From 17bba0953b5bb1b614a32b765aaeaadf4b728fce Mon Sep 17 00:00:00 2001
From: Azzy-Dev <118063625+Arzianghanchi@users.noreply.github.com>
Date: Tue, 4 Feb 2025 21:49:31 +0530
Subject: [PATCH 1/6] Create checkov.yaml for vulnerabilities-scan-Helmchart

---
 .github/workflows/checkov.yaml | 36 ++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .github/workflows/checkov.yaml

diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml
new file mode 100644
index 0000000..a20f7a0
--- /dev/null
+++ b/.github/workflows/checkov.yaml
@@ -0,0 +1,36 @@
+name: checkov
+on:
+  push:
+    branches:
+      - 'feat/helmchart-vulnerabilities-scan'
+# on:
+#   # Triggers the workflow on push or pull request events but only for the "main" branch
+#   push:
+#     branches: [ "main", "master" ]
+#   pull_request:
+#     branches: [ "main", "master" ]
+#   workflow_dispatch:
+
+jobs:
+  scan:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Checkov GitHub Action
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          output_format: cli,sarif
+          output_file_path: console,results.sarif
+        
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        if: success() || failure()
+        with:
+          sarif_file: results.sarif

From bec530543cadf493dcdd77df272bebfb2072f25f Mon Sep 17 00:00:00 2001
From: Azzy-Dev <118063625+Arzianghanchi@users.noreply.github.com>
Date: Wed, 5 Feb 2025 21:02:57 +0530
Subject: [PATCH 2/6] Update checkov.yaml

---
 .github/workflows/checkov.yaml | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml
index a20f7a0..5275615 100644
--- a/.github/workflows/checkov.yaml
+++ b/.github/workflows/checkov.yaml
@@ -1,15 +1,12 @@
 name: checkov
+
 on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
   push:
-    branches:
-      - 'feat/helmchart-vulnerabilities-scan'
-# on:
-#   # Triggers the workflow on push or pull request events but only for the "main" branch
-#   push:
-#     branches: [ "main", "master" ]
-#   pull_request:
-#     branches: [ "main", "master" ]
-#   workflow_dispatch:
+    branches: [ "main", "master" ]
+  pull_request:
+    branches: [ "main", "master" ]
+  workflow_dispatch:
 
 jobs:
   scan:

From bac598f75f20773e829aa42124ae0a3de4665b31 Mon Sep 17 00:00:00 2001
From: "arzian.ghanchi@clouddrove.com" <arzian.ghanchi@clouddrove.com>
Date: Thu, 27 Feb 2025 22:07:33 +0000
Subject: [PATCH 3/6] Fix:checkov issues

