Skip to content

Add support for external LBs for fulcio, dex, TSA #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cmurphy wants to merge 2 commits into
base: main
Choose a base branch
from

Add aggregator service for Dex

c0f76e2
Select commit
Loading
Failed to load commit list.
Open

Add support for external LBs for fulcio, dex, TSA #195

Add aggregator service for Dex
c0f76e2
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / defsec succeeded May 2, 2026 in 4s

6 new alerts

New alerts in code changed by this pull request

  • 3 warnings
  • 3 notes

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 31 in gcp/modules/dex/global/gcs.tf

See this annotation in the file changed.

Code scanning / defsec

Ensure that Cloud Storage bucket is not anonymously or publicly accessible. Error

Bucket allows public access.

Check failure on line 36 in gcp/modules/dex/network.tf

See this annotation in the file changed.

Code scanning / defsec

Ensure that Cloud Storage bucket is not anonymously or publicly accessible. Error

Bucket allows public access.

Check failure on line 48 in gcp/modules/sigstore_global/global.tf

See this annotation in the file changed.

Code scanning / defsec

Ensure that Cloud Storage bucket is not anonymously or publicly accessible. Error

Bucket allows public access.

Check warning on line 38 in gcp/modules/dex/global/gcs.tf

See this annotation in the file changed.

Code scanning / defsec

Roles should not be assigned to default service accounts Warning

Role is assigned to a default service account at project level.

Check warning on line 36 in gcp/modules/dex/network.tf

See this annotation in the file changed.

Code scanning / defsec

Roles should not be assigned to default service accounts Warning

Role is assigned to a default service account at project level.

Check warning on line 48 in gcp/modules/sigstore_global/global.tf

See this annotation in the file changed.

Code scanning / defsec

Roles should not be assigned to default service accounts Warning

Role is assigned to a default service account at project level.

Check notice on line 24 in gcp/modules/dex/global/gcs.tf

See this annotation in the file changed.

Code scanning / defsec

Cloud Storage buckets should be encrypted with a customer-managed key. Note

Storage bucket encryption does not use a customer-managed key.

Check notice on line 36 in gcp/modules/dex/network.tf

See this annotation in the file changed.

Code scanning / defsec

Cloud Storage buckets should be encrypted with a customer-managed key. Note

Storage bucket encryption does not use a customer-managed key.

Check notice on line 48 in gcp/modules/sigstore_global/global.tf

See this annotation in the file changed.

Code scanning / defsec

Cloud Storage buckets should be encrypted with a customer-managed key. Note

Storage bucket encryption does not use a customer-managed key.