Skip to content

feat(ci): add Checkov security scanning workflow #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

feat(ci): add Checkov security scanning workflow #95

wants to merge 2 commits into from

Conversation

@t0mmylam
Copy link
Collaborator

@t0mmylam t0mmylam commented Aug 28, 2025
edited
Loading

Summary

Adds automated security scanning using Checkov to detect infrastructure security issues in PRs.

Depends on #96

Changes

  • Add .github/workflows/security-checkov.yaml workflow
  • Scans Dockerfiles, Kubernetes manifests, and Helm charts
  • Excludes test directories to reduce noise
  • Triggers on PR and push to main

Implementation

  • Uses official bridgecrewio/checkov-action@master
  • Minimal inline configuration
  • CLI output format
  • No additional config files required

Workflow will run automatically on this PR and future changes.

@ayuskauskas
Copy link
Collaborator

ayuskauskas commented Sep 2, 2025

Can you add a dummy change to the chart to make sure checkov does run and that it passes. I don't want to merge a check that will immediately block the next PR.

@t0mmylam
Copy link
Collaborator Author

t0mmylam commented Sep 2, 2025

Can you add a dummy change to the chart to make sure checkov does run and that it passes. I don't want to merge a check that will immediately block the next PR.

This PR actually won't get merged until all the fixes get resolved due to this reason. I probably should've made that clear or waited before opening this.

@ayuskauskas
Copy link
Collaborator

ayuskauskas commented Sep 2, 2025

We should just merge this into the other one then. That way that PR can known to be good before merging.

@t0mmylam t0mmylam closed this Sep 2, 2025
@t0mmylam t0mmylam deleted the checkov branch October 9, 2025 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lockwobr lockwobr Awaiting requested review from lockwobr lockwobr is a code owner

@mskalka mskalka Awaiting requested review from mskalka mskalka is a code owner

@ayuskauskas ayuskauskas Awaiting requested review from ayuskauskas ayuskauskas is a code owner

@riceriley59 riceriley59 Awaiting requested review from riceriley59 riceriley59 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@t0mmylam @ayuskauskas