feat(lab6): Checkov + KICS comparison across Terraform/Ansible/Pulumi + custom policy

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,28 @@
+## Goal
+
+<!-- PR goal -->
+
+
+## Changes
+
+<!-- Bullet list of files modified(or added) -->
+
+
+## Testing
+
+<!-- Commands you ran and what you observed -->
+
+```
+<here>
+```
+## Artifacts \& Screenshots
+
+<!-- Links to files in this PR; embed screenshots where useful -->
+
+* [`submissions/labN.md`](submissions/labN.md)
+
+## Checklist
+
+* \[ ] Title is clear (`feat(labN): <topic>` style)
+* \[ ] No secrets or large temp files committed
+* \[ ] Submission file at `submissions/labN.md` exists

.github/workflows/lab1-smoke.yml

@@ -0,0 +1,34 @@
+name: Lab 1 — Juice Shop Smoke Test
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  smoke-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Start Juice Shop
+        run: |
+          docker run -d --name juice-shop \
+            -p 127.0.0.1:3000:3000 \
+            bkimminich/juice-shop:v20.0.0
+
+      - name: Wait for Juice Shop to be ready (up to 60s)
+        run: |
+          for i in $(seq 1 30); do
+            curl --silent --fail http://127.0.0.1:3000/rest/admin/application-version > /dev/null && exit 0
+            sleep 2
+          done
+          docker logs juice-shop
+          exit 1
+
+      - name: Verify homepage returns HTTP 200
+        run: |
+          STATUS=$(curl --silent --output /dev/null --write-out "%{http_code}" http://127.0.0.1:3000)
+          echo "HTTP status: $STATUS"
+          [ "$STATUS" = "200" ]

.pre-commit-config.yaml

@@ -0,0 +1,11 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.21.2   # проверь актуальный тег на github.com/gitleaks/gitleaks/releases
+    hooks:
+      - id: gitleaks
+
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: detect-private-key
+      - id: check-added-large-files