Skip to content

Adds security scan workflow #127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
nilgaar wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Adds security scan workflow #127

nilgaar wants to merge 7 commits into from

Conversation

@nilgaar
Copy link

@nilgaar nilgaar commented Oct 8, 2025

What kind of change does this PR introduce?

Chore / CI enhancement – adds automated security scanning as part of the CI pipeline.

What is the current behavior?

The repository currently lacks an automated workflow to perform continuous security scanning.
Security checks such as vulnerability detection, configuration validation, and secret scanning must be done manually or are not consistently enforced.

What is the new behavior?

This PR introduces a new GitHub Actions workflow that automatically runs security scans on every push and pull request targeting the main branch.
It includes:

  • Trivy for configuration and dependency vulnerability scanning
  • KubeLinter for Kubernetes manifest misconfiguration detection
  • Checkov for infrastructure-as-code (IaC) security policy enforcement
  • Gitleaks for detecting secrets in the repository

Results are uploaded as SARIF reports for integration with GitHub’s Code Scanning Alerts, and logs are stored as workflow artifacts for further debugging.

nilgaar added 7 commits October 8, 2025 20:26
@nilgaar
Adds security scan workflow
44b4ad6 
Introduces a new GitHub Actions workflow for security scanning.

This workflow runs on pushes to the main branch and pull requests targeting main. It incorporates several security tools, including Trivy (for configuration scanning), KubeLinter, Checkov, and Gitleaks, to identify potential vulnerabilities and security issues within the codebase and Kubernetes configurations. Results are uploaded as SARIF files for integration with GitHub's code scanning features. It also uploads logs for debugging purposes.
@nilgaar
Fix kube-linter installation command to fetch the latest release dyna…
2502ada 
…mically
@nilgaar
Refactors KubeLinter execution to use Docker
e13c47d 
Updates KubeLinter execution within the security scan workflow
to utilize a Docker container. This change removes the previous
installation steps and streamlines the linting process,
ensuring consistent execution across different environments.
@nilgaar
Refactor security scan workflow to include security/** branch and imp…
10e19e6 
…rove KubeLinter execution steps
@nilgaar
Add Checkov and KubeLinter configuration files; update security scan …
8d3b73c 
…workflow for improved scanning
@nilgaar
Update Gitleaks report paths and add .gitleaksignore for sensitive files
199f522
@nilgaar
Refactor Checkov and Gitleaks configurations; update security scan wo…
c04db9b 
…rkflow and remove deprecated ignore file
@nilgaar nilgaar force-pushed the security/add-scan-action branch from d22b529 to c04db9b Compare October 8, 2025 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nilgaar