Security Scanning #423
security-scan.yml
on: schedule
Matrix: CodeQL Analysis
Matrix: Dockerfile Linting
Matrix: Go Dependency Vulnerability Scan
Matrix: Trivy Container Image Scan
npm Dependency Vulnerability Scan
52s
Secret Scanning with Gitleaks
6s
SAST with Semgrep
51s
Kubernetes Manifest Security Scan
18s
Dependency Review
0s
Security Scan Summary
4s
Annotations
22 errors and 26 warnings
|
Go Dependency Vulnerability Scan (k8s-controller)
Process completed with exit code 1.
|
|
Secret Scanning with Gitleaks
🛑 missing gitleaks license. Go grab one at gitleaks.io and store it as a GitHub Secret named GITLEAKS_LICENSE. For more info about the recent breaking update, see [here](https://github.com/gitleaks/gitleaks-action#-announcement).
|
|
Go Dependency Vulnerability Scan (api)
The strategy configuration was canceled because "go-dependency-scan.k8s-controller" failed
|
|
Go Dependency Vulnerability Scan (api)
The operation was canceled.
|
|
Dockerfile Linting (api)
The strategy configuration was canceled because "docker-lint.k8s-controller" failed
|
|
Dockerfile Linting (api):
api/Dockerfile#L44
DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
|
|
Dockerfile Linting (api):
api/Dockerfile#L30
DL3059 info: Multiple consecutive `RUN` instructions. Consider consolidation.
|
|
Dockerfile Linting (api):
api/Dockerfile#L12
DL3015 info: Avoid additional packages by specifying `--no-install-recommends`
|
|
Dockerfile Linting (api):
api/Dockerfile#L12
DL3008 warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
|
|
Kubernetes Manifest Security Scan
Path does not exist: checkov-k8s-results.sarif
|
|
Trivy Container Image Scan (kubernetes-controller)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (kubernetes-controller)
Path does not exist: trivy-kubernetes-controller-results.sarif
|
|
Trivy Container Image Scan (kubernetes-controller)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (api)
The strategy configuration was canceled because "trivy-container-scan.kubernetes-controller" failed
|
|
Trivy Container Image Scan (api)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (api)
Path does not exist: trivy-api-results.sarif
|
|
Trivy Container Image Scan (api)
The operation was canceled.
|
|
Trivy Container Image Scan (ui)
The strategy configuration was canceled because "trivy-container-scan.kubernetes-controller" failed
|
|
Trivy Container Image Scan (ui)
Process completed with exit code 1.
|
|
Trivy Container Image Scan (ui)
Path does not exist: trivy-ui-results.sarif
|
|
Trivy Container Image Scan (ui)
The operation was canceled.
|
|
npm Dependency Vulnerability Scan
Process completed with exit code 1.
|
|
Go Dependency Vulnerability Scan (k8s-controller)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/setup-go@v5. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Go Dependency Vulnerability Scan (k8s-controller)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
Secret Scanning with Gitleaks
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, gitleaks/gitleaks-action@v2. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Dockerfile Linting (k8s-controller)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Dockerfile Linting (ui)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Go Dependency Vulnerability Scan (api)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/setup-go@v5. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Go Dependency Vulnerability Scan (api)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
|
|
Dockerfile Linting (api)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Kubernetes Manifest Security Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Kubernetes Manifest Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (kubernetes-controller)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/upload-artifact@v4, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Trivy Container Image Scan (kubernetes-controller)
No files were found with the provided path: trivy-kubernetes-controller-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (kubernetes-controller)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (api)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/upload-artifact@v4, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Trivy Container Image Scan (api)
No files were found with the provided path: trivy-api-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (api)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Trivy Container Image Scan (ui)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/upload-artifact@v4, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Trivy Container Image Scan (ui)
No files were found with the provided path: trivy-ui-report.html. No artifacts will be uploaded.
|
|
Trivy Container Image Scan (ui)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
SAST with Semgrep
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
SAST with Semgrep
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
npm Dependency Vulnerability Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/setup-node@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
CodeQL Analysis (javascript)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/analyze@v3, github/codeql-action/autobuild@v3, github/codeql-action/init@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
CodeQL Analysis (javascript)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
CodeQL Analysis (go)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/analyze@v3, github/codeql-action/autobuild@v3, github/codeql-action/init@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
CodeQL Analysis (go)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|