From d32c80d97cb0c9ea245d9330ba1958dc2ac8f444 Mon Sep 17 00:00:00 2001 From: ktech810 Date: Tue, 10 Mar 2026 16:38:49 -0700 Subject: [PATCH 01/13] Create kscan.yml --- .github/workflows/kscan.yml | 56 +++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/workflows/kscan.yml diff --git a/.github/workflows/kscan.yml b/.github/workflows/kscan.yml new file mode 100644 index 0000000000..2c600805a8 --- /dev/null +++ b/.github/workflows/kscan.yml @@ -0,0 +1,56 @@ +name: Build and Scan Images + +on: + push: + branches: [ main ] + +jobs: + build-and-scan: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to ECR + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build images + run: | + docker build -t 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_vote:latest ./vote + docker build -t 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_result:latest ./result + docker build -t 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_worker:latest ./worker + + - name: Install Sysdig CLI Scanner + run: | + curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner" + chmod +x sysdig-cli-scanner + + - name: Scan images + env: + SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} + run: | + ./sysdig-cli-scanner \ + --apiurl https://secure.us4.sysdig.com \ + 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_vote:latest + + ./sysdig-cli-scanner \ + --apiurl https://secure.us4.sysdig.com \ + 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_result:latest + + ./sysdig-cli-scanner \ + --apiurl https://secure.us4.sysdig.com \ + 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_worker:latest + + - name: Push images to ECR + run: | + docker push 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_vote:latest + docker push 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_result:latest + docker push 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_worker:latest From 3a5a14f7e11a0738be69f2fe69ac646cea8542af Mon Sep 17 00:00:00 2001 From: ktech810 Date: Tue, 10 Mar 2026 16:59:52 -0700 Subject: [PATCH 02/13] Update kscan.yml --- .github/workflows/kscan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/kscan.yml b/.github/workflows/kscan.yml index 2c600805a8..a70345f363 100644 --- a/.github/workflows/kscan.yml +++ b/.github/workflows/kscan.yml @@ -38,15 +38,15 @@ jobs: SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} run: | ./sysdig-cli-scanner \ - --apiurl https://secure.us4.sysdig.com \ + --apiurl https://app.us4.sysdig.com \ 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_vote:latest ./sysdig-cli-scanner \ - --apiurl https://secure.us4.sysdig.com \ + --apiurl https://app.us4.sysdig.com \ 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_result:latest ./sysdig-cli-scanner \ - --apiurl https://secure.us4.sysdig.com \ + --apiurl https://app.us4.sysdig.com \ 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_worker:latest - name: Push images to ECR From 46dfd2febc6a1b4d229844579eb1dd10b7fc77a1 Mon Sep 17 00:00:00 2001 From: ktech810 Date: Tue, 10 Mar 2026 17:31:33 -0700 Subject: [PATCH 03/13] Update kscan.yml --- .github/workflows/kscan.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/kscan.yml b/.github/workflows/kscan.yml index a70345f363..44bf4c94ad 100644 --- a/.github/workflows/kscan.yml +++ b/.github/workflows/kscan.yml @@ -34,6 +34,7 @@ jobs: chmod +x sysdig-cli-scanner - name: Scan images + continue-on-error: true env: SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} run: | From 14f44da7f68de8ad98036b9db880c9b974ecd2ed Mon Sep 17 00:00:00 2001 From: ktech810 Date: Wed, 11 Mar 2026 08:22:40 -0700 Subject: [PATCH 04/13] Update kscan.yml --- .github/workflows/kscan.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/kscan.yml b/.github/workflows/kscan.yml index 44bf4c94ad..3a5b5a73aa 100644 --- a/.github/workflows/kscan.yml +++ b/.github/workflows/kscan.yml @@ -33,7 +33,7 @@ jobs: curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner" chmod +x sysdig-cli-scanner - - name: Scan images + - name: Scan vote image continue-on-error: true env: SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} @@ -42,10 +42,20 @@ jobs: --apiurl https://app.us4.sysdig.com \ 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_vote:latest + - name: Scan result image + continue-on-error: true + env: + SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} + run: | ./sysdig-cli-scanner \ --apiurl https://app.us4.sysdig.com \ 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_result:latest + - name: Scan worker image + continue-on-error: true + env: + SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} + run: | ./sysdig-cli-scanner \ --apiurl https://app.us4.sysdig.com \ 545009838166.dkr.ecr.us-east-1.amazonaws.com/examplevotingapp_worker:latest From e44f30357144c714d3533c1c8ec24dc7ad72ae52 Mon Sep 17 00:00:00 2001 From: ktech810 Date: Wed, 11 Mar 2026 08:54:12 -0700 Subject: [PATCH 05/13] Create scan_iac.yml --- .github/workflows/scan_iac.