PostgreSQL MCP Server

security-update.yml•3.25 KiB

name: Security Update Check on: schedule: # Run weekly on Sundays at 2 AM UTC - cron: "0 2 * * 0" push: branches: [master] paths: - "Dockerfile" - "package.json" - "package-lock.json" - ".trivyignore" pull_request: branches: [master] paths: - "Dockerfile" - "package.json" - "package-lock.json" workflow_dispatch: permissions: contents: write pull-requests: write security-events: write issues: write jobs: security-scan: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v6 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build image for scanning uses: docker/build-push-action@v6 with: context: . file: Dockerfile tags: security-test:latest load: true cache-from: type=gha cache-to: type=gha,mode=max # Run SARIF scan first (non-blocking) to always generate the file - name: Run Trivy scanner for SARIF output uses: aquasecurity/trivy-action@0.33.1 with: image-ref: security-test:latest format: "sarif" output: "trivy-results.sarif" exit-code: "0" ignore-unfixed: true severity: "CRITICAL,HIGH,MEDIUM" trivyignores: ".trivyignore" skip-dirs: "/usr/local/lib/node_modules/npm" - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v4 if: always() with: sarif_file: "trivy-results.sarif" # Run table scan (blocking) after SARIF is uploaded - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.33.1 with: image-ref: security-test:latest format: "table" exit-code: "1" ignore-unfixed: true severity: "CRITICAL,HIGH,MEDIUM" trivyignores: ".trivyignore" skip-dirs: "/usr/local/lib/node_modules/npm" - name: Create security issue if vulnerabilities found if: failure() uses: actions/github-script@v8 with: script: | github.rest.issues.create({ owner: context.repo.owner, repo: context.repo.repo, title: '🚨 Security vulnerabilities detected in Docker images', body: ` ## Security Alert Trivy has detected security vulnerabilities in our Docker images. **Action Required:** 1. Review the security scan results in the Actions tab 2. Update base images and dependencies 3. Test the fixes 4. Deploy updated images **Scan Details:** - Workflow run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - Triggered by: Weekly security scan - Scan Date: ${{ github.event.schedule || 'Manual trigger' }} **Next Steps:** - [ ] Review vulnerability details - [ ] Update Dockerfiles - [ ] Test changes - [ ] Deploy fixes `, labels: ['security', 'vulnerability', 'docker'] })

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/neverinfamous/postgresql-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

security-update.yml•3.25 KiB