---
 charts/cronjob/templates/cronjob.yaml         |  1 +
 charts/helmchart/templates/cronjob.yaml       |  1 +
 charts/helmchart/templates/deployment.yaml    |  2 ++
 charts/helmchart/templates/service.yaml       |  7 +++++-
 .../templates/tests/test-connection.yaml      |  2 ++
 charts/helmchart/values.yaml                  | 24 ++++++++++++-------
 6 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/charts/cronjob/templates/cronjob.yaml b/charts/cronjob/templates/cronjob.yaml
index 8cc4c35..72f1c55 100644
--- a/charts/cronjob/templates/cronjob.yaml
+++ b/charts/cronjob/templates/cronjob.yaml
@@ -44,6 +44,7 @@ spec:
           - image: {{ $job.image.repository }}:{{ $job.image.tag }}
             imagePullPolicy: {{ $job.image.imagePullPolicy }}
             name: {{ $jobname }}
+            securityContext: {{.Values.securityContext | nindent 12 }}
             {{- with $job.env }}
             env:
 {{ toYaml . | indent 12 }}
diff --git a/charts/helmchart/templates/cronjob.yaml b/charts/helmchart/templates/cronjob.yaml
index 3bfee3e..1006d47 100644
--- a/charts/helmchart/templates/cronjob.yaml
+++ b/charts/helmchart/templates/cronjob.yaml
@@ -21,6 +21,7 @@ spec:
           restartPolicy: Never
           containers:
           - name: {{ include "helmchart.fullname" . }}
+            securityContext: {{- toYaml .Values.securityContext | nindent 12 }}
             image: "{{ .Values.cronJob.image.repository }}:{{ .Values.cronJob.image.tag }}"
             imagePullPolicy: {{ .Values.cronJob.image.pullPolicy }}
             resources:
diff --git a/charts/helmchart/templates/deployment.yaml b/charts/helmchart/templates/deployment.yaml
index 4bc2aff..a8aeba3 100644
--- a/charts/helmchart/templates/deployment.yaml
+++ b/charts/helmchart/templates/deployment.yaml
@@ -35,6 +35,8 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
+          resource:
+            {{- toYaml .Values.resource | nindent 14 }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
           {{- if .Values.image.digest }}
diff --git a/charts/helmchart/templates/service.yaml b/charts/helmchart/templates/service.yaml
index 9d43f5c..d734909 100644
--- a/charts/helmchart/templates/service.yaml
+++ b/charts/helmchart/templates/service.yaml
@@ -3,7 +3,12 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "helmchart.fullname" . }}
-  namespace: {{ include "helmchart.namespace" . }}
+  namespace: 
+    {{- if .Values.image.digest }}
+    image: {{.Values.namespaces}}
+    {{- else }}
+    image:  {{ include "helmchart.namespaces" . }}
+    {{- end }}
   labels:
     {{- include "helmchart.labels" . | nindent 4 }}
 spec:
diff --git a/charts/helmchart/templates/tests/test-connection.yaml b/charts/helmchart/templates/tests/test-connection.yaml
index 5e64cd3..cca8b2a 100644
--- a/charts/helmchart/templates/tests/test-connection.yaml
+++ b/charts/helmchart/templates/tests/test-connection.yaml
@@ -9,6 +9,8 @@ metadata:
 spec:
   containers:
     - name: wget
+      securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
+
       image: busybox
       command: ['wget']
       args: ['{{ include "helmchart.fullname" . }}:{{ .Values.service.port }}']
diff --git a/charts/helmchart/values.yaml b/charts/helmchart/values.yaml
index 7ba3732..f9938a2 100644
--- a/charts/helmchart/values.yaml
+++ b/charts/helmchart/values.yaml
@@ -57,10 +57,16 @@ podAnnotations: {}
 podSecurityContext: {} 
   # -- podSecurityContext holds pod-level security access control settings.
 
-securityContext: {}
+securityContext: 
+  capabilities:
+    drop:
+      - ALL 
+
+
       # -- securityContext is a map  that specified the privilege and access control settings for a Pod of Container. Security Context can be specified when the application requires additional access control permissions. securityContext takes precedence over podSecurityContext    
+namespaces: {}
+    # -- namespaces is a map that specifies the configuration for the Namespace resource that is created by the chart.
 
-service: 
     # -- service is a map that specifies the  configuration for the Service resource that is created by the chart.
   enabled: true
     # -- Specifies whether a service should be created.        
@@ -120,14 +126,14 @@ ingress:
 
 resource: 
   enabled: false
-resources: {}
+  resources: 
   # -- Requests and Limits to be specified for each pod.
-  # limits: 
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests: 
-  #   cpu: 100m
-  #   memory: 128Mi
+    limits: 
+      cpu: 100m
+      memory: 128Mi
+    requests: 
+      cpu: 100m
+      memory: 128Mi
 
 autoscaling:      
   enabled: false 

From 03c51e941c0340bdbbf2748b69b0710817ff69b1 Mon Sep 17 00:00:00 2001
From: "arzian.ghanchi@clouddrove.com" <arzian.ghanchi@clouddrove.com>
Date: Thu, 27 Feb 2025 22:11:51 +0000
Subject: [PATCH 4/6] Fixing the cronjob and deployment to use the correct
 image

