Pipeline now submits results to GitHub code scanning #15
Annotations
2 errors and 15 warnings
|
|
|
|
|
The following actions uses Node.js version which is deprecated and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
|
CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/
|
|
|
|
|
|
|
|
backend/Dockerfile#L6
A user should be specified in the dockerfile, otherwise the image will run as root
|
|
docker-compose.yml#L7
Query to find passwords and secrets in infrastructure code.
|
|
docker-compose.yml#L11
Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
|
|
docker-compose.yml#L3
Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessary capabilities as well.
|
|
docker-compose.yml#L16
Incoming container traffic should be bound to a specific host interface
|
|
docker-compose.yml#L9
Incoming container traffic should be bound to a specific host interface
|
|
docker-compose.yml#L3
Check containers periodically to see if they are running properly.
|
|
docker-compose.yml#L11
Check containers periodically to see if they are running properly.
|
|
backend/Dockerfile#L1
Always tag the version of an image explicitly
|
|
docker-compose.yml#L11
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
|
The logs for this run have expired and are no longer available.
Loading