Disable old TLS protocol support #2
Conversation
There was a problem hiding this comment.
Pull Request Overview
This pull request disables support for older, insecure TLS protocol versions by updating the nginx configuration to only support TLSv1.2 and TLSv1.3 (removing TLSv1 and TLSv1.1), while also modernizing the GitHub Actions workflow for building and pushing Docker images to Amazon ECR with enhanced security scanning and notifications.
Key Changes:
- Updated nginx to use only TLSv1.2 and TLSv1.3, removing outdated TLSv1 and TLSv1.1 protocols
- Migrated CI/CD workflow from legacy action to modern AWS OIDC authentication with direct ECR integration
- Added Trivy vulnerability scanning with Slack notifications for security findings
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| nginx.conf.template | Updated ssl_protocols to disable TLSv1 and TLSv1.1, enabling only TLSv1.2 and TLSv1.3 |
| .github/workflows/build-and-push.yml | Complete workflow rewrite: migrated to OIDC authentication, added Docker Buildx, integrated Trivy security scanning, and implemented Slack notification system for scan results |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| with: | ||
| registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com | ||
| username: AWS | ||
| password: ${{ steps.configure-aws-credentials.outputs.aws-session-token }} |
There was a problem hiding this comment.
The step ID reference is incorrect. The 'Configure AWS credentials' step at line 32 is not assigned an ID, so steps.configure-aws-credentials.outputs.aws-session-token will be undefined. Add id: configure-aws-credentials to the AWS credentials configuration step.
now uses our new version that relies on community actions
lbjay
force-pushed
the
t/jluker-disable-old-tls
branch
from
2e7be1d to
c6e5d0b
Compare
No description provided.