Charon

akanealw/Charon

Fork 0

Commit Graph

Author	SHA1	Message	Date
GitHub Actions	5dfd546b42	feat: add weekly security rebuild workflow with no-cache scanning Implements proactive CVE detection strategy to catch Alpine package vulnerabilities within 7 days without impacting development velocity. Changes: - Add .github/workflows/security-weekly-rebuild.yml - Runs weekly on Sundays at 02:00 UTC - Builds Docker image with --no-cache - Runs comprehensive Trivy scans (table, SARIF, JSON) - Uploads security reports to GitHub Security tab - 90-day artifact retention - Update docs/plans/c-ares_remediation_plan.md - Document CI/CD cache strategy analysis - Add implementation status - Fix all markdown formatting issues - Update docs/plans/current_spec.md (pointer) - Add docs/reports/qa_report.md (validation results) Benefits: - Proactive CVE detection (~7 day window) - No impact on PR/push build performance - Only +50% CI cost vs +150% for all no-cache builds First run: Sunday, December 15, 2025 at 02:00 UTC Related: CVE-2025-62408 (c-ares vulnerability)	2025-12-14 02:08:16 +00:00
GitHub Actions	0f0e5c6af7	refactor: update current planning document to focus on c-ares security vulnerability remediation This update revises the planning document to address the c-ares security vulnerability (CVE-2025-62408) and removes the previous analysis regarding Go version compatibility issues. The document now emphasizes the need to rebuild the Docker image to pull the patched version of c-ares from Alpine repositories, with no Dockerfile changes required. Key changes include: - Removal of outdated Go version mismatch analysis. - Addition of details regarding the c-ares vulnerability and its impact. - Streamlined focus on remediation steps and testing checklist.	2025-12-14 02:03:15 +00:00

Author

SHA1

Message

Date

GitHub Actions

5dfd546b42

feat: add weekly security rebuild workflow with no-cache scanning

Implements proactive CVE detection strategy to catch Alpine package
vulnerabilities within 7 days without impacting development velocity.

Changes:
- Add .github/workflows/security-weekly-rebuild.yml
  - Runs weekly on Sundays at 02:00 UTC
  - Builds Docker image with --no-cache
  - Runs comprehensive Trivy scans (table, SARIF, JSON)
  - Uploads security reports to GitHub Security tab
  - 90-day artifact retention
- Update docs/plans/c-ares_remediation_plan.md
  - Document CI/CD cache strategy analysis
  - Add implementation status
  - Fix all markdown formatting issues
- Update docs/plans/current_spec.md (pointer)
- Add docs/reports/qa_report.md (validation results)

Benefits:
- Proactive CVE detection (~7 day window)
- No impact on PR/push build performance
- Only +50% CI cost vs +150% for all no-cache builds

First run: Sunday, December 15, 2025 at 02:00 UTC

Related: CVE-2025-62408 (c-ares vulnerability)

2025-12-14 02:08:16 +00:00

GitHub Actions

0f0e5c6af7

refactor: update current planning document to focus on c-ares security vulnerability remediation

This update revises the planning document to address the c-ares security vulnerability (CVE-2025-62408) and removes the previous analysis regarding Go version compatibility issues. The document now emphasizes the need to rebuild the Docker image to pull the patched version of c-ares from Alpine repositories, with no Dockerfile changes required.

Key changes include:
- Removal of outdated Go version mismatch analysis.
- Addition of details regarding the c-ares vulnerability and its impact.
- Streamlined focus on remediation steps and testing checklist.

2025-12-14 02:03:15 +00:00

2 Commits