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/scan_iac.yml diff --git a/.github/workflows/scan_iac.yml b/.github/workflows/scan_iac.yml new file mode 100644 index 0000000000..86dc059bf1 --- /dev/null +++ b/.github/workflows/scan_iac.yml @@ -0,0 +1,30 @@ +name: Scan IAC + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + iac-scan: + runs-on: ubuntu-latest + + steps: + - name: checkout code + uses: actions/checkout@v3 + + - name: Install Sysdig CLI Scanner + run: | + curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner" + chmod +x sysdig-cli-scanner + + - name: Scan IAC files + continue-on-error: true + env: + SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} + run: | + ./sysdig-cli-scanner \ + --apiurl https://us4.app.sysdig.com \ + --iac \ + k8s-specifications/ From 720cb52e45e42681c0ee8b9b20657cdf2315e172 Mon Sep 17 00:00:00 2001 From: ktech810 Date: Wed, 11 Mar 2026 09:01:57 -0700 Subject: [PATCH 06/13] Changed region to correct one --- .github/workflows/scan_iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scan_iac.yml b/.github/workflows/scan_iac.yml index 86dc059bf1..790bbf8c67 100644 --- a/.github/workflows/scan_iac.yml +++ b/.github/workflows/scan_iac.yml @@ -25,6 +25,6 @@ jobs: SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} run: | ./sysdig-cli-scanner \ - --apiurl https://us4.app.sysdig.com \ + --apiurl https://app.us4.sysdig.com \ --iac \ k8s-specifications/ From 5bb13350b92e6d05a6115318c43f26bc5721aabd Mon Sep 17 00:00:00 2001 From: ktech810 Date: Wed, 11 Mar 2026 09:22:24 -0700 Subject: [PATCH 07/13] Update scan_iac.yml --- .github/workflows/scan_iac.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/scan_iac.yml b/.github/workflows/scan_iac.yml index 790bbf8c67..8d98e6eb75 100644 --- a/.github/workflows/scan_iac.yml +++ b/.github/workflows/scan_iac.yml @@ -3,8 +3,12 @@ name: Scan IAC on: push: branches: [ main ] + paths: + - 'k8s-specifications/**' pull_request: branches: [ main ] + paths: + - 'k8s-specifications/**' jobs: iac-scan: @@ -14,17 +18,13 @@ jobs: - name: checkout code uses: actions/checkout@v3 - - name: Install Sysdig CLI Scanner - run: | - curl -LO "https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/$(curl -L -s https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt)/linux/amd64/sysdig-cli-scanner" - chmod +x sysdig-cli-scanner - name: Scan IAC files continue-on-error: true - env: - SECURE_API_TOKEN: ${{ secrets.SYSDIG_SECURE_TOKEN }} - run: | - ./sysdig-cli-scanner \ - --apiurl https://app.us4.sysdig.com \ - --iac \ - k8s-specifications/ + uses: sysdiglabs/scan-action@v6 + with: + sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }} + sysdig-secure-url: https://app.us4.sysdig.com + cli-scanner-version: 1.9.0 + mode: iac + iac-scan-path: ./k8s-specifications From 7514a359933429e4571231363dcf68fac7a2ebe3 Mon Sep 17 00:00:00 2001 From: ktech810 Date: Wed, 11 Mar 2026 09:28:26 -0700 Subject: [PATCH 08/13] Update worker-deployment.yaml - test From dd27b4eb12591a77392694e3de2b2fdbbd320c90 Mon Sep 17 00:00:00 2001 From: ktech810 Date: Wed, 11 Mar 2026 09:33:55 -0700 Subject: [PATCH 09/13] Update scan_iac.yml --- .github/workflows/scan_iac.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/scan_iac.yml b/.github/workflows/scan_iac.yml index 8d98e6eb75..6ec99e0ede 100644 --- a/.github/workflows/scan_iac.yml +++ b/.github/workflows/scan_iac.yml @@ -18,9 +18,7 @@ jobs: - name: checkout code uses: actions/checkout@v3 - - name: Scan IAC files - continue-on-error: true uses: sysdiglabs/scan-action@v6 with: sysdig-secure-token: ${{ secrets.SYSDIG_SECURE_TOKEN }} From f99c24166c7aefe7eb16c02ff2dca2152e1437a6 Mon Sep 17 00:00:00 2001 From: ktech810 Date: Wed, 11 Mar 2026 09:34:24 -0700 Subject: [PATCH 10/13] Update vote-service.yaml From 0da81c533fcfb06d5df7675bb195b526715c258c Mon Sep 17 00:00:00 2001 From: ktech810 Date: Wed, 11 Mar 2026 09:40:10 -0700 Subject: [PATCH 11/13] Update db-deployment.yaml --- k8s-specifications/db-deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s-specifications/db-deployment.yaml b/k8s-specifications/db-deployment.yaml index bc94ca7368..7c3948212e 100644 --- a/k8s-specifications/db-deployment.yaml +++ b/k8s-specifications/db-deployment.yaml @@ -31,3 +31,4 @@ spec: volumes: - name: db-data emptyDir: {} +# commenting for test From 526c07773f02bf00160995e35171d7fc923bac81 Mon Sep 17 00:00:00 2001 From: ktech810 Date: Fri, 13 Mar 2026 09:25:52 -0700 Subject: [PATCH 12/13] Update db-service.yaml --- k8s-specifications/db-service.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s-specifications/db-service.yaml b/k8s-specifications/db-service.yaml index 104f1e8268..9e143b26d5 100644 --- a/k8s-specifications/db-service.yaml +++ b/k8s-specifications/db-service.yaml @@ -13,3 +13,4 @@ spec: selector: app: db +# commenting for test From e91f8d789a190afe1f42dbaf508a11072b5289e9 Mon Sep 17 00:00:00 2001 From: Kenneth Lee Date: Fri, 13 Mar 2026 10:08:30 -0700 Subject: [PATCH 13/13] my test --- k8s-specifications/vote-deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/k8s-specifications/vote-deployment.yaml b/k8s-specifications/vote-deployment.yaml index 165a9478f8..effb40fd89 100644 --- a/k8s-specifications/vote-deployment.yaml +++ b/k8s-specifications/vote-deployment.yaml @@ -20,3 +20,4 @@ spec: ports: - containerPort: 80 name: vote +# my test