Mondo Diaz
|
fd18f1d518
|
Add gitleaks fingerprints for historical commits
|
2026-01-14 18:15:25 +00:00 |
|
Mondo Diaz
|
156f35dcbf
|
Fix CI pipeline issues
- Add gitleaks:allow inline comments to prevent false positives on s3_key
- Clean up .gitleaksignore (no longer need commit-specific fingerprints)
- Simplify integration tests to read-only operations (write ops require auth)
|
2026-01-14 18:15:25 +00:00 |
|
Mondo Diaz
|
522db88ca7
|
Add gitleaks ignore for new commit SHA
|
2026-01-14 18:15:25 +00:00 |
|
Mondo Diaz
|
1a7fb3e5ba
|
Fix security scan issues and harden docker-compose
Hadolint fixes:
- Use printf instead of echo for escape sequences
- Add hadolint ignore for apt pin version (DL3008)
KICS fixes (docker-compose):
- Add security_opt: no-new-privileges to all services
- Add mem_limit and cpus to prevent resource exhaustion
- Add healthcheck to orchard-server in docker-compose.yml
Gitleaks:
- Add .gitleaksignore for false positive (s3_key attribute name)
- Remove allow_failure from secrets job (now blocking)
Also:
- Remove || echo fallback from python_tests (tests should fail pipeline)
|
2026-01-14 18:15:25 +00:00 |
|