Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SAST scan workflow #25

Merged
merged 1 commit into from
Sep 16, 2024
Merged

Add SAST scan workflow #25

merged 1 commit into from
Sep 16, 2024

Conversation

sdauhuchytsrf
Copy link
Contributor

Description

Add SAST (Static Application Security Testing) scan as a separate workflow which runs on PR create/update action. For now SAST scan runs in warning only mode which doesn't prevent PR from merging when vulnerabilities found. Later this workflow will be switched to enforcing mode and its success will become an obligatory requirement to merge a PR. Please carefully review SAST scan results and fix vulnerabilities if found. If you have any objections on scan results (false positives, deliberate vulnerabilities in configuration, etc.), then scan configuration can be adjusted (with EXCLUDE_PATHS and EXCLUDE_RULES env vars) for every individual repo. Please leave a comment in this PR in that case.

Ticket link

https://app.clickup.com/t/4535044/SP-17600

Change type

  • Bug fix
  • New feature
  • Breaking change
  • Add/Update documentation

Notes

This PR is part of global initiative to enforce security scans on all major repos which is required to successfully pass information security audit, improve trust to our products and enhance production culture.

@sdauhuchytsrf sdauhuchytsrf removed the request for review from DzmitrySmaliakou September 16, 2024 11:30
@AndreiPaulau AndreiPaulau merged commit 9d571e5 into master Sep 16, 2024
1 check failed
@AndreiPaulau AndreiPaulau deleted the sast branch September 16, 2024 12:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants