Skip to main content
Bifrost applies defense-in-depth across its open-source and enterprise repositories. Every pull request, dependency update, and container image goes through multiple layers of automated security checks before reaching production.
DomainTool / PracticeCoverage
Dependency ScanningSnyk Open SourceGo, Node, Python — all projects
SASTSnyk Code, CodeQLFull codebase static analysis
Container ScanningDocker ScoutDocker Hub auto-scan on push
Artifact ScanningGCP Artifact RegistryEnterprise container images
Dependency UpdatesDependabotgomod, npm, Docker, GitHub Actions
Supply ChainSHA pinning, npm provenance100 % of GitHub Actions (OSS)
Container HardeningFIPS base image, non-root userProduction Dockerfile
Security HardeningStepSecurity, CODEOWNERSWorkflow hardening, code review gates
Network SecurityTailscale VPNEnterprise deployments

Vulnerability Scanning — Snyk

Bifrost runs two Snyk scanning jobs on every push and pull request. Results are uploaded as SARIF to the GitHub Security tab.
The Snyk Open Source job scans all Go, Node, and Python dependencies for known vulnerabilities.
snyk test --all-projects --detection-depth=4 --sarif-file-output=snyk.sarif
  • Scans every module across core/, framework/, transports/, plugins/, ui/, and tests/
  • Detection depth of 4 catches transitive dependencies
  • Snyk CLI pinned to v1.1303.2
Snyk checks can be skipped by including --skip-pipeline in the first line of a commit message. This is intended for documentation-only or CI configuration changes.

Container Image Security

Dockerfile Hardening

Production containers follow a strict hardening checklist:

Multi-stage builds

Three stages — UI builder (Node), Go builder, and minimal Alpine runtime — ensure no build tools or source code leak into the final image.

FIPS-compliant base image

Production images use a FIPS 140-2 validated Alpine base image with compliant OpenSSL.

Non-root execution

The FIPS base image includes a dedicated appuser. The container runs as this unprivileged user — never as root.

Binary stripping

Go binaries are compiled with -ldflags="-w -s" to strip debug symbols and DWARF information, reducing attack surface and image size.
Additional hardening measures:
  • Static builds — Compiled with -tags "sqlite_static" and -extldflags '-static' for fully static linking
  • Build verificationRUN test -f /app/main || exit 1 ensures the binary exists before proceeding
  • CVE patching — Enterprise Dockerfiles include targeted patches (e.g., apk upgrade --no-cache openssl for CVE-2026-22796)
  • Minimal runtime dependencies — The FIPS base image provides only essential libraries (musl, libgcc, ca-certificates)
# Runtime stage excerpt (production)
FROM <fips-validated-alpine-base>
WORKDIR /app

COPY --from=builder /app/main .
COPY --from=builder /app/docker-entrypoint.sh .

RUN mkdir -p $APP_DIR/logs
USER appuser

ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["/app/main"]
FIPS-compliant hardened base image in Dockerfile

Docker Scout

Docker Scout is enabled at the Docker Hub repository level for the maximhq/bifrost image. Every image pushed to Docker Hub is automatically scanned for CVEs against continuously updated vulnerability databases.
Docker Scout image score showing vulnerability assessment

GCP Artifact Registry Scanning

Enterprise images are pushed to GCP Artifact Registry (and AWS ECR for select environments). GCP Artifact Registry provides built-in vulnerability scanning that automatically analyzes container images for OS and language package vulnerabilities.

Supply Chain Security

GitHub Actions SHA Pinning

All GitHub Actions in the open-source repository are pinned to exact commit SHAs — not mutable version tags. This prevents supply chain attacks where a compromised action maintainer could push malicious code to an existing tag. 
# Every action is pinned to a full SHA with a version comment
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
- uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
Coverage:
RepositoryPinning StrategyActions Pinned
bifrost (OSS)Full SHA with version comment103 / 103 (100 %)
bifrost-enterpriseFull SHA with version comment103 / 103 (100 %)

NPM Provenance

Published npm packages include SLSA provenance attestations, providing a verifiable link between the published package and its source commit. 
permissions:
  id-token: write  # Required for npm provenance

# ...
npm publish --provenance --access public

Dependency Pinning in CI

All language runtimes are pinned to specific versions across CI workflows to ensure reproducible builds and prevent unexpected behavior from runtime updates.
RuntimePinned VersionUsed For
Go1.26.1Core build, tests
Node25UI build, npm packages
Python3.11Integration and governance tests
uvSHA-pinned via astral-sh/setup-uvPython package management
Python test dependencies are locked via uv.lock files for deterministic, reproducible installs: 
tests/integrations/uv.lock
tests/governance/uv.lock
Pinned dependency versions across CI workflows

Dependency Management — Dependabot

Dependabot monitors four ecosystems on a weekly schedule, automatically opening pull requests for outdated or vulnerable dependencies.

Go Modules

Covers /core, /framework, /transports, /plugins/*, and /examples/**

npm Packages

Covers /ui, /npx, and /examples/**

Docker Images

Monitors base images in /transports

GitHub Actions

Tracks action version updates across all workflows
A separate Dependabot Alerts workflow runs daily and automatically creates GitHub issues for any open Dependabot security alerts, categorized by severity and ecosystem.

Code Analysis — CodeQL

GitHub’s CodeQL performs semantic code analysis on every push and pull request, complementing Snyk’s SAST coverage with GitHub-native findings.
  • Analyzes Go and JavaScript/TypeScript codebases
  • Detects security vulnerabilities, bugs, and code quality issues using GitHub’s query suites
  • Results appear directly in the GitHub Security tab alongside Snyk findings
CodeQL analysis results in GitHub Security tab

Workflow & Network Security

Principle of Least Privilege

All GitHub Actions workflows follow the principle of least privilege. Permissions are set at the job level, not the workflow level, and are scoped to the minimum required.
PermissionGranted ToReason
contents: readAll jobs (default)Read repository code
contents: writeTag creation, releasesCreate git tags and releases
security-events: writeSnyk jobsUpload SARIF to Security tab
id-token: writeCloud auth, npm publishOIDC federation, npm provenance
pull-requests: writePR test reportersPost test results as PR comments

Tailscale VPN

Enterprise deployment workflows authenticate through Tailscale before accessing any infrastructure. This ensures that CI/CD runners can only reach deployment targets through an encrypted, identity-aware network — never over the public internet. 
- name: Authenticate Tailscale
  uses: tailscale/github-action@v4
  with:
    oauth-client-id: '${{ secrets.TS_OAUTH_CLIENT_ID }}'
    oauth-secret: '${{ secrets.TS_OAUTH_SECRET }}'
    tags: 'tag:gha-ci'
    version: 1.84.0
  • OAuth-based authentication — No long-lived API keys; runners authenticate via OAuth client credentials
  • Version pinned — Tailscale 1.84.0 to prevent unexpected behavior from updates
  • Tagged runnersgha-ci tag enables Tailscale ACL policies scoped to CI/CD access

StepSecurity

StepSecurity automatically hardens GitHub Actions workflows by applying security best practices across all CI/CD pipelines.
  • Adds permissions blocks to workflows that are missing them
  • Pins action versions to full SHAs where mutable tags were used
  • Detects insecure patterns like unquoted interpolations and artifact poisoning risks
StepSecurity automated security hardening applied to GitHub Actions workflows

CODEOWNERS

Critical paths in the repository are protected by a CODEOWNERS file, ensuring that changes to security-sensitive areas require review from designated maintainers before merging.
CODEOWNERS file enforcing review gates on security-critical paths