---
 logs.log | 291 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 291 insertions(+)
 create mode 100644 logs.log

diff --git a/logs.log b/logs.log
new file mode 100644
index 0000000..615c0ab
--- /dev/null
+++ b/logs.log
@@ -0,0 +1,291 @@
+
+
+       _               _
+   ___| |__   ___  ___| | _______   __
+  / __| '_ \ / _ \/ __| |/ / _ \ \ / /
+ | (__| | | |  __/ (__|   < (_) \ V /
+  \___|_| |_|\___|\___|_|\_\___/ \_/
+
+By Prisma Cloud | version: 3.2.372 
+Update available 3.2.372 -> 3.2.378
+Run pip3 install -U checkov to update 
+
+
+github_actions scan results:
+
+Passed checks: 86, Failed checks: 5, Skipped checks: 0
+
+Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
+	PASSED for resource: on(checkov)
+	File: /.github/workflows/checkov.yaml:5-12
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(scan)
+	File: /.github/workflows/checkov.yaml:13-35
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(scan)
+	File: /.github/workflows/checkov.yaml:13-35
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(scan)
+	File: /.github/workflows/checkov.yaml:13-35
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(scan)
+	File: /.github/workflows/checkov.yaml:13-35
+Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/checkov.yaml:12-35
+Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/checkov.yaml:12-35
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(scan).steps[1]
+	File: /.github/workflows/checkov.yaml:21-24
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(scan).steps[2](Checkov GitHub Action)
+	File: /.github/workflows/checkov.yaml:23-30
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(scan).steps[3](Upload SARIF file)
+	File: /.github/workflows/checkov.yaml:29-35
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(scan).steps[1]
+	File: /.github/workflows/checkov.yaml:21-24
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(scan).steps[2](Checkov GitHub Action)
+	File: /.github/workflows/checkov.yaml:23-30
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(scan).steps[3](Upload SARIF file)
+	File: /.github/workflows/checkov.yaml:29-35
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(scan).steps[1]
+	File: /.github/workflows/checkov.yaml:21-24
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(scan).steps[2](Checkov GitHub Action)
+	File: /.github/workflows/checkov.yaml:23-30
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(scan).steps[3](Upload SARIF file)
+	File: /.github/workflows/checkov.yaml:29-35
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(scan).steps[1]
+	File: /.github/workflows/checkov.yaml:21-24
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(scan).steps[2](Checkov GitHub Action)
+	File: /.github/workflows/checkov.yaml:23-30
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(scan).steps[3](Upload SARIF file)
+	File: /.github/workflows/checkov.yaml:29-35
+Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
+	PASSED for resource: on(Release Charts)
+	File: /.github/workflows/helm-release.yaml:4-13
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(release)
+	File: /.github/workflows/helm-release.yaml:14-56
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(release)
+	File: /.github/workflows/helm-release.yaml:14-56
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(release)
+	File: /.github/workflows/helm-release.yaml:14-56
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(release)
+	File: /.github/workflows/helm-release.yaml:14-56
+Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/helm-release.yaml:13-56
+Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/helm-release.yaml:13-56
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(release).steps[1](Checkout)
+	File: /.github/workflows/helm-release.yaml:21-27
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(release).steps[2](Configure Git)
+	File: /.github/workflows/helm-release.yaml:26-32
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(release).steps[3](Install Helm)
+	File: /.github/workflows/helm-release.yaml:31-37
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(release).steps[4](Helm package)
+	File: /.github/workflows/helm-release.yaml:36-47
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(release).steps[5](Releasing tags and publishing charts)
+	File: /.github/workflows/helm-release.yaml:46-56
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(release).steps[1](Checkout)
+	File: /.github/workflows/helm-release.yaml:21-27
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(release).steps[2](Configure Git)
+	File: /.github/workflows/helm-release.yaml:26-32
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(release).steps[3](Install Helm)
+	File: /.github/workflows/helm-release.yaml:31-37
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(release).steps[4](Helm package)
+	File: /.github/workflows/helm-release.yaml:36-47
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(release).steps[5](Releasing tags and publishing charts)
+	File: /.github/workflows/helm-release.yaml:46-56
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(release).steps[1](Checkout)
+	File: /.github/workflows/helm-release.yaml:21-27
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(release).steps[2](Configure Git)
+	File: /.github/workflows/helm-release.yaml:26-32
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(release).steps[3](Install Helm)
+	File: /.github/workflows/helm-release.yaml:31-37
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(release).steps[4](Helm package)
+	File: /.github/workflows/helm-release.yaml:36-47
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(release).steps[5](Releasing tags and publishing charts)
+	File: /.github/workflows/helm-release.yaml:46-56
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(release).steps[1](Checkout)
+	File: /.github/workflows/helm-release.yaml:21-27
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(release).steps[2](Configure Git)
+	File: /.github/workflows/helm-release.yaml:26-32
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(release).steps[3](Install Helm)
+	File: /.github/workflows/helm-release.yaml:31-37
