Update k8s.io/apimachinery to version 0.34.2 #80
JoshuaAFergusonsecurity-scan.yml
on: pull_request
Matrix: CodeQL Analysis
Matrix: Dockerfile Linting
Matrix: Go Dependency Vulnerability Scan
Matrix: Trivy Container Image Scan
npm Dependency Vulnerability Scan
48s
Secret Scanning with Gitleaks
5s
SAST with Semgrep
43s
Kubernetes Manifest Security Scan
27s
Dependency Review
6s
Security Scan Summary
2s
Annotations
46 errors and 9 warnings
|
Dependency Review
Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled, see https://github.com/JoshuaAFerguson/streamspace/settings/security_analysis
|
|
Dockerfile Linting (controller):
controller/Dockerfile#L29
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
|
|
Dockerfile Linting (api):
api/Dockerfile#L44
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Dockerfile Linting (api):
api/Dockerfile#L30
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
|
|
Dockerfile Linting (api):
api/Dockerfile#L12
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Dockerfile Linting (ui)
The strategy configuration was canceled because "docker-lint.api" failed
|
|
Kubernetes Manifest Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_15: "Image Pull Policy should be Always"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_43: "Image should use digest"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_30: "Apply security context to your containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_29: "Apply security context to your pods and containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_23: "Minimize the admission of root containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_22: "Use read-only filesystem for containers where possible"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/stubs.go#L347
undefined: unstructured
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/stubs.go#L274
undefined: unstructured
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/handlers.go#L606
templates[j].UsageCount undefined (type *k8s.Template has no field or method UsageCount)
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/handlers.go#L606
templates[i].UsageCount undefined (type *k8s.Template has no field or method UsageCount)
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/handlers.go#L594
tmpl.Featured undefined (type *k8s.Template has no field or method Featured)
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/handlers.go#L298
h.quotaEnforcer.UpdateSessionQuota undefined (type *quota.Enforcer has no field or method UpdateSessionQuota)
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/handlers.go#L230
h.quotaEnforcer.UpdateSessionQuota undefined (type *quota.Enforcer has no field or method UpdateSessionQuota)
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/handlers.go#L168
h.quotaEnforcer.CheckSessionQuota undefined (type *quota.Enforcer has no field or method CheckSessionQuota)
|
|
Go Dependency Vulnerability Scan (api):
api/internal/api/handlers.go#L161
undefined: quota.SessionRequest
|
|
Go Dependency Vulnerability Scan (api):
api/internal/websocket/handlers.go#L238
declared and not used: err
|
|
SAST with Semgrep
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Go Dependency Vulnerability Scan (controller)
The strategy configuration was canceled because "go-dependency-scan.api" failed
|
|
Go Dependency Vulnerability Scan (controller)
The operation was canceled.
|
|
Go Dependency Vulnerability Scan (controller):
controller/controllers/session_controller.go#L657
cannot use corev1.ResourceRequirements{…} (value of struct type "k8s.io/api/core/v1".ResourceRequirements) as "k8s.io/api/core/v1".VolumeResourceRequirements value in struct literal
|
|
npm Dependency Vulnerability Scan
Process completed with exit code 1.
|
|
Trivy Container Image Scan (ui)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (ui)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
CodeQL Analysis (javascript)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (api)
The strategy configuration was canceled because "trivy-container-scan.ui" failed
|
|
Trivy Container Image Scan (api)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (api)
Path does not exist: trivy-api-results.sarif
|
|
Trivy Container Image Scan (api)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (api)
The operation was canceled.
|
|
Trivy Container Image Scan (controller)
The strategy configuration was canceled because "trivy-container-scan.ui" failed
|
|
Trivy Container Image Scan (controller)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (controller)
Path does not exist: trivy-controller-results.sarif
|
|
Trivy Container Image Scan (controller)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (controller)
The operation was canceled.
|
|
CodeQL Analysis (go)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Go Dependency Vulnerability Scan (api)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
Go Dependency Vulnerability Scan (controller)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
Trivy Container Image Scan (ui)
No files were found with the provided path: trivy-ui-report.html. No artifacts will be uploaded.
|
|
CodeQL Analysis (javascript)
Cannot create diff range extension pack for diff-informed queries; reverting to performing full analysis.
|
|
CodeQL Analysis (javascript)
Error retrieving diff main...JoshuaAFerguson:claude/update-apimachinery-version-01YLYufiXJSfnJDVsiMTBk3y: Not Found - https://docs.github.com/rest/commits/commits#compare-two-commits
|
|
Trivy Container Image Scan (api)
No files were found with the provided path: trivy-api-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (controller)
No files were found with the provided path: trivy-controller-report.html. No artifacts will be uploaded.
|
|
CodeQL Analysis (go)
Cannot create diff range extension pack for diff-informed queries; reverting to performing full analysis.
|
|
CodeQL Analysis (go)
Error retrieving diff main...JoshuaAFerguson:claude/update-apimachinery-version-01YLYufiXJSfnJDVsiMTBk3y: Not Found - https://docs.github.com/rest/commits/commits#compare-two-commits
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
gitleaks-results.sarif
Expired
|
6.62 KB |
sha256:d3b47bd56098fe2f7e81205d7a60117a234093ef12e2a4dd14af6daf9f668a4d
|
|