## Summary `go-saas/kit-layout` issues are disabled; tracking this audit item in `go-saas/kit`. ## Findings (`kit-layout`) - [ ] `Critical | confirmed` hard-coded JWT secret and security cookie hash. - Evidence: `kit-layout/configs/config.yaml:41`, `:43` - [ ] `High | probable` permissive CORS wildcard. - Evidence: `kit-layout/configs/config.yaml:7` - [ ] `Medium | confirmed` container runs as root. - Evidence: `kit-layout/Dockerfile:8`, `:24` ## Suggested Direction - Externalize/rotate secrets. - Restrict CORS per environment. - Run as non-root user.
Summary
go-saas/kit-layoutissues are disabled; tracking this audit item ingo-saas/kit.Findings (
kit-layout)Critical | confirmedhard-coded JWT secret and security cookie hash.kit-layout/configs/config.yaml:41,:43High | probablepermissive CORS wildcard.kit-layout/configs/config.yaml:7Medium | confirmedcontainer runs as root.kit-layout/Dockerfile:8,:24Suggested Direction