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(release).steps[4](Helm package)
+	File: /.github/workflows/helm-release.yaml:36-47
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(release).steps[5](Releasing tags and publishing charts)
+	File: /.github/workflows/helm-release.yaml:46-56
+Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
+	PASSED for resource: on(changelog)
+	File: /.github/workflows/changelog.yml:4-9
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(changelog)
+	File: /.github/workflows/changelog.yml:10-14
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(changelog)
+	File: /.github/workflows/changelog.yml:10-14
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(changelog)
+	File: /.github/workflows/changelog.yml:10-14
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(changelog)
+	File: /.github/workflows/changelog.yml:10-14
+Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/changelog.yml:9-14
+Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/changelog.yml:9-14
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(helm-check)
+	File: /.github/workflows/helm-template.yaml:5-26
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(helm-check)
+	File: /.github/workflows/helm-template.yaml:5-26
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(helm-check)
+	File: /.github/workflows/helm-template.yaml:5-26
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(helm-check)
+	File: /.github/workflows/helm-template.yaml:5-26
+Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/helm-template.yaml:4-26
+Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/helm-template.yaml:4-26
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(helm-check).steps[1]
+	File: /.github/workflows/helm-template.yaml:8-10
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(helm-check).steps[2](helm-check-helmchart)
+	File: /.github/workflows/helm-template.yaml:9-15
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(helm-check).steps[3](helm-check-cronjob)
+	File: /.github/workflows/helm-template.yaml:14-21
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(helm-check).steps[4](Run helm unittest)
+	File: /.github/workflows/helm-template.yaml:20-26
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(helm-check).steps[1]
+	File: /.github/workflows/helm-template.yaml:8-10
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(helm-check).steps[2](helm-check-helmchart)
+	File: /.github/workflows/helm-template.yaml:9-15
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(helm-check).steps[3](helm-check-cronjob)
+	File: /.github/workflows/helm-template.yaml:14-21
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(helm-check).steps[4](Run helm unittest)
+	File: /.github/workflows/helm-template.yaml:20-26
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(helm-check).steps[1]
+	File: /.github/workflows/helm-template.yaml:8-10
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(helm-check).steps[2](helm-check-helmchart)
+	File: /.github/workflows/helm-template.yaml:9-15
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(helm-check).steps[3](helm-check-cronjob)
+	File: /.github/workflows/helm-template.yaml:14-21
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(helm-check).steps[4](Run helm unittest)
+	File: /.github/workflows/helm-template.yaml:20-26
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(helm-check).steps[1]
+	File: /.github/workflows/helm-template.yaml:8-10
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(helm-check).steps[2](helm-check-helmchart)
+	File: /.github/workflows/helm-template.yaml:9-15
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(helm-check).steps[3](helm-check-cronjob)
+	File: /.github/workflows/helm-template.yaml:14-21
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(helm-check).steps[4](Run helm unittest)
+	File: /.github/workflows/helm-template.yaml:20-26
+Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
+	PASSED for resource: on(Helm Docs)
+	File: /.github/workflows/helm-docs.yaml:4-12
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(install-helm-docs)
+	File: /.github/workflows/helm-docs.yaml:13-21
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(install-helm-docs)
+	File: /.github/workflows/helm-docs.yaml:13-21
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(install-helm-docs)
+	File: /.github/workflows/helm-docs.yaml:13-21
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(install-helm-docs)
+	File: /.github/workflows/helm-docs.yaml:13-21
+Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/helm-docs.yaml:12-21
+Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
+	PASSED for resource: jobs
+	File: /.github/workflows/helm-docs.yaml:12-21
+Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
+	PASSED for resource: jobs(install-helm-docs).steps[1](Install Helm Docs)
+	File: /.github/workflows/helm-docs.yaml:16-21
+Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
+	PASSED for resource: jobs(install-helm-docs).steps[1](Install Helm Docs)
+	File: /.github/workflows/helm-docs.yaml:16-21
+Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
+	PASSED for resource: jobs(install-helm-docs).steps[1](Install Helm Docs)
+	File: /.github/workflows/helm-docs.yaml:16-21
+Check: CKV_GHA_3: "Suspicious use of curl with secrets"
+	PASSED for resource: jobs(install-helm-docs).steps[1](Install Helm Docs)
+	File: /.github/workflows/helm-docs.yaml:16-21
+Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
+	FAILED for resource: on(checkov)
+	File: /.github/workflows/checkov.yaml:13-14
+Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
+	FAILED for resource: on(Release Charts)
+	File: /.github/workflows/helm-release.yaml:14-15
+Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
+	FAILED for resource: on(changelog)
+	File: /.github/workflows/changelog.yml:2-3
+Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
+	FAILED for resource: on(Helm CI)
+	File: /.github/workflows/helm-template.yaml:0-1
+Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
+	FAILED for resource: on(Helm Docs)
+	File: /.github/workflows/helm-docs.yaml:0-1
+

