pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity
109 Commits 2 Branches 0 Tags
ad7f4e2b1c62b3929b9d4b01949caa0ac25cf7e7
Commit Graph

1 Commits

Author SHA1 Message Date
Patrick Plate ad7f4e2b1c feat(ci): add security scanning pipeline — OWASP, Trivy, Gitleaks, pnpm audit
CI — Build, Lint & Security Scan / backend (push) Failing after 1m54s
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
Details
Deploy to TrueNAS / deploy (push) Has been cancelled
Details 
New CI workflow (.gitea/workflows/ci.yml) runs on every push to main:
- Backend: Maven compile + test + OWASP Dependency-Check (fails on CVSS>=7)
- Frontend: pnpm lint + type-check + pnpm audit (fails on High/Critical)
- Docker image scan: Trivy for both backend/frontend images (High/Critical)
- Secrets detection: Gitleaks full-repo scan

Deploy workflow remains independent (self-hosted runner limitation).
Both workflows run in parallel on push to main.
 2026-06-19 09:15:20 +02:00