This repo is a fork of DevSlop/Pixi which is a ridiculously insecure API. The intention with this repo is to show how code scanning reusable workflows can help to integrate multiple scanning tools.
Aside from an insecure API, there is also a Dockerfile which references a super old build. There's also a misconfigured Terraform document with lots of IaC vulnerabilities.