From 78d84e026a959dfdc84749ef213b4c909c7a1ed2 Mon Sep 17 00:00:00 2001
From: "arzian.ghanchi@clouddrove.com" <arzian.ghanchi@clouddrove.com>
Date: Thu, 27 Feb 2025 22:13:57 +0000
Subject: [PATCH 5/6] delete file: logs.log

---
 logs.log | 291 -------------------------------------------------------
 1 file changed, 291 deletions(-)
 delete mode 100644 logs.log

diff --git a/logs.log b/logs.log
deleted file mode 100644
index 615c0ab..0000000
--- a/logs.log
+++ /dev/null
@@ -1,291 +0,0 @@
-
-
-       _               _
-   ___| |__   ___  ___| | _______   __
-  / __| '_ \ / _ \/ __| |/ / _ \ \ / /
- | (__| | | |  __/ (__|   < (_) \ V /
-  \___|_| |_|\___|\___|_|\_\___/ \_/
-
-By Prisma Cloud | version: 3.2.372 
-Update available 3.2.372 -> 3.2.378
-Run pip3 install -U checkov to update 
-
-
-github_actions scan results:
-
-Passed checks: 86, Failed checks: 5, Skipped checks: 0
-
-Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
-	PASSED for resource: on(checkov)
-	File: /.github/workflows/checkov.yaml:5-12
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(scan)
-	File: /.github/workflows/checkov.yaml:13-35
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(scan)
-	File: /.github/workflows/checkov.yaml:13-35
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(scan)
-	File: /.github/workflows/checkov.yaml:13-35
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(scan)
-	File: /.github/workflows/checkov.yaml:13-35
-Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/checkov.yaml:12-35
-Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/checkov.yaml:12-35
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(scan).steps[1]
-	File: /.github/workflows/checkov.yaml:21-24
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(scan).steps[2](Checkov GitHub Action)
-	File: /.github/workflows/checkov.yaml:23-30
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(scan).steps[3](Upload SARIF file)
-	File: /.github/workflows/checkov.yaml:29-35
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(scan).steps[1]
-	File: /.github/workflows/checkov.yaml:21-24
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(scan).steps[2](Checkov GitHub Action)
-	File: /.github/workflows/checkov.yaml:23-30
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(scan).steps[3](Upload SARIF file)
-	File: /.github/workflows/checkov.yaml:29-35
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(scan).steps[1]
-	File: /.github/workflows/checkov.yaml:21-24
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(scan).steps[2](Checkov GitHub Action)
-	File: /.github/workflows/checkov.yaml:23-30
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(scan).steps[3](Upload SARIF file)
-	File: /.github/workflows/checkov.yaml:29-35
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(scan).steps[1]
-	File: /.github/workflows/checkov.yaml:21-24
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(scan).steps[2](Checkov GitHub Action)
-	File: /.github/workflows/checkov.yaml:23-30
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(scan).steps[3](Upload SARIF file)
-	File: /.github/workflows/checkov.yaml:29-35
-Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
-	PASSED for resource: on(Release Charts)
-	File: /.github/workflows/helm-release.yaml:4-13
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(release)
-	File: /.github/workflows/helm-release.yaml:14-56
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(release)
-	File: /.github/workflows/helm-release.yaml:14-56
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(release)
-	File: /.github/workflows/helm-release.yaml:14-56
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(release)
-	File: /.github/workflows/helm-release.yaml:14-56
-Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/helm-release.yaml:13-56
-Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/helm-release.yaml:13-56
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(release).steps[1](Checkout)
-	File: /.github/workflows/helm-release.yaml:21-27
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(release).steps[2](Configure Git)
-	File: /.github/workflows/helm-release.yaml:26-32
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(release).steps[3](Install Helm)
-	File: /.github/workflows/helm-release.yaml:31-37
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(release).steps[4](Helm package)
-	File: /.github/workflows/helm-release.yaml:36-47
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(release).steps[5](Releasing tags and publishing charts)
-	File: /.github/workflows/helm-release.yaml:46-56
