Merge pull request #113 from JoshuaAFerguson/claude/add-admin-passwor… #210
JoshuaAFergusonsecurity-scan.yml
on: push
Matrix: CodeQL Analysis
Matrix: Dockerfile Linting
Matrix: Go Dependency Vulnerability Scan
Matrix: Trivy Container Image Scan
npm Dependency Vulnerability Scan
44s
Secret Scanning with Gitleaks
10s
SAST with Semgrep
46s
Kubernetes Manifest Security Scan
21s
Dependency Review
0s
Security Scan Summary
3s
Annotations
20 errors and 12 warnings
|
Dockerfile Linting (api):
api/Dockerfile#L44
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Dockerfile Linting (api):
api/Dockerfile#L30
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
|
|
Dockerfile Linting (api):
api/Dockerfile#L12
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Dockerfile Linting (k8s-controller)
The strategy configuration was canceled because "docker-lint.api" failed
|
|
Kubernetes Manifest Security Scan
Path does not exist: checkov-k8s-results.sarif
|
|
Go Dependency Vulnerability Scan (api)
Process completed with exit code 3.
|
|
Go Dependency Vulnerability Scan (api)
auth.JWTManager.ValidateToken calls jwt.ParseWithClaims, which eventually calls jwt.Parser.ParseUnverified
|
|
Trivy Container Image Scan (ui)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (ui)
Process completed with exit code 1.
|
|
Go Dependency Vulnerability Scan (k8s-controller)
The strategy configuration was canceled because "go-dependency-scan.api" failed
|
|
Go Dependency Vulnerability Scan (k8s-controller)
Process completed with exit code 1.
|
|
npm Dependency Vulnerability Scan
Process completed with exit code 1.
|
|
Trivy Container Image Scan (api)
The strategy configuration was canceled because "trivy-container-scan.ui" failed
|
|
Trivy Container Image Scan (api)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (api)
Path does not exist: trivy-api-results.sarif
|
|
Trivy Container Image Scan (api)
The operation was canceled.
|
|
Trivy Container Image Scan (kubernetes-controller)
The strategy configuration was canceled because "trivy-container-scan.ui" failed
|
|
Trivy Container Image Scan (kubernetes-controller)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (kubernetes-controller)
Path does not exist: trivy-kubernetes-controller-results.sarif
|
|
Trivy Container Image Scan (kubernetes-controller)
The operation was canceled.
|
|
Kubernetes Manifest Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Go Dependency Vulnerability Scan (api)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
Trivy Container Image Scan (ui)
No files were found with the provided path: trivy-ui-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (ui)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Go Dependency Vulnerability Scan (k8s-controller)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
SAST with Semgrep
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
CodeQL Analysis (javascript)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (api)
No files were found with the provided path: trivy-api-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (api)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (kubernetes-controller)
No files were found with the provided path: trivy-kubernetes-controller-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (kubernetes-controller)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
CodeQL Analysis (go)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
gitleaks-results.sarif
Expired
|
6.62 KB |
sha256:4607d02331ca082b00e86aa0aca49b56921f6c6092ca4a7831964153952cee66
|
|