From 56ac11b8020531254fa27b1d40455c6eb3802d31 Mon Sep 17 00:00:00 2001 From: SamF <148646655+fershteyns@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:11:24 -0500 Subject: [PATCH 1/7] Create checkov.yaml Create checkov.yaml --- .github/workflows/checkov.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/checkov.yaml diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml new file mode 100644 index 000000000..00e3ec636 --- /dev/null +++ b/.github/workflows/checkov.yaml @@ -0,0 +1,32 @@ +name: checkov +on: + pull_request: + push: + branches: + - main +jobs: + scan: + runs-on: ubuntu-latest + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for GitHub/codeql-action/upload-sarif to upload SARIF results + + steps: + - uses: actions/checkout@v2 + + - name: Run checkov + id: checkov + uses: bridgecrewio/checkov-action@master + with: + directory: code/ + #soft_fail: true + + - name: Upload SARIF file + uses: GitHub/codeql-action/upload-sarif@v3 + + # Results are generated only on a success or failure + # this is required since GitHub by default won't run the next step + # when the previous one has failed. Alternatively, enable soft_fail in checkov action. + if: success() || failure() + with: + sarif_file: results.sarif From e84bf2132506e4fcfd010c010a2ac3a20b8778df Mon Sep 17 00:00:00 2001 From: SamF <148646655+fershteyns@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:45:01 -0500 Subject: [PATCH 2/7] Create gcs.tf gcs.tf --- gcs.tf | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 gcs.tf diff --git a/gcs.tf b/gcs.tf new file mode 100644 index 000000000..22dbf0512 --- /dev/null +++ b/gcs.tf @@ -0,0 +1,21 @@ +provider "google" { + project = "qwiklabs-gcp-01-bcb502fde5de" + region = "us-central1" +} + +resource "google_storage_bucket" "example" { + name = "demo-${random_id.rand_suffix.hex}" + location = "us-central1" + force_destroy = true + + uniform_bucket_level_access = false + public_access_prevention = "enforced" +} + +resource "random_id" "rand_suffix" { + byte_length = 4 +} + +output "bucket_name" { + value = google_storage_bucket.example.name +} From b6f4388fd165a31bbc2d3871286c8c8d901ed574 Mon Sep 17 00:00:00 2001 From: SamF <148646655+fershteyns@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:47:10 -0500 Subject: [PATCH 3/7] Create gcs.tf --- code/gcs.tf | 1 + 1 file changed, 1 insertion(+) create mode 100644 code/gcs.tf diff --git a/code/gcs.tf b/code/gcs.tf new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/code/gcs.tf @@ -0,0 +1 @@ + From 51477f41bfe1c8f82ded33b4249fdc157ef470e6 Mon Sep 17 00:00:00 2001 From: SamF <148646655+fershteyns@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:47:40 -0500 Subject: [PATCH 4/7] Update gcs.tf --- code/gcs.tf | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/code/gcs.tf b/code/gcs.tf index 8b1378917..22dbf0512 100644 --- a/code/gcs.tf +++ b/code/gcs.tf @@ -1 +1,21 @@ +provider "google" { + project = "qwiklabs-gcp-01-bcb502fde5de" + region = "us-central1" +} +resource "google_storage_bucket" "example" { + name = "demo-${random_id.rand_suffix.hex}" + location = "us-central1" + force_destroy = true + + uniform_bucket_level_access = false + public_access_prevention = "enforced" +} + +resource "random_id" "rand_suffix" { + byte_length = 4 +} + +output "bucket_name" { + value = google_storage_bucket.example.name +} From 7d6e060edb41f5c0659a77a73362827d3552a237 Mon Sep 17 00:00:00 2001 From: SamF <148646655+fershteyns@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:51:42 -0500 Subject: [PATCH 5/7] Create gcs.tf --- code/build/gcs.tf | 1 + 1 file changed, 1 insertion(+) create mode 100644 code/build/gcs.tf diff --git a/code/build/gcs.tf b/code/build/gcs.tf new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/code/build/gcs.tf @@ -0,0 +1 @@ + From f2ad1367dbb596507f735fd0bf512b6ba531089c Mon Sep 17 00:00:00 2001 From: SamF <148646655+fershteyns@users.noreply.github.com> Date: Wed, 28 Jan 2026 12:52:13 -0500 Subject: [PATCH 6/7] Update gcs.tf --- code/build/gcs.tf | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/code/build/gcs.tf b/code/build/gcs.tf index 8b1378917..22dbf0512 100644 --- a/code/build/gcs.tf +++ b/code/build/gcs.tf @@ -1 +1,21 @@ +provider "google" { + project = "qwiklabs-gcp-01-bcb502fde5de" + region = "us-central1" +} +resource "google_storage_bucket" "example" { + name = "demo-${random_id.rand_suffix.hex}" + location = "us-central1" + force_destroy = true + + uniform_bucket_level_access = false + public_access_prevention = "enforced" +} + +resource "random_id" "rand_suffix" { + byte_length = 4 +} + +output "bucket_name" { + value = google_storage_bucket.example.name +} From 047a082488a0d5018b92204856f4e7cf610c9e20 Mon Sep 17 00:00:00 2001 From: SamF <148646655+fershteyns@users.noreply.github.com> Date: Wed, 28 Jan 2026 13:01:55 -0500 Subject: [PATCH 7/7] Create csf.tf --- code/build/csf.tf | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 code/build/csf.tf diff --git a/code/build/csf.tf b/code/build/csf.tf new file mode 100644 index 000000000..22dbf0512 --- /dev/null +++ b/code/build/csf.tf @@ -0,0 +1,21 @@ +provider "google" { + project = "qwiklabs-gcp-01-bcb502fde5de" + region = "us-central1" +} + +resource "google_storage_bucket" "example" { + name = "demo-${random_id.rand_suffix.hex}" + location = "us-central1" + force_destroy = true + + uniform_bucket_level_access = false + public_access_prevention = "enforced" +} + +resource "random_id" "rand_suffix" { + byte_length = 4 +} + +output "bucket_name" { + value = google_storage_bucket.example.name +}