Fix Docker build for API server #207
JoshuaAFergusonsecurity-scan.yml
on: pull_request
Matrix: CodeQL Analysis
Matrix: Dockerfile Linting
Matrix: Go Dependency Vulnerability Scan
Matrix: Trivy Container Image Scan
npm Dependency Vulnerability Scan
55s
Secret Scanning with Gitleaks
5s
SAST with Semgrep
46s
Kubernetes Manifest Security Scan
36s
Dependency Review
7s
Security Scan Summary
4s
Annotations
36 errors and 5 warnings
|
Dependency Review
Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled, see https://github.com/JoshuaAFerguson/streamspace/settings/security_analysis
|
|
Dockerfile Linting (k8s-controller):
k8s-controller/Dockerfile#L29
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
|
|
Dockerfile Linting (api):
api/Dockerfile#L44
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Dockerfile Linting (api):
api/Dockerfile#L30
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
|
|
Dockerfile Linting (api):
api/Dockerfile#L12
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Go Dependency Vulnerability Scan (k8s-controller)
Process completed with exit code 1.
|
|
Kubernetes Manifest Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_15: "Image Pull Policy should be Always"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_43: "Image should use digest"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_30: "Apply security context to your containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_29: "Apply security context to your pods and containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_23: "Minimize the admission of root containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_22: "Use read-only filesystem for containers where possible"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
|
|
Go Dependency Vulnerability Scan (api)
The strategy configuration was canceled because "go-dependency-scan.k8s-controller" failed
|
|
Go Dependency Vulnerability Scan (api)
The operation was canceled.
|
|
Go Dependency Vulnerability Scan (api)
auth.JWTManager.ValidateToken calls jwt.ParseWithClaims, which eventually calls jwt.Parser.ParseUnverified
|
|
SAST with Semgrep
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
npm Dependency Vulnerability Scan
Process completed with exit code 1.
|
|
Trivy Container Image Scan (ui)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (ui)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
CodeQL Analysis (javascript)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (api)
The strategy configuration was canceled because "trivy-container-scan.ui" failed
|
|
Trivy Container Image Scan (api)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (api)
Path does not exist: trivy-api-results.sarif
|
|
Trivy Container Image Scan (api)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (api)
The operation was canceled.
|
|
Trivy Container Image Scan (kubernetes-controller)
The strategy configuration was canceled because "trivy-container-scan.ui" failed
|
|
Trivy Container Image Scan (kubernetes-controller)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (kubernetes-controller)
Path does not exist: trivy-kubernetes-controller-results.sarif
|
|
Trivy Container Image Scan (kubernetes-controller)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (kubernetes-controller)
The operation was canceled.
|
|
CodeQL Analysis (go)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Go Dependency Vulnerability Scan (k8s-controller)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
Go Dependency Vulnerability Scan (api)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
Trivy Container Image Scan (ui)
No files were found with the provided path: trivy-ui-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (api)
No files were found with the provided path: trivy-api-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (kubernetes-controller)
No files were found with the provided path: trivy-kubernetes-controller-report.html. No artifacts will be uploaded.
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
gitleaks-results.sarif
Expired
|
6.62 KB |
sha256:b584174719b8275b7fce3771e073293a247bad62f449eba76d2a6c0d1cc4aa5f
|
|