Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scanning #630

Merged
merged 7 commits into from
Mar 18, 2024
Merged

Scanning #630

merged 7 commits into from
Mar 18, 2024

Conversation

withinfocus
Copy link
Contributor

@withinfocus withinfocus commented Feb 23, 2024
edited
Loading

Objective

Introduces a new GitHub Actions workflow named Scan in the .github/workflows/scan.yml file. The workflow is triggered on manual dispatch, push to the main, rc, and hotfix-rc branches, and when a pull request is opened or synchronized. The workflow includes two jobs: sast and quality. The sast job runs a Static Application Security Testing (SAST) scan using Checkmarx and uploads the results to GitHub. The quality job runs a quality scan using SonarCloud.

  • .github/workflows/scan.yml: Added a new GitHub Actions workflow named Scan. This workflow is triggered on manual dispatch, push to the main, rc, and hotfix-rc branches, and when a pull request is opened or synchronized. The workflow includes two jobs: sast and quality. The sast job runs a Static Application Security Testing (SAST) scan using Checkmarx and uploads the results to GitHub. The quality job runs a quality scan using SonarCloud.

Before you submit

  • Please add unit tests where it makes sense to do so

@codecov Codecov
Copy link

codecov bot commented Feb 23, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.52%. Comparing base (07a4ceb) to head (43c34fa).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #630   +/-   ##
=======================================
  Coverage   60.52%   60.52%           
=======================================
  Files         172      172           
  Lines       10523    10523           
=======================================
  Hits         6369     6369           
  Misses       4154     4154

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@bitwarden-bot
Copy link

bitwarden-bot commented Feb 23, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details007445b2-938f-4b2d-9658-9142a855b9d0

No New Or Fixed Issues Found

@withinfocus withinfocus marked this pull request as ready for review February 26, 2024 22:20
@withinfocus withinfocus requested a review from a team as a code owner February 26, 2024 22:20
vgrassia
vgrassia previously approved these changes Feb 26, 2024
View reviewed changes
Hinton
Hinton requested changes Feb 27, 2024
View reviewed changes
Copy link
Member

@Hinton Hinton left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checkmarx and github isn't syncing up on triaged status. This is a blocker since it makes checkmarx useless. Example being the command injections in the python example, those were marked as not exploitable in checkmarx a while back.

We also have no use for sonar cloud since it doesn't support rust.

@withinfocus withinfocus requested review from a team and Hinton March 13, 2024 20:45
@bitwarden bitwarden deleted a comment from sonarcloud bot Mar 13, 2024
Hinton
Hinton approved these changes Mar 14, 2024
View reviewed changes
Copy link
Member

@Hinton Hinton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we solve checkmarx not syncing with github?

@withinfocus withinfocus merged commit 240c434 into main Mar 18, 2024
67 checks passed
@withinfocus withinfocus deleted the scanner branch March 18, 2024 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hinton Hinton Hinton approved these changes

@vgrassia vgrassia vgrassia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@withinfocus @bitwarden-bot @Hinton @vgrassia