From fc1b8ef429d5ff88d69265b16fa0bfa0ccd9b59c Mon Sep 17 00:00:00 2001 From: william brady Date: Mon, 12 Jan 2026 02:42:13 -0500 Subject: [PATCH 1/3] fix: set permissions on report directory for artifact upload Docker container runs as root, creating reports owned by root. GitHub runner user needs read access for artifact upload step. Add chmod to make reports readable after generation. --- entrypoint.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/entrypoint.sh b/entrypoint.sh index 5c20d76..59d07af 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -375,6 +375,13 @@ echo "Total Findings: $TOTAL" echo "Exit Code: $EXIT_CODE" echo "" +# Fix permissions on report directory so GitHub runner can read the files +# Docker container runs as root, but runner user needs access for artifact upload +if [[ -d "$REPORT_DIR" ]]; then + chmod -R 755 "$REPORT_DIR" 2>/dev/null || true + chmod 644 "$REPORT_DIR"/* 2>/dev/null || true +fi + # If we used fallback report directory, try to copy reports to workspace if [[ "${FALLBACK_REPORT_DIR:-}" == "true" ]]; then WORKSPACE_REPORT_DIR="${GITHUB_WORKSPACE}/.sdlc-code-scanner-reports" From 3051ffbcda120db47ea038024493fc243abe8ec0 Mon Sep 17 00:00:00 2001 From: william brady Date: Mon, 12 Jan 2026 02:50:34 -0500 Subject: [PATCH 2/3] fix: use find to set permissions correctly on dirs and files --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 59d07af..c026053 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -378,8 +378,8 @@ echo "" # Fix permissions on report directory so GitHub runner can read the files # Docker container runs as root, but runner user needs access for artifact upload if [[ -d "$REPORT_DIR" ]]; then - chmod -R 755 "$REPORT_DIR" 2>/dev/null || true - chmod 644 "$REPORT_DIR"/* 2>/dev/null || true + find "$REPORT_DIR" -type d -exec chmod 755 {} + 2>/dev/null || true + find "$REPORT_DIR" -type f -exec chmod 644 {} + 2>/dev/null || true fi # If we used fallback report directory, try to copy reports to workspace From 6bb6f3723cb7477959015e4d3280079e94cea5dd Mon Sep 17 00:00:00 2001 From: william brady Date: Mon, 12 Jan 2026 04:54:58 -0500 Subject: [PATCH 3/3] fix: update license references from MIT to PolyForm Noncommercial Update README badge and Dockerfile label to reflect the actual PolyForm Noncommercial 1.0.0 license used by this project. Co-Authored-By: Claude Opus 4.5 --- Dockerfile | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index c7b96b0..d746afb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ FROM python:3.11-slim as base # GitHub Actions labels LABEL org.opencontainers.image.source="https://github.com/crofton-cloud/sdlc-code-scanner" LABEL org.opencontainers.image.description="Security scanner for AWS Infrastructure-as-Code" -LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.licenses="PolyForm-Noncommercial-1.0.0" # Set environment variables ENV DEBIAN_FRONTEND=noninteractive \ diff --git a/README.md b/README.md index 2ca6e46..b5381dc 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ > Comprehensive security assessment tool for AWS Infrastructure-as-Code [![GitHub Action](https://img.shields.io/badge/GitHub%20Action-available-2088FF?logo=github-actions&logoColor=white)](https://github.com/marketplace/actions/sdlc-code-scanner) -[![License](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE) +[![License](https://img.shields.io/badge/License-PolyForm%20Noncommercial-blue.svg)](LICENSE) SDLC Code Scanner is a Docker-based security scanning platform that orchestrates multiple industry-leading security tools to provide comprehensive analysis of your AWS infrastructure code. It implements a multi-layered security scanning approach covering linting, security policies, dependency vulnerabilities, and secrets detection.