Skip to content

feat(lab9): Trivy/ZAP scans, security headers middleware, govulncheck CI#1389

Open
markovav-official wants to merge 6 commits into
inno-devops-labs:mainfrom
markovav-official:feature/lab9
Open

feat(lab9): Trivy/ZAP scans, security headers middleware, govulncheck CI#1389
markovav-official wants to merge 6 commits into
inno-devops-labs:mainfrom
markovav-official:feature/lab9

Conversation

@markovav-official

Copy link
Copy Markdown

Goal

Scan QuickNotes with Trivy and OWASP ZAP, triage findings, fix security headers via middleware, and add govulncheck as a CI gate.

Changes

  • app/security.go — security headers middleware (CSP, X-Frame-Options, Cache-Control, etc.) + unit test
  • app/DockerfileUSER nonroot:nonroot (Trivy config fix)
  • .github/workflows/ci.ymlgovulncheck@v1.1.4 job
  • submissions/lab9.md + scan artifacts in submissions/attachments/lab9/

Testing

  • Trivy image/fs/config scans + CycloneDX SBOM captured
  • ZAP baseline before/after; /health headers verified with curl
  • go test ./... passes including TestSecurityHeaders_PresentOnAllRoutes
  • govulncheck red demo on golang.org/x/crypto@v0.3.0 in isolated module

Checklist

  • Title is a clear sentence (≤ 70 chars)
  • Commits are signed (git log --show-signature)
  • submissions/lab9.md updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant