Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor Security related actions and add Snyk #1758

Merged
merged 3 commits into from
Feb 23, 2024
Merged

refactor Security related actions and add Snyk #1758

merged 3 commits into from
Feb 23, 2024

Conversation

vroldanbet
Copy link
Contributor

@vroldanbet vroldanbet commented Feb 23, 2024
edited
Loading

  • separates all security scans into its own GHA file
  • fixes Go version used to latest 1.22 and centralizes version used by having a default in authzed/action/setup-go
  • adds snyk security scanner
  • fixes CodeQL build

image

CodeQL was using an outdated Go version which comes in the Action runner. I added the setup-go action which brings the latest version. We may consider including it authzed/actions/codeql.

@github-actions github-actions bot added the area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) label Feb 23, 2024
@vroldanbet vroldanbet force-pushed the enable-snyk branch 4 times, most recently from a23dab6 to 267a93d Compare February 23, 2024 12:50
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@vroldanbet vroldanbet force-pushed the enable-snyk branch 5 times, most recently from 8bb7f76 to 0e3b233 Compare February 23, 2024 13:11
@vroldanbet vroldanbet changed the title enable snyk security scanning refactor Security related actions and add Snyk Feb 23, 2024
@vroldanbet vroldanbet marked this pull request as ready for review February 23, 2024 13:28
@vroldanbet vroldanbet requested a review from a team as a code owner February 23, 2024 13:28
@vroldanbet vroldanbet self-assigned this Feb 23, 2024
@github-actions github-actions bot added the area/dependencies Affects dependencies label Feb 23, 2024
josephschorr
josephschorr previously approved these changes Feb 23, 2024
View reviewed changes
Copy link
Member

@josephschorr josephschorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vroldanbet vroldanbet added this pull request to the merge queue Feb 23, 2024
@vroldanbet vroldanbet removed this pull request from the merge queue due to a manual request Feb 23, 2024
vroldanbet and others added 2 commits February 23, 2024 17:28
@vroldanbet
enable snyk security scanning
9228881
@vroldanbet
centralize Go version used
1219973 
the action now has a default, so we don't have to
specify the version anymore and we can
bump the version for all builds in a single place
josephschorr
josephschorr approved these changes Feb 23, 2024
View reviewed changes
Copy link
Member

@josephschorr josephschorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vroldanbet vroldanbet added this pull request to the merge queue Feb 23, 2024
Merged via the queue into main with commit 4c1c50d Feb 23, 2024
24 checks passed
@vroldanbet vroldanbet deleted the enable-snyk branch February 23, 2024 19:35
@github-actions github-actions bot locked and limited conversation to collaborators Feb 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@josephschorr josephschorr josephschorr approved these changes

@jzelinskie jzelinskie Awaiting requested review from jzelinskie

Assignees

@vroldanbet vroldanbet

Labels
area/dependencies Affects dependencies area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vroldanbet @josephschorr