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(release).steps[1](Checkout)
-	File: /.github/workflows/helm-release.yaml:21-27
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(release).steps[2](Configure Git)
-	File: /.github/workflows/helm-release.yaml:26-32
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(release).steps[3](Install Helm)
-	File: /.github/workflows/helm-release.yaml:31-37
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(release).steps[4](Helm package)
-	File: /.github/workflows/helm-release.yaml:36-47
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(release).steps[5](Releasing tags and publishing charts)
-	File: /.github/workflows/helm-release.yaml:46-56
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(release).steps[1](Checkout)
-	File: /.github/workflows/helm-release.yaml:21-27
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(release).steps[2](Configure Git)
-	File: /.github/workflows/helm-release.yaml:26-32
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(release).steps[3](Install Helm)
-	File: /.github/workflows/helm-release.yaml:31-37
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(release).steps[4](Helm package)
-	File: /.github/workflows/helm-release.yaml:36-47
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(release).steps[5](Releasing tags and publishing charts)
-	File: /.github/workflows/helm-release.yaml:46-56
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(release).steps[1](Checkout)
-	File: /.github/workflows/helm-release.yaml:21-27
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(release).steps[2](Configure Git)
-	File: /.github/workflows/helm-release.yaml:26-32
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(release).steps[3](Install Helm)
-	File: /.github/workflows/helm-release.yaml:31-37
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(release).steps[4](Helm package)
-	File: /.github/workflows/helm-release.yaml:36-47
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(release).steps[5](Releasing tags and publishing charts)
-	File: /.github/workflows/helm-release.yaml:46-56
-Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
-	PASSED for resource: on(changelog)
-	File: /.github/workflows/changelog.yml:4-9
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(changelog)
-	File: /.github/workflows/changelog.yml:10-14
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(changelog)
-	File: /.github/workflows/changelog.yml:10-14
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(changelog)
-	File: /.github/workflows/changelog.yml:10-14
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(changelog)
-	File: /.github/workflows/changelog.yml:10-14
-Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/changelog.yml:9-14
-Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/changelog.yml:9-14
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(helm-check)
-	File: /.github/workflows/helm-template.yaml:5-26
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(helm-check)
-	File: /.github/workflows/helm-template.yaml:5-26
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(helm-check)
-	File: /.github/workflows/helm-template.yaml:5-26
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(helm-check)
-	File: /.github/workflows/helm-template.yaml:5-26
-Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/helm-template.yaml:4-26
-Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/helm-template.yaml:4-26
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(helm-check).steps[1]
-	File: /.github/workflows/helm-template.yaml:8-10
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(helm-check).steps[2](helm-check-helmchart)
-	File: /.github/workflows/helm-template.yaml:9-15
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(helm-check).steps[3](helm-check-cronjob)
-	File: /.github/workflows/helm-template.yaml:14-21
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(helm-check).steps[4](Run helm unittest)
-	File: /.github/workflows/helm-template.yaml:20-26
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(helm-check).steps[1]
-	File: /.github/workflows/helm-template.yaml:8-10
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(helm-check).steps[2](helm-check-helmchart)
-	File: /.github/workflows/helm-template.yaml:9-15
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(helm-check).steps[3](helm-check-cronjob)
-	File: /.github/workflows/helm-template.yaml:14-21
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(helm-check).steps[4](Run helm unittest)
-	File: /.github/workflows/helm-template.yaml:20-26
