GitHub Actions
5dfd546b42
feat: add weekly security rebuild workflow with no-cache scanning
Implements proactive CVE detection strategy to catch Alpine package
vulnerabilities within 7 days without impacting development velocity.
Changes:
- Add .github/workflows/security-weekly-rebuild.yml
- Runs weekly on Sundays at 02:00 UTC
- Builds Docker image with --no-cache
- Runs comprehensive Trivy scans (table, SARIF, JSON)
- Uploads security reports to GitHub Security tab
- 90-day artifact retention
- Update docs/plans/c-ares_remediation_plan.md
- Document CI/CD cache strategy analysis
- Add implementation status
- Fix all markdown formatting issues
- Update docs/plans/current_spec.md (pointer)
- Add docs/reports/qa_report.md (validation results)
Benefits:
- Proactive CVE detection (~7 day window)
- No impact on PR/push build performance
- Only +50% CI cost vs +150% for all no-cache builds
First run: Sunday, December 15, 2025 at 02:00 UTC
Related: CVE-2025-62408 (c-ares vulnerability)
2025-12-14 02:08:16 +00:00
..
2025-12-13 02:17:33 +00:00
2025-12-14 02:08:16 +00:00
2025-12-14 02:03:38 +00:00
2025-12-12 19:21:44 +00:00
2025-12-12 19:21:44 +00:00
2025-12-12 19:21:44 +00:00
2025-12-14 00:11:06 +00:00
2025-12-14 00:11:06 +00:00
2025-12-14 00:11:06 +00:00
2025-12-12 19:21:44 +00:00
2025-12-12 19:21:44 +00:00
2025-12-12 19:21:44 +00:00
2025-12-12 23:51:05 +00:00
2025-12-12 19:21:44 +00:00
2025-12-14 00:11:06 +00:00
2025-12-12 19:21:44 +00:00
2025-12-12 19:21:44 +00:00
2025-12-12 19:21:44 +00:00
2025-12-12 23:51:05 +00:00