Merge branch 'main' into feature/add-cursor-rules

Author: anatolyshipitz

.github/workflows/code-quality.yml

@@ -41,6 +41,53 @@ jobs:
       - name: Lint Dockerfile.temporal
         run: docker run --rm -i hadolint/hadolint < Dockerfile.temporal
 
+  docker-scout:
+    name: Docker Security Scanning
+    runs-on: ubuntu-latest
+    needs: hadolint
+    strategy:
+      matrix:
+        service:
+          - name: n8n
+            dockerfile: Dockerfile.n8n
+            tag: n8n-test:latest
+          - name: temporal
+            dockerfile: Dockerfile.temporal
+            tag: temporal-test:latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build ${{ matrix.service.name }} image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ${{ matrix.service.dockerfile }}
+          push: false
+          tags: ${{ matrix.service.tag }}
+          load: true
+      - name: Scan ${{ matrix.service.name }} image
+        uses: docker/scout-action@v1
+        with:
+          command: cves
+          image: ${{ matrix.service.tag }}
+          sarif-file: ${{ matrix.service.name }}-scan.sarif
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          summary: true
+          format: json
+          write-comment: true
+      - name: Upload ${{ matrix.service.name }} scan results
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ matrix.service.name }}-scan.sarif
+          category: ${{ matrix.service.name }}
+
   service-check:
     name: Service Availability Check
     timeout-minutes: 10

.gitignore

@@ -22,6 +22,9 @@ mcp-config.json
 !.cursor/rules/**
 
 
+# JetBrains IDE
+.idea/
+
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
 
@@ -149,3 +152,6 @@ dist
 .yarn/install-state.gz
 .pnp.*
 volumes
+
+n8n-scan.sarif
+temporal-scan.sarif