Mondo Diaz
|
5a5d773999
|
Add gitleaks fingerprints for historical commits
|
2026-01-14 16:00:41 +00:00 |
|
Mondo Diaz
|
5497ea908c
|
Fix CI pipeline issues
- Add gitleaks:allow inline comments to prevent false positives on s3_key
- Clean up .gitleaksignore (no longer need commit-specific fingerprints)
- Simplify integration tests to read-only operations (write ops require auth)
|
2026-01-14 15:32:55 +00:00 |
|
Mondo Diaz
|
8833d4bcb7
|
Add gitleaks ignore for new commit SHA
|
2026-01-13 23:03:08 +00:00 |
|
Mondo Diaz
|
4ec91b46ed
|
Fix security scan issues and harden docker-compose
Hadolint fixes:
- Use printf instead of echo for escape sequences
- Add hadolint ignore for apt pin version (DL3008)
KICS fixes (docker-compose):
- Add security_opt: no-new-privileges to all services
- Add mem_limit and cpus to prevent resource exhaustion
- Add healthcheck to orchard-server in docker-compose.yml
Gitleaks:
- Add .gitleaksignore for false positive (s3_key attribute name)
- Remove allow_failure from secrets job (now blocking)
Also:
- Remove || echo fallback from python_tests (tests should fail pipeline)
|
2026-01-13 22:40:51 +00:00 |
|