BETA Shoulder is in beta — Findings may sometimes be wrong. Your feedback shapes what we fix next. Share feedback
Shoulder.dev

Understand what every change actually did to your system.
📄
YAML Security
20 rules
9 CWEs 5 critical

YAML Security Vulnerabilities

Shoulder detects 20 security patterns specific to YAML applications built with YAML.

Framework Coverage

Kubernetes 20 rules

Vulnerability Categories

CWE-250 8 rules
Execution with Unnecessary Privileges
3 critical
CWE-319 2 rules
Cleartext Transmission of Sensitive Information
CWE-668 2 rules
Exposure of Resource to Wrong Sphere
1 critical
CWE-732 2 rules
Incorrect Permission Assignment for Critical Resource
CWE-1188 2 rules
Insecure Default Initialization of Resource
CWE-284 1 rules
Improper Access Control
CWE-400 1 rules
Uncontrolled Resource Consumption
CWE-798 1 rules
Use of Hard-coded Credentials
1 critical
CWE-829 1 rules
Inclusion of Functionality from Untrusted Control Sphere
📄

Scan your YAML project

Run Shoulder CLI to find YAML-specific vulnerabilities.

npx @shoulderdev/cli trust . All YAML threats