mirror of
https://github.com/katanemo/plano.git
synced 2026-05-02 12:22:43 +02:00
38646fdac2
* Add Trivy Docker image security scan workflow Scans the Docker image for CRITICAL and HIGH vulnerabilities using Trivy. Blocks PRs on failures; runs non-blocking on main for visibility. Results are uploaded to the GitHub Security tab via SARIF. * Add explicit permissions to Docker security scan workflow Set minimal permissions: contents read for checkout, security-events write for SARIF upload to the GitHub Security tab. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix 27 HIGH vulnerabilities found by Trivy Docker scan - Install supervisor via pip instead of apt to eliminate 22 Debian python3.13 package vulnerabilities - Pin urllib3>=2.6.3 to fix CVE-2025-66418, CVE-2025-66471, CVE-2026-21441 - Add ignore-unfixed to Trivy scan to suppress unfixable glibc CVE-2026-0861 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| docker-push-main.yml | ||
| docker-push-release.yml | ||
| docker-security-scan.yml | ||
| e2e_plano_tests.yml | ||
| e2e_test_currency_convert.yml | ||
| e2e_test_preference_based_routing.yml | ||
| e2e_tests.yml | ||
| ghrc-push-main.yml | ||
| ghrc-push-release.yml | ||
| plano_tools_tests.yml | ||
| pre-commit.yml | ||
| publish-pypi.yml | ||
| rust_tests.yml | ||
| static.yml | ||
| validate_plano_config.yml | ||