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(helm-check).steps[1]
-	File: /.github/workflows/helm-template.yaml:8-10
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(helm-check).steps[2](helm-check-helmchart)
-	File: /.github/workflows/helm-template.yaml:9-15
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(helm-check).steps[3](helm-check-cronjob)
-	File: /.github/workflows/helm-template.yaml:14-21
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(helm-check).steps[4](Run helm unittest)
-	File: /.github/workflows/helm-template.yaml:20-26
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(helm-check).steps[1]
-	File: /.github/workflows/helm-template.yaml:8-10
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(helm-check).steps[2](helm-check-helmchart)
-	File: /.github/workflows/helm-template.yaml:9-15
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(helm-check).steps[3](helm-check-cronjob)
-	File: /.github/workflows/helm-template.yaml:14-21
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(helm-check).steps[4](Run helm unittest)
-	File: /.github/workflows/helm-template.yaml:20-26
-Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
-	PASSED for resource: on(Helm Docs)
-	File: /.github/workflows/helm-docs.yaml:4-12
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(install-helm-docs)
-	File: /.github/workflows/helm-docs.yaml:13-21
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(install-helm-docs)
-	File: /.github/workflows/helm-docs.yaml:13-21
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(install-helm-docs)
-	File: /.github/workflows/helm-docs.yaml:13-21
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(install-helm-docs)
-	File: /.github/workflows/helm-docs.yaml:13-21
-Check: CKV_GHA_6: "Found artifact build without evidence of cosign sbom attestation in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/helm-docs.yaml:12-21
-Check: CKV_GHA_5: "Found artifact build without evidence of cosign sign execution in pipeline"
-	PASSED for resource: jobs
-	File: /.github/workflows/helm-docs.yaml:12-21
-Check: CKV_GHA_4: "Suspicious use of netcat with IP address"
-	PASSED for resource: jobs(install-helm-docs).steps[1](Install Helm Docs)
-	File: /.github/workflows/helm-docs.yaml:16-21
-Check: CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
-	PASSED for resource: jobs(install-helm-docs).steps[1](Install Helm Docs)
-	File: /.github/workflows/helm-docs.yaml:16-21
-Check: CKV_GHA_1: "Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables"
-	PASSED for resource: jobs(install-helm-docs).steps[1](Install Helm Docs)
-	File: /.github/workflows/helm-docs.yaml:16-21
-Check: CKV_GHA_3: "Suspicious use of curl with secrets"
-	PASSED for resource: jobs(install-helm-docs).steps[1](Install Helm Docs)
-	File: /.github/workflows/helm-docs.yaml:16-21
-Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
-	FAILED for resource: on(checkov)
-	File: /.github/workflows/checkov.yaml:13-14
-Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
-	FAILED for resource: on(Release Charts)
-	File: /.github/workflows/helm-release.yaml:14-15
-Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
-	FAILED for resource: on(changelog)
-	File: /.github/workflows/changelog.yml:2-3
-Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
-	FAILED for resource: on(Helm CI)
-	File: /.github/workflows/helm-template.yaml:0-1
-Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
-	FAILED for resource: on(Helm Docs)
-	File: /.github/workflows/helm-docs.yaml:0-1
-

From 8d3a43e38a140633948f8a3a2862400b23f6d7fa Mon Sep 17 00:00:00 2001
From: Azzy-Dev <118063625+Arzianghanchi@users.noreply.github.com>
Date: Sat, 1 Mar 2025 00:11:51 +0530
Subject: [PATCH 6/6] fix/error-checkov-workflow

---
 .github/workflows/checkov.yaml | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml
index 5275615..b6a9223 100644
--- a/.github/workflows/checkov.yaml
+++ b/.github/workflows/checkov.yaml
@@ -1,25 +1,22 @@
 name: checkov
 
 on:
-  # Triggers the workflow on push or pull request events but only for the "main" branch
-  push:
-    branches: [ "main", "master" ]
+  # Triggers the workflow on pull request events but only for the "main" branch
   pull_request:
     branches: [ "main", "master" ]
   workflow_dispatch:
-
+  
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+  actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ 
 jobs:
   scan:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-      
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v3
-
       - name: Checkov GitHub Action
         uses: bridgecrewio/checkov-action@v12
         with: