Skip to content

Cprid/test #1030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
corypride wants to merge 44 commits into from
Closed

Cprid/test #1030

corypride wants to merge 44 commits into from

Conversation

@corypride
Copy link
Contributor

@corypride corypride commented Oct 27, 2025

Description of the change

Please provide a brief description of the changes included in this PR.

  • Related issues: Link to related Asana ticket that this closes.

Screenshot(s)

If the PR includes changes to the UI:

  • Please add screenshots or a short screengrab of the change
  • Include images at 1366 x 768 resolution for any Resident-facing changes.

Additional context

Please include additional context or information that the reviewer needs to understand the PR. This includes:

  • Known issues that the PR does not address
  • What areas to focus on
  • What decisions were considered and decided against.

If any core features or components were removed with this PR, please note them here so that they can be added to the wiki (see Deprecated features and Components).

@corypride
feat: add govulncheck to scan for security issues on PR
6ef0494 
- Updated Go version from 1.22.2 to 1.23.0 in backend and provider-middleware
- Fixed GO-2025-3595 vulnerability by updating golang.org/x/net to v0.38.0
- Added .github/workflows/security-go.yml for automated vulnerability scanning
- Updated go.sum files with new dependency checksums
- Workflow triggers for PRs modifying Go files or dependencies
- Added Slack notifications to #unlockedv2-chat for vulnerability detections
- Blocks merges when high or critical vulnerabilities are detected
@corypride
feat: implement frontend dependency security scanning in CI/CD pipeline
cf1eef7 
- Add yarn audit --audit-level=moderate to ESLint workflow
- Implement security gate in container builds to block deployments
- Configure audit report artifacts for compliance tracking
- Add comprehensive documentation and testing instructions
- Establish security dependency chain: security-check -> setup-env -> build-and-push

Security gates now scan for moderate+ severity vulnerabilities and block both
PR merges and container deployments when vulnerabilities are detected.

Current state: 46 vulnerabilities found (15 Low, 23 Moderate, 8 High)
Security gate active: Build fails as expected (confirmed working)

Files changed:
- .github/workflows/eslint.yml (enhanced with security scanning)
- .github/workflows/container_builds.yml (added security gate)
- .claude/context/SECURITY_IMPLEMENTATION.md (comprehensive documentation)
- .claude/context/pr_desc.md (updated PR description)
- .gitignore (updated for project structure)
@corypride
fix: updated v3 of the artifact actions to v4
6ff928d
@corypride
feat: add frontend security vulnerability scanning workflow
40ecb55 
- Create dedicated security-frontend.yml workflow for frontend dependency scanning
- Scan for critical and high vulnerabilities only
- Send Slack notifications when vulnerabilities are detected
- Never block builds, only notify via webhook
- Update ESLint workflow to remove duplicate security scanning
- Follow gosec implementation pattern from PR #1026
@corypride
fix: updated gitignore
b67a9ae
@corypride corypride requested a review from a team as a code owner October 27, 2025 22:37
@corypride corypride requested review from CK-7vn and removed request for a team October 27, 2025 22:37
@github-actions github-actions bot added documentation Improvements or additions to documentation CI-Actions labels Oct 27, 2025
@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 27, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🔒 Go Security Scan Results

Status: ✅ Passed

Total Vulnerabilities: 0
High/Critical: 0

Module Results

  • Backend: 0 vulnerabilities (0 high/critical)
  • Provider-Middleware: 0 vulnerabilities (0 high/critical)

Safe to merge - No high/critical vulnerabilities detected

Scan Details: View full results

@corypride corypride closed this Oct 28, 2025
@corypride corypride deleted the cprid/test branch October 28, 2025 02:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CK-7vn CK-7vn Awaiting requested review from CK-7vn CK-7vn is a code owner automatically assigned from UnlockedLabs/reviewers

Assignees

No one assigned

Labels

CI-Actions documentation Improvements or additions to documentation frontend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@corypride