Add default admin password to Kubernetes secrets #209
JoshuaAFergusonsecurity-scan.yml
on: pull_request
Matrix: CodeQL Analysis
Matrix: Dockerfile Linting
Matrix: Go Dependency Vulnerability Scan
Matrix: Trivy Container Image Scan
npm Dependency Vulnerability Scan
45s
Secret Scanning with Gitleaks
6s
SAST with Semgrep
50s
Kubernetes Manifest Security Scan
32s
Dependency Review
7s
Security Scan Summary
3s
Annotations
29 errors and 14 warnings
|
Dockerfile Linting (k8s-controller):
k8s-controller/Dockerfile#L29
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
|
|
Dependency Review
Dependency review is not supported on this repository. Please ensure that Dependency graph is enabled, see https://github.com/JoshuaAFerguson/streamspace/settings/security_analysis
|
|
Dockerfile Linting (api):
api/Dockerfile#L44
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Dockerfile Linting (api):
api/Dockerfile#L30
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
|
|
Dockerfile Linting (api):
api/Dockerfile#L12
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_15: "Image Pull Policy should be Always"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_43: "Image should use digest"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_30: "Apply security context to your containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_29: "Apply security context to your pods and containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_23: "Minimize the admission of root containers"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_22: "Use read-only filesystem for containers where possible"
|
|
Kubernetes Manifest Security Scan:
manifests/waf/modsecurity-deployment.yaml#L79
CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
|
|
Go Dependency Vulnerability Scan (k8s-controller)
Process completed with exit code 1.
|
|
npm Dependency Vulnerability Scan
Process completed with exit code 1.
|
|
Go Dependency Vulnerability Scan (api)
The strategy configuration was canceled because "go-dependency-scan.k8s-controller" failed
|
|
Go Dependency Vulnerability Scan (api)
The operation was canceled.
|
|
Go Dependency Vulnerability Scan (api)
auth.JWTManager.ValidateToken calls jwt.ParseWithClaims, which eventually calls jwt.Parser.ParseUnverified
|
|
Trivy Container Image Scan (ui)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (api)
The strategy configuration was canceled because "trivy-container-scan.ui" failed
|
|
Trivy Container Image Scan (api)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (api)
Path does not exist: trivy-api-results.sarif
|
|
Trivy Container Image Scan (api)
The operation was canceled.
|
|
Trivy Container Image Scan (kubernetes-controller)
The strategy configuration was canceled because "trivy-container-scan.ui" failed
|
|
Trivy Container Image Scan (kubernetes-controller)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (kubernetes-controller)
Path does not exist: trivy-kubernetes-controller-results.sarif
|
|
Trivy Container Image Scan (kubernetes-controller)
The operation was canceled.
|
|
Kubernetes Manifest Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Go Dependency Vulnerability Scan (k8s-controller)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
SAST with Semgrep
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Go Dependency Vulnerability Scan (api)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
Trivy Container Image Scan (ui)
No files were found with the provided path: trivy-ui-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (ui)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
CodeQL Analysis (javascript)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (api)
No files were found with the provided path: trivy-api-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (api)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (kubernetes-controller)
No files were found with the provided path: trivy-kubernetes-controller-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (kubernetes-controller)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
CodeQL Analysis (go)
Cannot create diff range extension pack for diff-informed queries; reverting to performing full analysis.
|
|
CodeQL Analysis (go)
Error retrieving diff main...JoshuaAFerguson:claude/add-admin-password-secrets-01P4G8Ks5ixpua866H8ZxVCd: Not Found - https://docs.github.com/rest/commits/commits#compare-two-commits
|
|
CodeQL Analysis (go)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
gitleaks-results.sarif
Expired
|
6.62 KB |
sha256:d37d4f0bbcd85f87f84c9fbe4926073c292c64ab846cbca0256d31c148f431ec
|
|