GitHub Actions
|
f64e3feef8
|
chore: clean .gitignore cache
|
2026-01-26 19:22:05 +00:00 |
|
GitHub Actions
|
e5f0fec5db
|
chore: clean .gitignore cache
|
2026-01-26 19:21:33 +00:00 |
|
GitHub Actions
|
4adcd9eda1
|
feat: add nightly branch workflow
|
2026-01-13 22:11:35 +00:00 |
|
GitHub Actions
|
e643a60c32
|
fix: remediate supply chain vulnerabilities and implement no-cache builds
## Summary
Addresses 8 Medium severity vulnerabilities identified in supply chain scan
for PR #461. Implements no-cache Docker builds to prevent layer caching
issues and remediates golang.org/x/crypto vulnerabilities via replace
directive.
## Changes
### Security Fixes
- Add go.mod replace directive forcing golang.org/x/crypto v0.42.0 -> v0.45.0
- Addresses GHSA-j5w8-q4qc-rx2x (SSH connection handling)
- Addresses GHSA-f6x5-jh6r-wrfv (SSH key parsing)
- Transitive dependency from go-playground/validator/v10@v10.28.0
- Tested with backend unit tests - all passing
### Docker Build Improvements
- Add no-cache: true to docker-build.yml main build step
- Add --no-cache flag to PR-specific builds (trivy-pr-app-only)
- Add --no-cache flag to waf-integration.yml builds
- Remove GitHub Actions cache configuration (cache-from, cache-to)
- Ensures clean builds with accurate vulnerability
|
2026-01-11 20:56:44 +00:00 |
|
GitHub Actions
|
d8cc4da730
|
fix: Implement no-cache Docker builds to eliminate false positive vulnerabilities from cached layers
|
2026-01-11 20:39:57 +00:00 |
|