William Zujkowski williamzujkowski
williamzujkowski
/ security-scan-workflow-complete.yml
Created
November 1, 2025 15:48
Complete GitHub Actions security scanning workflow with Grype, OSV-Scanner, Trivy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Complete GitHub Actions Security Scanning Workflow | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Automated vulnerability scanning with Grype, OSV-Scanner, and Trivy | |
| # Usage: Add to .github/workflows/security-scan.yml in your repository | |
| name: Security Scanning Pipeline | |
| on: | |
| push: | |
| branches: [main, develop] |
williamzujkowski
/ scheduled-security-scans.yml
Created
November 1, 2025 15:48
Daily scheduled security scans with matrix strategy and SIEM integration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Daily Scheduled Security Scans | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Run security scans on production images daily and compare with baseline | |
| # Usage: Add to .github/workflows/scheduled-scan.yml | |
| name: Daily Security Scan | |
| on: | |
| schedule: | |
| - cron: '0 6 * * *' # Daily at 6 AM UTC |
williamzujkowski
/ sbom-generation-workflow.yml
Created
November 1, 2025 15:48
SBOM generation workflow with CycloneDX and GitHub release upload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SBOM Generation and Vulnerability Scanning Workflow | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Generate Software Bill of Materials (SBOM) and scan for vulnerabilities | |
| # Usage: Add to .github/workflows/sbom-scan.yml - runs on release | |
| name: SBOM Generation and Scanning | |
| on: | |
| release: | |
| types: [published] |
williamzujkowski
/ security-scan-workflow-complete.yml
Created
November 1, 2025 15:48
Complete GitHub Actions security scanning workflow with Grype, OSV-Scanner, Trivy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Complete GitHub Actions Security Scanning Workflow | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Automated vulnerability scanning with Grype, OSV-Scanner, and Trivy | |
| # Usage: Add to .github/workflows/security-scan.yml in your repository | |
| name: Security Scanning Pipeline | |
| on: | |
| push: | |
| branches: [main, develop] |
williamzujkowski
/ scheduled-security-scans.yml
Created
November 1, 2025 15:48
Daily scheduled security scans with matrix strategy and SIEM integration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Daily Scheduled Security Scans | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Run security scans on production images daily and compare with baseline | |
| # Usage: Add to .github/workflows/scheduled-scan.yml | |
| name: Daily Security Scan | |
| on: | |
| schedule: | |
| - cron: '0 6 * * *' # Daily at 6 AM UTC |
williamzujkowski
/ sbom-generation-workflow.yml
Created
November 1, 2025 15:48
SBOM generation workflow with CycloneDX and GitHub release upload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SBOM Generation and Vulnerability Scanning Workflow | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Generate Software Bill of Materials (SBOM) and scan for vulnerabilities | |
| # Usage: Add to .github/workflows/sbom-scan.yml - runs on release | |
| name: SBOM Generation and Scanning | |
| on: | |
| release: | |
| types: [published] |
williamzujkowski
/ auto-remediate-vulnerabilities.yml
Created
November 1, 2025 15:48
Weekly scheduled auto-remediation with OSV scanning and PR creation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Automated Vulnerability Remediation Workflow | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Automatically update dependencies to fix vulnerabilities and create PR | |
| # Usage: Add to .github/workflows/auto-remediate.yml - runs weekly | |
| name: Automated Vulnerability Remediation | |
| on: | |
| schedule: | |
| - cron: '0 3 * * 1' # Weekly on Monday |
williamzujkowski
/ grype-config.yaml
Created
November 1, 2025 15:48
Grype vulnerability scanner configuration with ignore rules and severity thresholds
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Grype Vulnerability Scanner Configuration | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Configure Grype scanner with ignore rules and severity thresholds | |
| # Usage: Save as .grype.yaml in project root | |
| # Exclude false positives | |
| ignore: | |
| - vulnerability: CVE-2023-12345 | |
| reason: "Not applicable - feature not used" | |
| expiration: 2025-12-31 |
williamzujkowski
/ osv-scanner-config.toml
Created
November 1, 2025 15:48
OSV-Scanner configuration with ignore rules and parallel scanning
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # OSV-Scanner Configuration | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Configure OSV-Scanner for dependency scanning with ignore rules | |
| # Usage: Save as osv-scanner.toml in project root | |
| [ignore] | |
| # Ignore specific vulnerabilities | |
| vulnerabilities = [ | |
| "GHSA-xxxx-yyyy-zzzz" | |
| ] |
williamzujkowski
/ trivy-opa-policy.rego
Created
November 1, 2025 15:48
Trivy OPA policy with critical deny rules and high severity warnings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Trivy OPA Policy for Security Scanning | |
| # Source: https://williamzujkowski.github.io/posts/2025-10-06-automated-security-scanning-pipeline/ | |
| # Purpose: Define security policies using Open Policy Agent (OPA) | |
| # Usage: Save as policy/security.rego and reference with trivy --policy | |
| package trivy | |
| # Deny images with critical vulnerabilities | |
| deny[msg] { | |
| input.Vulnerabilities[_].Severity == "CRITICAL" |
OlderNewer