fix: remediate 7 VlamGuard policy failures

[github-actions]

Summary

{"description": "The production deployment of the backend service has critical security risks that require immediate attention. Two hardcoded secrets (database credentials and application secret) were detected in environment variables, and the container grants excessive Linux capabilities (SYS_ADMIN), violating Pod Security Standards. The LoadBalancer service also exposes the application externally without clear justification. These issues create significant attack surfaces for privilege escalation, data breaches, and unauthorized access."}

VlamGuard Report

	Risk Score	Risk Level	Grade	Hard Blocks
Before	100/100	critical	F	3
After	100/100	critical	F	3

Fixes Applied

Check ID	File	Description
excessive_capabilities	demo/charts/security-scan-showcase/values.yaml	Applied static remediation: capabilities
service_account_token	demo/charts/security-scan-showcase/values.yaml	Applied static remediation: automountServiceAccountToken
allow_privilege_escalation	demo/charts/security-scan-showcase/values.yaml	Applied static remediation: allowPrivilegeEscalation

Unfixed (Manual Action Required)

• exposed_services
• pod_security_standards
• drop_all_capabilities
• container_port_name

Related Issue

Closes #43

---

Generated by VlamGuard