-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Commands to usage report #2752
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
at 🎯 Static Application Security Testing (SAST) VulnerabilityFull descriptionOverviewImproper certificate validation is a type of vulnerability that occurs when Vulnerable examplepackage main
import (
"crypto/tls"
"net/http"
)
func doReq(req *http.Request) *http.Response {
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
res, _ := client.Do(req)
return res
} In this example, the Remediationtr := &http.Transport{
- TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+ TLSClientConfig: &tls.Config{InsecureSkipVerify: false},
} By setting Code FlowsVulnerable data flow analysis result
|
dev
branch.go vet ./...
.go fmt ./...
.Note: This PR depends on jfrog-cli-core#1299 & setup-jfrog-cli#224.
Description
This PR enhances the usage reporting by adding tracking for specific config and rt_build_publish command executions:
Config Command:
Adds usage tracking specifically for config command that used OIDC integration, if not - no usage is sent.
Will send
config_oidc
as command nameRT Build Publish Command:
Reports the
rt_build_publish
command usage asrt_build_publish.
orrt_build_publish_auto.
depends on the usage.