fix: correct scanner suppression comments and add remaining fixes

- Add nosemgrep alongside nosec for opengrep/semgrep compatibility
- Fix suppression comment placement (config-manager.ts for loop, backend-stack.ts line 126)
- Add USER node to Dockerfile.frontend.dev (CKV_DOCKER_3)
- Add .checkov.yml to skip false positive tj-actions/changed-files GHSAs (pinned to safe v46.0.5)

Author: kaleko

.checkov.yml

@@ -0,0 +1,7 @@
+# Checkov configuration for security scanning
+# Skip rules that are verified false positives in this repository
+skip-check:
+  # tj-actions/changed-files is pinned to commit ed68ef82c... which is v46.0.5 (post-fix for CVE-2025-30066).
+  # Checkov flags the action name regardless of the pinned commit hash.
+  - "GHSA-mrrh-fwg8-r2c3"  # tj-actions/changed-files supply chain compromise (patched in v46)
+  - "GHSA-mcph-m25j-8j63"  # tj-actions/changed-files related advisory (patched in v46)

docker/Dockerfile.frontend.dev

@@ -17,6 +17,9 @@ COPY . .
 # Expose port
 EXPOSE 3000
 
+# Run as non-root user (node user is built into node:20-alpine)
+USER node
+
 # Healthcheck for container orchestration (dev server)
 HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
   CMD wget -qO- http://localhost:3000/ || exit 1

infra-cdk/lambdas/zip-packager/index.py

@@ -60,7 +60,7 @@ def send_response(
         headers={"Content-Type": "application/json"},
         method="PUT",
     )
-    urllib.request.urlopen(req)  # nosec B310 B113 — URL is the CloudFormation pre-signed ResponseURL, not user-controlled
+    urllib.request.urlopen(req)  # nosemgrep: python.lang.security.audit.dynamic-urllib-use-detected.dynamic-urllib-use-detected  # nosec B310 B113 — URL is the CloudFormation pre-signed ResponseURL, not user-controlled
 
 
 def download_wheels(requirements: list[str], download_dir: Path) -> None:

infra-cdk/lib/backend-stack.ts

@@ -123,6 +123,7 @@ export class BackendStack extends cdk.NestedStack {
     if (deploymentType === "zip") {
       // ZIP DEPLOYMENT: Use Lambda to package and upload to S3 (no Docker required)
       const repoRoot = path.resolve(__dirname, "..", "..")
+      // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal — pattern is from trusted local config.yaml, not user input
       const patternDir = path.join(repoRoot, "patterns", pattern)
 
       // Create S3 bucket for agent code

infra-cdk/lib/utils/config-manager.ts

@@ -113,11 +113,11 @@ export class ConfigManager {
     return this.config
   }
 
-  // nosemgrep: javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop — iterates over a trusted local YAML config object, not user-controlled input
   public get(key: string, defaultValue?: any): any {
     const keys = key.split(".")
     let value: any = this.config
 
+    // nosemgrep: javascript.lang.security.audit.prototype-pollution.prototype-pollution-loop.prototype-pollution-loop — iterates over a trusted local YAML config object, not user-controlled input
     for (const k of keys) {
       if (typeof value === "object" && value !== null && k in value) {
         value = value[k]

patterns/utils/auth.py

@@ -60,7 +60,7 @@ def extract_user_id_from_context(context: RequestContext) -> str:
 
     # Decode without signature verification — AgentCore Runtime already validated the token.
     # We use options to skip all verification since this is a trusted, pre-validated token.
-    claims = jwt.decode(  # nosec — signature verification intentionally skipped; AgentCore Runtime already validated the JWT
+    claims = jwt.decode(  # nosemgrep: python.jwt.security.unverified-jwt-decode.unverified-jwt-decode  # nosec — signature verification intentionally skipped; AgentCore Runtime already validated the JWT
         jwt=token,
         options={"verify_signature": False},
         algorithms=["RS256"],