settings.json is COPY-ed into the image at build time. Putting MCP server
config with credential env references there risks baking tokens into the
image if placeholders are ever replaced with real values. Move MCP server
config to ~/.claude/settings.json (runtime volume mount) instead.
Managed settings now contains policy only: models, permissions, telemetry.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
trivy-action@v0.35.0 expects trivy pre-installed in the runner environment.
Switch to docker run aquasec/trivy:0.69.3 which uses the Docker daemon
already available in the pipeline. Pin version via TRIVY_IMAGE env var.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Scan job: run Trivy before the security gate to emit a CycloneDX SBOM
for each image (exit-code 0), then run the HIGH/CRITICAL gate as before.
SBOMs are uploaded as a pipeline artifact (90-day retention) with
if: always() so they're available even when the security gate fails.
Build job: add sbom: true and provenance: true to both build-push steps
so BuildKit attaches SBOM and provenance attestations to the image
manifest in the registry.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add a scan job between check-docker and build-and-push. Builds each image
locally (no push, current platform only), runs Trivy v0.35.0 against it,
and fails on unfixed HIGH/CRITICAL CVEs. build-and-push only runs if both
scans pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
