Skip to content

ci: add release protocol security gates#4

Open
fheikens wants to merge 1 commit intomainfrom
ci/release-protocol-gates
Open

ci: add release protocol security gates#4
fheikens wants to merge 1 commit intomainfrom
ci/release-protocol-gates

Conversation

@fheikens
Copy link
Copy Markdown
Contributor

@fheikens fheikens commented Mar 24, 2026

Summary

  • Add Trivy filesystem + config scan jobs (fail on CRITICAL/HIGH)
  • Add gitleaks secret detection
  • Update Go from 1.24 to 1.25
  • Pin runner to ubuntu-24.04
  • Pin trivy-action to @0.31.0

Part of Elevarq-wide release protocol standardization.

Release gates now enforced in CI

  • Correctness: Go vet, tests, boundary tests, build
  • Security: Trivy (vuln + secret + config), gitleaks
  • Artifact: SBOM generation (TODO — add on release workflow)
  • Supply chain: cosign signing (TODO — add on release workflow)

🤖 Generated with Claude Code

@fheikens @claude
ci: add security scan gates, update Go to 1.25, pin runners
826ad4a 
- Add Trivy filesystem + config scan jobs (fail on CRITICAL/HIGH)
- Add gitleaks secret detection
- Update Go from 1.24 to 1.25
- Pin runner to ubuntu-24.04 for reproducibility
- Pin trivy-action to @0.31.0

Part of Elevarq release protocol standardization.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fheikens