Skip to content

Feature/lab9#1339

Open
Ten-Do wants to merge 13 commits into
inno-devops-labs:mainfrom
Ten-Do:feature/lab9
Open

Feature/lab9#1339
Ten-Do wants to merge 13 commits into
inno-devops-labs:mainfrom
Ten-Do:feature/lab9

Conversation

@Ten-Do

@Ten-Do Ten-Do commented Jul 5, 2026

Copy link
Copy Markdown

Goal

Scan QuickNotes with Trivy + ZAP, triage every finding, fix missing security headers in code.

Changes

  • Trivy image/fs/config scans + CycloneDX SBOM, all HIGH/CRITICAL triaged
  • ZAP baseline scan, every finding triaged
  • securityHeaders middleware (app/middleware.go) applied to all routes; fixes X-Content-Type-Options / Cache-Control findings

Testing

  • go test ./... passes; TestSecurityHeaders_PresentOnEveryRoute fails if middleware is removed
  • Re-ran ZAP baseline after rebuild — fixed finding no longer present

Checklist

  • Title is a clear sentence (≤ 70 chars)
  • Commits are signed (git log --show-signature)
  • submissions/lab9.md updated

Ten-Do and others added 13 commits June 6, 2026 17:37
Signed-off-by: yury <rybenko.urii@gmail.com>
Signed-off-by: yury <rybenko.urii@gmail.com>
* docs(lab1): start submission

Signed-off-by: yury <rybenko.urii@gmail.com>

* add docker

* fill lab1.md for task 1

* docs(lab1): finish submission

Signed-off-by: yury <rybenko.urii@gmail.com>

---------

Signed-off-by: yury <rybenko.urii@gmail.com>
* ci(lab3): add PR-gate

Signed-off-by: yury <rybenko.urii@gmail.com>

* breaking changes

Signed-off-by: yury <rybenko.urii@gmail.com>

* Revert "breaking changes"

This reverts commit 3cfdf80.

* upd lab3 submission

Signed-off-by: yury <rybenko.urii@gmail.com>

* add ci cache and paths

Signed-off-by: yury <rybenko.urii@gmail.com>

* upd ci yml name

Signed-off-by: yury <rybenko.urii@gmail.com>

* set cache to false

Signed-off-by: yury <rybenko.urii@gmail.com>

* set cache to true & add matrix

Signed-off-by: yury <rybenko.urii@gmail.com>

* add aggregation job

Signed-off-by: yury <rybenko.urii@gmail.com>

* add ci-with-matrix img

Signed-off-by: yury <rybenko.urii@gmail.com>

---------

Signed-off-by: yury <rybenko.urii@gmail.com>
Signed-off-by: yury <rybenko.urii@gmail.com>
Signed-off-by: Yuru <rybenko.urii@gmail.com>
Signed-off-by: Yuru <rybenko.urii@gmail.com>
* feat(lab7): add Ansible playbook deploying QuickNotes to Vagrant VM

- idempotent deploy: user, dirs, binary, systemd unit via Jinja2 template
- handler restarts service only on binary or unit file change
- bonus: ansible-pull systemd timer for 5-min GitOps convergence

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* chore(lab7): change RestartSec 5s→3s to demo ansible-pull convergence

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* submit lab7.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat(lab8): add Prometheus + Grafana golden-signals monitoring stack

- prometheus scrapes quicknotes /metrics every 15s
- grafana provisioned with 4-panel golden-signals dashboard
- HighErrorRate alert: error ratio > 5% for 5 min, severity: page
- runbook: docs/runbook/high-error-rate.md
- bonus: synthetic monitoring section (pending Checkly data)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* docs(lab8): add Checkly bonus data — p50 588ms, p95 922ms, 100% availability

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* add checklyhq img

Signed-off-by: Yuru <rybenko.urii@gmail.com>

---------

Signed-off-by: Yuru <rybenko.urii@gmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Yuru <rybenko.urii@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant