akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
2,214 Commits 11 Branches 107 Tags
0eb0660d412fc92d16c314dc2253e93c5c051be7
Commit Graph

4 Commits

Author SHA1 Message Date
GitHub Actions
f64e3feef8 chore: clean .gitignore cache 2026-01-26 19:22:05 +00:00
GitHub Actions
e5f0fec5db chore: clean .gitignore cache 2026-01-26 19:21:33 +00:00
GitHub Actions
4adcd9eda1 feat: add nightly branch workflow 2026-01-13 22:11:35 +00:00
GitHub Actions
e643a60c32 fix: remediate supply chain vulnerabilities and implement no-cache builds 
## Summary
Addresses 8 Medium severity vulnerabilities identified in supply chain scan
for PR #461. Implements no-cache Docker builds to prevent layer caching
issues and remediates golang.org/x/crypto vulnerabilities via replace
directive.

## Changes

### Security Fixes
- Add go.mod replace directive forcing golang.org/x/crypto v0.42.0 -> v0.45.0
  - Addresses GHSA-j5w8-q4qc-rx2x (SSH connection handling)
  - Addresses GHSA-f6x5-jh6r-wrfv (SSH key parsing)
  - Transitive dependency from go-playground/validator/v10@v10.28.0
  - Tested with backend unit tests - all passing

### Docker Build Improvements
- Add no-cache: true to docker-build.yml main build step
- Add --no-cache flag to PR-specific builds (trivy-pr-app-only)
- Add --no-cache flag to waf-integration.yml builds
- Remove GitHub Actions cache configuration (cache-from, cache-to)
- Ensures clean builds with accurate vulnerability
 2026-01-11 20:56:44 +00:00