/net/http/pprof were detected as information disclosure vulnerability
pkourampas opened this issue · comments
megazord commented
pprof endpoints are exposed by default automatically by net/http/pprof import, which is reported as High security vulnerability by several different vulnerability scanners.
Although we do understand the importance of having pprof endpoints available for debugging/tuning of the exporter, it would be nice to have ability of turning it off completely in production environments (or opt-in to enable it just for debugging).