audit(gremlin): scanopy FAIL 2026-05-04

Netgrimoire/Audits/scanopy-2026-05-04.md

@@ -0,0 +1,36 @@
+---
+title: Audit - scanopy.yaml
+description: Gremlin audit report 2026-05-04
+published: true
+date: 2026-05-04T11:37:04.410Z
+tags: gremlin,audit
+editor: markdown
+dateCreated: 2026-05-04T11:37:04.410Z
+---
+
+# Audit Report — scanopy.yaml
+
+**Date:** 2026-05-04  
+**File:** swarm/scanopy.yaml  
+**Type:** Docker Swarm  
+**Verdict:** FAIL
+
+---
+
+**SWARM AUDIT RESULTS**
+
+1. **Homepage labels**: All homepage labels are present and correctly configured.
+2. **Uptime Kuma labels**: `kuma.scanopy.http.name` and `kuma.scanopy.http.url` are set as expected.
+3. **Caddy labels on exposed services**: 
+   - The `caddy=scan.netgrimoire.com` label is present on the server service, which is correct for DNS entry.
+   - However, `caddy.reverse_proxy` should specify the upstream service name and port instead of using placeholder `{{upstreams 60072}}`. Change it to:
+     ```yaml
+     caddy.reverse_proxy: "server:60072"
+     ```
+4. **Placement constraints**: All services are correctly constrained to run on `docker4` node.
+5. **Volumes use /DockerVol/<service> path convention**: All services comply with the naming convention.
+6. **Network references external netgrimoire overlay**: The network is correctly referenced as an external overlay.
+
+**VERDICT: FAIL**
+
+The issue identified requires updating the `caddy.reverse_proxy` label in the `server` service to specify the actual upstream service name and port rather than using a placeholder value.