Skip to content

Add automated security scanning (CodeQL, Trivy, OpenSSF Scorecard) #123

New issue
New issue
Open
Chore
#124
Open
Add automated security scanning (CodeQL, Trivy, OpenSSF Scorecard)#123
Chore
#124
Assignees
ausbru87
Labels
github_actionsPull requests that update GitHub Actions code
@ausbru87

Description

@ausbru87
ausbru87
opened on Oct 12, 2025

code-marketplace is used by air-gapped users in regulated and security-conscious environments. Given this security-critical use case, we should implement automated security scanning similar to what exists in the main https://github.com/coder/coder repository.

Currently, code-marketplace lacks automated vulnerability scanning, which means:

  • Go dependency vulnerabilities may go undetected
  • Docker image vulnerabilities are not automatically discovered
  • No continuous code security analysis
  • No security best practices assessment

Metadata

Metadata

Assignees

Labels

github_actionsPull requests that update GitHub Actions code

Type

Chore

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions