goof-service.yamlfile because the Load Balancer, as currently defined, is open to the world.
goof-service.yamlwith the GitHub Web Editor, and replace the contents with the following:
developbranch will now kick on. Once they complete, we can see that in both the GitHub Security Code Scanning results, as well as in the Snyk UI, the issue from our
goof-service.yamlhas vanished! Well done!
goof-deployment.yamlfile and its 4 blocking issues. This file actually contains two deployment definitions: one for the database, and another for the app's frontend. The four blocking issues are actually two issues, present in both deployments. Let's take a look in the Snyk UI.
runAsNonRootwill require the container to run with a user with a UID other than 0, and dropping capabilities will restrict how our container interacts with the cluster. Using the GitHub Web Editor, modify the goof-deployment file's
specfor both deployments.
developbranch and wait for the CI workflows to run. Like before, the issue counts will be updated in both GitHub Security Code Scanning and the Snyk UI.
PROD. Now that we've fixed the issues in our files, back in the Pull Request, we can appreciate that our tests re-ran and this time the Snyk Security Gate is pleased with the changes we made.
PROD. If we had a workflow to re-deploy our application, it would also run.