bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity
122 Commits 19 Branches 0 Tags
5497ea908cd767c6433786811d4a4e749a3439bd
Commit Graph

3 Commits

Author SHA1 Message Date
Mondo Diaz
5497ea908c Fix CI pipeline issues 
- Add gitleaks:allow inline comments to prevent false positives on s3_key
- Clean up .gitleaksignore (no longer need commit-specific fingerprints)
- Simplify integration tests to read-only operations (write ops require auth)
 2026-01-14 15:32:55 +00:00
Mondo Diaz
8833d4bcb7 Add gitleaks ignore for new commit SHA 2026-01-13 23:03:08 +00:00
Mondo Diaz
4ec91b46ed Fix security scan issues and harden docker-compose 
Hadolint fixes:
- Use printf instead of echo for escape sequences
- Add hadolint ignore for apt pin version (DL3008)

KICS fixes (docker-compose):
- Add security_opt: no-new-privileges to all services
- Add mem_limit and cpus to prevent resource exhaustion
- Add healthcheck to orchard-server in docker-compose.yml

Gitleaks:
- Add .gitleaksignore for false positive (s3_key attribute name)
- Remove allow_failure from secrets job (now blocking)

Also:
- Remove || echo fallback from python_tests (tests should fail pipeline)
 2026-01-13 22:40:51 +00:00