Skip to content
Security Scanning

Merge pull request #43 from JoshuaAFerguson/claude/fix-go-dependency-… #77

Sign in to view logs

Merge pull request #43 from JoshuaAFerguson/claude/fix-go-dependency-…

Merge pull request #43 from JoshuaAFerguson/claude/fix-go-dependency-… #77

Triggered via push November 16, 2025 10:28
@JoshuaAFergusonJoshuaAFerguson
pushed 4748bc1
main
Status Failure
Total duration 5m 15s
Artifacts 1

security-scan.yml

on: push
Matrix: CodeQL Analysis
Matrix: Dockerfile Linting
Matrix: Go Dependency Vulnerability Scan
Matrix: Trivy Container Image Scan
npm Dependency Vulnerability Scan
41s
npm Dependency Vulnerability Scan
Secret Scanning with Gitleaks
8s
Secret Scanning with Gitleaks
SAST with Semgrep
44s
SAST with Semgrep
Kubernetes Manifest Security Scan
21s
Kubernetes Manifest Security Scan
Dependency Review
0s
Dependency Review
Security Scan Summary
3s
Security Scan Summary
Fit to window
Zoom out
Zoom in

Annotations

47 errors and 5 warnings
Trivy Container Image Scan (api)
Process completed with exit code 1.
Trivy Container Image Scan (api)
Path does not exist: trivy-api-results.sarif
Trivy Container Image Scan (api)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Trivy Container Image Scan (api)
Process completed with exit code 1.
Kubernetes Manifest Security Scan
Path does not exist: checkov-k8s-results.sarif
Kubernetes Manifest Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Dockerfile Linting (api): api/Dockerfile#L44
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
Dockerfile Linting (api): api/Dockerfile#L30
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
Dockerfile Linting (api): api/Dockerfile#L12
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
Trivy Container Image Scan (controller)
The strategy configuration was canceled because "trivy-container-scan.api" failed
Trivy Container Image Scan (controller)
Process completed with exit code 1.
Trivy Container Image Scan (controller)
Path does not exist: trivy-controller-results.sarif
Trivy Container Image Scan (controller)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Trivy Container Image Scan (controller)
The operation was canceled.
Dockerfile Linting (controller)
The strategy configuration was canceled because "docker-lint.api" failed
Dockerfile Linting (ui)
The strategy configuration was canceled because "docker-lint.api" failed
Dockerfile Linting (ui)
The operation was canceled.
Trivy Container Image Scan (ui)
The strategy configuration was canceled because "trivy-container-scan.api" failed
Trivy Container Image Scan (ui)
Process completed with exit code 1.
Trivy Container Image Scan (ui)
Path does not exist: trivy-ui-results.sarif
Trivy Container Image Scan (ui)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Trivy Container Image Scan (ui)
The operation was canceled.
Go Dependency Vulnerability Scan (controller)
controllers.TemplateReconciler.Reconcile calls client.subResourceClient.Update, which eventually calls http2.Transport.NewClientConn
Go Dependency Vulnerability Scan (controller)
controllers.SessionReconciler.handleTerminated calls fmt.Sprintf, which eventually calls http2.StreamError.Error
Go Dependency Vulnerability Scan (controller)
controllers.SessionReconciler.handleTerminated calls fmt.Sprintf, which eventually calls http2.SettingID.String
Go Dependency Vulnerability Scan (controller)
controllers.SessionReconciler.handleTerminated calls fmt.Sprintf, which eventually calls http2.Setting.String
Go Dependency Vulnerability Scan (controller)
controllers.SessionReconciler.handleTerminated calls fmt.Sprintf, which eventually calls http2.GoAwayError.Error
Go Dependency Vulnerability Scan (controller)
controllers.SessionReconciler.handleTerminated calls fmt.Sprintf, which eventually calls http2.FrameType.String
Go Dependency Vulnerability Scan (controller)
controllers.SessionReconciler.handleTerminated calls fmt.Sprintf, which eventually calls http2.FrameHeader.String
Go Dependency Vulnerability Scan (controller)
controllers.SessionReconciler.handleTerminated calls fmt.Sprintf, which eventually calls http2.ErrCode.String
Go Dependency Vulnerability Scan (controller)
controllers.SessionReconciler.handleTerminated calls fmt.Sprintf, which eventually calls http2.ConnectionError.Error
Go Dependency Vulnerability Scan (controller)
cmd.main calls manager.New, which eventually calls http2.ConfigureTransports
Go Dependency Vulnerability Scan (api)
The strategy configuration was canceled because "go-dependency-scan.controller" failed
Go Dependency Vulnerability Scan (api): api/internal/api/handlers.go#L606
templates[j].UsageCount undefined (type *k8s.Template has no field or method UsageCount)
Go Dependency Vulnerability Scan (api): api/internal/api/handlers.go#L606
templates[i].UsageCount undefined (type *k8s.Template has no field or method UsageCount)
Go Dependency Vulnerability Scan (api): api/internal/api/handlers.go#L594
tmpl.Featured undefined (type *k8s.Template has no field or method Featured)
Go Dependency Vulnerability Scan (api): api/internal/api/handlers.go#L298
h.quotaEnforcer.UpdateSessionQuota undefined (type *quota.Enforcer has no field or method UpdateSessionQuota)
Go Dependency Vulnerability Scan (api): api/internal/api/handlers.go#L230
h.quotaEnforcer.UpdateSessionQuota undefined (type *quota.Enforcer has no field or method UpdateSessionQuota)
Go Dependency Vulnerability Scan (api): api/internal/api/handlers.go#L168
h.quotaEnforcer.CheckSessionQuota undefined (type *quota.Enforcer has no field or method CheckSessionQuota)
Go Dependency Vulnerability Scan (api): api/internal/api/handlers.go#L161
undefined: quota.SessionRequest
Go Dependency Vulnerability Scan (api): api/internal/websocket/handlers.go#L238
declared and not used: err
Go Dependency Vulnerability Scan (api)
cannot use typeSchema.Types (variable of type []"sigs.k8s.io/structured-merge-diff/v6/schema".TypeDef) as []"sigs.k8s.io/structured-merge-diff/v4/schema".TypeDef value in struct literal
Go Dependency Vulnerability Scan (api)
cannot use typeSchema.Types (variable of type []"sigs.k8s.io/structured-merge-diff/v6/schema".TypeDef) as []"sigs.k8s.io/structured-merge-diff/v4/schema".TypeDef value in struct literal
SAST with Semgrep
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
npm Dependency Vulnerability Scan
Process completed with exit code 1.
CodeQL Analysis (javascript)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
CodeQL Analysis (go)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Trivy Container Image Scan (api)
No files were found with the provided path: trivy-api-report.html. No artifacts will be uploaded.
Trivy Container Image Scan (controller)
No files were found with the provided path: trivy-controller-report.html. No artifacts will be uploaded.
Trivy Container Image Scan (ui)
No files were found with the provided path: trivy-ui-report.html. No artifacts will be uploaded.
Go Dependency Vulnerability Scan (controller)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
Go Dependency Vulnerability Scan (api)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum

Artifacts

Produced during runtime
Name Size Digest
gitleaks-results.sarif Expired
6.62 KB
sha256:9620a9d549002eec70a4170650828574ffec31e6fd13861e5089f07fc72ac1f1