From 5f81f1e4f6f1050c3f90248d361eecaa200b7120 Mon Sep 17 00:00:00 2001 From: Deepanshu Jain Date: Wed, 17 Jun 2026 21:12:35 +0530 Subject: [PATCH 1/3] Add Checkov workflow for security scanning --- .github/workflows/checkov.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/checkov.yml diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml new file mode 100644 index 000000000..00e3ec636 --- /dev/null +++ b/.github/workflows/checkov.yml @@ -0,0 +1,32 @@ +name: checkov +on: + pull_request: + push: + branches: + - main +jobs: + scan: + runs-on: ubuntu-latest + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for GitHub/codeql-action/upload-sarif to upload SARIF results + + steps: + - uses: actions/checkout@v2 + + - name: Run checkov + id: checkov + uses: bridgecrewio/checkov-action@master + with: + directory: code/ + #soft_fail: true + + - name: Upload SARIF file + uses: GitHub/codeql-action/upload-sarif@v3 + + # Results are generated only on a success or failure + # this is required since GitHub by default won't run the next step + # when the previous one has failed. Alternatively, enable soft_fail in checkov action. + if: success() || failure() + with: + sarif_file: results.sarif From cab61c22fcec042c26e0a2bdd99e661f58af818f Mon Sep 17 00:00:00 2001 From: Deepanshu Jain Date: Wed, 17 Jun 2026 21:27:46 +0530 Subject: [PATCH 2/3] Create gcs.tf --- code/build/gcs.tf | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 code/build/gcs.tf diff --git a/code/build/gcs.tf b/code/build/gcs.tf new file mode 100644 index 000000000..54401aa6d --- /dev/null +++ b/code/build/gcs.tf @@ -0,0 +1,21 @@ +provider "google" { + project = "qwiklabs-gcp-02-7844b2f38bed" + region = "us-central1" +} + +resource "google_storage_bucket" "example" { + name = "demo-${random_id.rand_suffix.hex}" + location = "us-central1" + force_destroy = true + + uniform_bucket_level_access = false + public_access_prevention = "enforced" +} + +resource "random_id" "rand_suffix" { + byte_length = 4 +} + +output "bucket_name" { + value = google_storage_bucket.example.name +} From 4023e6cff78932f548a5874d3850f7fe57bcadec Mon Sep 17 00:00:00 2001 From: Deepanshu Jain Date: Wed, 17 Jun 2026 21:32:34 +0530 Subject: [PATCH 3/3] Fix formatting in checkov.yml for SARIF file