CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

Trivy Container Image Scan (api)

Process completed with exit code 1.

Go Dependency Vulnerability Scan (controller)

cmd.init calls logr.Logger.WithName, which eventually calls tls.Conn.Write

Go Dependency Vulnerability Scan (controller)

controllers.TemplateReconciler.Reconcile calls client.subResourceClient.Update, which eventually calls tls.Conn.Read

Go Dependency Vulnerability Scan (controller)

cmd.main calls manager.controllerManager.Start, which eventually calls tls.Conn.HandshakeContext

Go Dependency Vulnerability Scan (controller)

cmd.main calls manager.controllerManager.Start, which eventually calls pem.Decode

Go Dependency Vulnerability Scan (controller)

controllers.TemplateReconciler.Reconcile calls client.subResourceClient.Update, which eventually calls url.URL.Parse

Go Dependency Vulnerability Scan (controller)

cmd.main calls config.GetConfigOrDie, which eventually calls url.ParseRequestURI

Go Dependency Vulnerability Scan (controller)

controllers.TemplateReconciler.Reconcile calls client.subResourceClient.Update, which eventually calls url.Parse

Go Dependency Vulnerability Scan (controller)

cmd.main calls manager.controllerManager.Start, which eventually calls asn1.Unmarshal

Go Dependency Vulnerability Scan (controller)

controllers.TemplateReconciler.Reconcile calls client.subResourceClient.Update, which eventually calls http.Client.Do

Go Dependency Vulnerability Scan (controller)

cmd.init calls logr.Logger.WithName, which eventually calls x509.Certificate.Verify

Kubernetes Manifest Security Scan

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_15: "Image Pull Policy should be Always"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_43: "Image should use digest"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_30: "Apply security context to your containers"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_29: "Apply security context to your pods and containers"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_23: "Minimize the admission of root containers"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_22: "Use read-only filesystem for containers where possible"

Kubernetes Manifest Security Scan: manifests/waf/modsecurity-deployment.yaml#L79

CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"

Go Dependency Vulnerability Scan (api)

The strategy configuration was canceled because "go-dependency-scan.controller" failed

Go Dependency Vulnerability Scan (api): api/internal/quota/enforcer.go#L39

package requires newer Go version go1.24 (application built with go1.23)

Go Dependency Vulnerability Scan (api): api/internal/db/database.go#L67

package requires newer Go version go1.24 (application built with go1.23)

Go Dependency Vulnerability Scan (api): api/internal/models/plugin.go#L21

package requires newer Go version go1.24 (application built with go1.23)

Go Dependency Vulnerability Scan (api): api/internal/activity/tracker.go#L36

package requires newer Go version go1.24 (application built with go1.23)

Go Dependency Vulnerability Scan (api): api/internal/k8s/client.go#L78

package requires newer Go version go1.24 (application built with go1.23)

Go Dependency Vulnerability Scan (api)

cannot use typeSchema.Types (variable of type []"sigs.k8s.io/structured-merge-diff/v6/schema".TypeDef) as []"sigs.k8s.io/structured-merge-diff/v4/schema".TypeDef value in struct literal

Go Dependency Vulnerability Scan (api)

cannot use typeSchema.Types (variable of type []"sigs.k8s.io/structured-merge-diff/v6/schema".TypeDef) as []"sigs.k8s.io/structured-merge-diff/v4/schema".TypeDef value in struct literal

Go Dependency Vulnerability Scan (api)

file requires newer Go version go1.24 (application built with go1.23)

Go Dependency Vulnerability Scan (api)

file requires newer Go version go1.24 (application built with go1.23)

Go Dependency Vulnerability Scan (api)

file requires newer Go version go1.24 (application built with go1.23)

Trivy Container Image Scan (ui)

The strategy configuration was canceled because "trivy-container-scan.api" failed

Trivy Container Image Scan (ui)

Process completed with exit code 1.

Trivy Container Image Scan (ui)

Path does not exist: trivy-ui-results.sarif

Trivy Container Image Scan (ui)

The operation was canceled.

npm Dependency Vulnerability Scan

Process completed with exit code 1.

Trivy Container Image Scan (controller)

The strategy configuration was canceled because "trivy-container-scan.api" failed

Trivy Container Image Scan (controller)

Process completed with exit code 1.

Trivy Container Image Scan (controller)

Path does not exist: trivy-controller-results.sarif

Trivy Container Image Scan (controller)

The operation was canceled.

SAST with Semgrep

CodeQL Analysis (javascript)

CodeQL Analysis (go)

Trivy Container Image Scan (api)

No files were found with the provided path: trivy-api-report.html. No artifacts will be uploaded.

Go Dependency Vulnerability Scan (controller)

Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum

Go Dependency Vulnerability Scan (api)

Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum

Trivy Container Image Scan (ui)

No files were found with the provided path: trivy-ui-report.html. No artifacts will be uploaded.

Trivy Container Image Scan (controller)

No files were found with the provided path: trivy-controller-report.html. No artifacts will be uploaded.

CodeQL Analysis (javascript)

Cannot create diff range extension pack for diff-informed queries; reverting to performing full analysis.

CodeQL Analysis (javascript)

Error retrieving diff main...JoshuaAFerguson:claude/fix-docker-build-error-01VHt4LgA588uuPST8Ui5zYQ: Not Found - https://docs.github.com/rest/commits/commits#compare-two-commits

CodeQL Analysis (go)

Cannot create diff range extension pack for diff-informed queries; reverting to performing full analysis.

CodeQL Analysis (go)

Error retrieving diff main...JoshuaAFerguson:claude/fix-docker-build-error-01VHt4LgA588uuPST8Ui5zYQ: Not Found - https://docs.github.com/rest/commits/commits#compare-two-commits

Artifacts

Produced during runtime

Name	Size	Digest
gitleaks-results.sarif Expired	6.62 KB	`sha256:8d8916efefdc137f37522c3d9e7c954baa5025dae173a4004acc797047760d10`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Docker build failure in Go application #58

Summary

Fix Docker build failure in Go application #58

Uh oh!

security-scan.yml

Annotations

Artifacts