fix: ci only when changed files #5
notdodoinfra-scan.yml
on: pull_request
infra-scan
/
Scan with Kics
39s
infra-scan
/
Check Makefile
20s
Annotations
1 error and 9 warnings
|
infra-scan / Check Makefile
Process completed with exit code 2.
|
|
infra-scan / Check Makefile
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
infra-scan / Scan with Kics
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
|
[HIGH] Docker Socket Mounted In Container:
pulumi/docker-compose.yaml#L14
Docker socket docker.sock should not be mounted on host. If the docker socket is mounted, it can allow its processes to execute docker commands.
|
|
[HIGH] Passwords And Secrets - Generic Token:
.github/workflows/pulumi-preview.yml#L71
Query to find passwords and secrets in infrastructure code.
|
|
[HIGH] Passwords And Secrets - Generic Token:
.github/workflows/pulumi-up.yml#L63
Query to find passwords and secrets in infrastructure code.
|
|
[HIGH] Volume Has Sensitive Host Directory:
pulumi/docker-compose.yaml#L14
Container has sensitive host directory mounted as a volume
|
|
[MEDIUM] Container Capabilities Unrestricted:
pulumi/docker-compose.yaml#L2
Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
|
|
[MEDIUM] Healthcheck Not Set:
pulumi/docker-compose.yaml#L2
Check containers periodically to see if they are running properly.
|
|
[MEDIUM] Security Opt Not Set:
pulumi/docker-compose.yaml#L2
Attribute 'security_opt' should be defined.
|