Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shellcheck workflow #9119

Merged
merged 5 commits into from Dec 8, 2023
Merged

Shellcheck workflow #9119

merged 5 commits into from Dec 8, 2023

Conversation

cneill
Copy link
Collaborator

@cneill cneill commented Dec 6, 2023

Description

This PR adds a GitHub Actions workflow to run shellcheck on shell scripts modified as part of a PR.

[sc-2794]

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 6, 2023
edited

Contextual Security Analysis

As DryRun Security performs checks, we’ll summarize them here. You can always dive into the results in the section below for checks.

Status DryRun Security Check
AI-powered Sensitive Function Check
Configured Sensitive Files Check
AI-powered Sensitive Files Check

Chat with your AI-powered Security Buddy by typing /dryrunsec: (or /drs:) followed by your question. Example: /dryrunsec: From a security perspective, what are some sensitive files in an Express application?

Install and configure more repositories at DryRun Security

kiblik
kiblik reviewed Dec 6, 2023
View reviewed changes
.github/workflows/shellcheck.yml
Comment on lines +6 to +8
SHELLCHECK_REPO: 'koalaman/shellcheck'
SHELLCHECK_VERSION: 'v0.9.0'
SHELLCHECK_SHA: '038fd81de6b7e20cc651571362683853670cdc71'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are Renovate or Dependabot able to monitor new releases for this kind of definition?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd say lets merge this PR and see if Renovate/Dependabot catch it in the future. I suspect it doesn't get rev'ed frequently and I'd rather have this in place with the chance of it going stale vs not have it in place.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suspect Renovate / Dependabot won't catch this, but thankfully shellcheck only seems to release about once a year, and I don't think we'd miss out on much if we were one release behind.

mtesauro
mtesauro approved these changes Dec 8, 2023
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

@mtesauro mtesauro merged commit 5adb07d into DefectDojo:dev Dec 8, 2023
121 checks passed
@kiblik
Copy link
Contributor

kiblik commented Dec 11, 2023

Hi guys, I'm happy that this linter was merged quickly but existing issues have not been fixed.
It detects previous issues (and fails tests) in existing PRs which didn't even touch problematic lines.
E.g. https://github.com/DefectDojo/django-DefectDojo/pull/9002/files.

@kiblik kiblik mentioned this pull request Dec 11, 2023
Merged
@kiblik kiblik mentioned this pull request Dec 31, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@kiblik kiblik kiblik left review comments

@devGregA devGregA devGregA approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@cneill @kiblik @mtesauro @devGregA @Maffooch @blakeaowens