Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(security-issues): fixed springboot security vulnerabilities and added codeql #293

Merged

Conversation

saudkhan116
Copy link
Contributor

@saudkhan116 saudkhan116 commented Apr 23, 2024

Why we create this PR?

  • Added CodeQL workflow to analyze the codebase as a requirement from the release guidelines
  • Removed veracode workflows from git actions (replaced by CodeQL).
  • Fixed spring security vulnerabilities by upgrading the springboot version from 3.2.2 to 3.2.4

What we want to achieve with this PR?

To meet the trg-8 requirements

What is new?

Added

  • Added CodeQL code analysis to the workflow to comply with the release guidelines

Deleted

  • Removed veracode workflows from git actions (replaced by CodeQL).

Security Fixes:

Linked PR(s):

#289

.github/workflows/codeql.yaml Show resolved Hide resolved
.github/workflows/codeql.yaml Fixed Show fixed Hide fixed
@saudkhan116 saudkhan116 force-pushed the release/v2.3.0-security-fixes branch 3 times, most recently from 4fe2190 to 5cc1830 Compare April 23, 2024 08:52
@saudkhan116 saudkhan116 force-pushed the release/v2.3.0-security-fixes branch from 5cc1830 to b0efdaa Compare April 23, 2024 08:59
@saudkhan116 saudkhan116 changed the title Release/v2.3.0 security fixes: chore(fix): fixed springboot security vulnerabilities and added codeql chore(security-issues): fixed springboot security vulnerabilities and added codeql Apr 24, 2024
Copy link
Contributor

@matbmoser matbmoser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If all dependencies are approved and the workflow changes propose by @RoKrish14 are solved then I approve

@matbmoser matbmoser requested a review from RoKrish14 April 24, 2024 09:40
@matbmoser
Copy link
Contributor

@RoKrish14 please check and re approve

@saudkhan116
Copy link
Contributor Author

If all dependencies are approved and the workflow changes propose by @RoKrish14 are solved then I approve

@matbmoser, I fixed now the issues requested by @RoKrish14. I hope there should be no issue left behind.

Copy link
Contributor

@RoKrish14 RoKrish14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@saudkhan116 saudkhan116 merged commit 58eec0d into eclipse-tractusx:main Apr 24, 2024
7 checks passed
@saudkhan116 saudkhan116 deleted the release/v2.3.0-security-fixes branch April 24, 2024 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants