{"timestamp":"2026-06-03T23:33:36.421Z","version":"1.0.0","platform":"TradeClaw","overall_score":92,"owasp_top_10":[{"id":"A01","name":"Broken Access Control","status":"pass","detail":"Public routes only, no auth-gated data exposed"},{"id":"A02","name":"Cryptographic Failures","status":"pass","detail":"HMAC-SHA256 webhook signing, secrets in env vars only"},{"id":"A03","name":"Injection","status":"pass","detail":"No SQL/NoSQL, JSON file storage only, no query building"},{"id":"A04","name":"Insecure Design","status":"warn","detail":"Single-node file storage not for production with sensitive data"},{"id":"A05","name":"Security Misconfiguration","status":"pass","detail":"Security headers, CSP, X-Frame-Options configured"},{"id":"A06","name":"Vulnerable Components","status":"pass","detail":"Dependabot enabled, regular audits"},{"id":"A07","name":"Auth Failures","status":"pass","detail":"No auth = no auth bypass vulnerabilities in public mode"},{"id":"A08","name":"Software Integrity","status":"pass","detail":"npm lockfile committed, GitHub Actions CI pipeline"},{"id":"A09","name":"Logging Failures","status":"warn","detail":"File-based logging only, no centralized SIEM"},{"id":"A10","name":"SSRF","status":"pass","detail":"External fetches validated to allowlist domains (Binance, Yahoo)"}],"headers":{"Content-Security-Policy":"default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self' https:; frame-ancestors 'none'","X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","Referrer-Policy":"strict-origin-when-cross-origin","Permissions-Policy":"camera=(), microphone=(), geolocation=()"},"dependencies":{"last_audit":"2026-06-03T23:33:36.421Z","critical":0,"high":0,"moderate":0,"low":0}}