copy code
 
 ---
 
-### **12\. Cross-Site Request Forgery (CSRF)**
+### **11\. Cross-Site Request Forgery (CSRF)**
 
 #### **Description**