Skip to content

Add Trivy security scan workflow and helper scripts for vulnerability…#1

Closed
success-ng wants to merge 20 commits into
mainfrom
demo/action
Closed

Add Trivy security scan workflow and helper scripts for vulnerability…#1
success-ng wants to merge 20 commits into
mainfrom
demo/action

Conversation

@success-ng
Copy link
Copy Markdown
Member

@success-ng success-ng commented Oct 27, 2025

… reporting

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Oct 27, 2025
edited
Loading

🔒 Trivy Security Scan Results

Scan Summary:

  • 🎯 Severity Filter: CRITICAL, HIGH
  • 📦 Total Vulnerabilities: 6
  • ⚠️ Critical: 1
  • 🔶 High: 5
  • 📅 Scan Time: 16:50:37 27/10/2025

📋 Vulnerability Details

Severity CVE/ID Package Current Fixed Description
🟠 HIGH CVE-2024-6221 Flask-Cors 4.0.0 4.0.2 A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Ac ...
🔴 CRITICAL CVE-2024-36039 PyMySQL 1.1.0 1.1.1 python-pymysql: SQL injection if used with untrusted JSON input
🟠 HIGH CVE-2024-34069 Werkzeug 2.2.3 3.0.3 python-werkzeug: user may execute code on a developer's machine
🟠 HIGH CVE-2024-1135 gunicorn 21.0.1 22.0.0 python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-E
🟠 HIGH CVE-2024-6827 gunicorn 21.0.1 22.0.0 gunicorn: HTTP Request Smuggling in benoitc/gunicorn
🟠 HIGH CVE-2023-52323 pycryptodome 3.12.0 3.19.1 pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycry

🔧 Recommendations

  1. Review all CRITICAL vulnerabilities immediately
  2. Update affected packages to fixed versions
  3. Check for available patches or workarounds

🤖 Automated by Trivy Scanner | Run #18836731731 | View Workflow

@blc-congnt4
Add PyMySQL dependency to requirements
2374387
@blc-congnt4
Update requirements.txt to include comprehensive list of dependencies
72f172e
@blc-congnt4
Add SARIF upload step to GitHub Security for Trivy scan results
4db5f9e
@blc-congnt4
Remove obsolete bot-chat-gpt zip and related CSV export files
db97000
@blc-congnt4
Change runner from self-hosted to ubuntu for Trivy Security Scan job
6e22494
@blc-congnt4
Update runner for Trivy Security Scan job to use ubuntu-latest
8f1ff3f
@blc-congnt4
Add HTTP endpoint notification for Trivy scan results
3ac6a2d
@blc-congnt4
Add webhook notification for Trivy scan results
033ba38
@blc-congnt4
Add https module import to trivy-comment.js
f2a8b66
@blc-congnt4
Fix comment formatting for raw scan output section in Trivy template
0730f25
@blc-congnt4
Add chat template for Trivy scan results and update payload structure
2d944b2
@blc-congnt4
Update Trivy chat template for improved formatting and add secret man…
6e52031 
…agement for webhook URL in PR agent workflow
@blc-congnt4
Refactor Trivy chat template for improved readability and formatting
68662fe
@blc-congnt4
Refactor Trivy chat template for improved structure and readability
9bcea60
@blc-congnt4
Refactor PR agent workflow and add Trivy security scan job
79c90f5
@blc-congnt4
Remove unnecessary pull request types from PR agent workflow
a3dea7b
@blc-congnt4
Add pull request types to ensure all main events are captured
91c96ea
@blc-congnt4
Add PR commands to GitHub Action configuration for enhanced functiona…
a006e0a 
…lity
@success-ng success-ng closed this Oct 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@success-ng @blc-congnt4