Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add scanning for misconfigurations #248

Merged
merged 7 commits into from
Dec 21, 2023
Merged

Add scanning for misconfigurations #248

merged 7 commits into from
Dec 21, 2023

Conversation

ppawlowski
Copy link
Contributor

Description

Add step in the pipeline to validate helm chart against best practices and misconfigurations.

Related Issue(s)

#213

Checklist

  • I have read the contribution guidelines
  • Suitable unit/system level tests have been added and they pass
  • Documentation has been updated
    • Upgrade instructions
    • Configuration details
    • Concepts
  • Changes flowforge.yml?
    • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
    • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production

Labels

  • Backport needed? -> add the backport label
  • Includes a DB migration? -> add the area:migration label

@ppawlowski ppawlowski changed the base branch from main to v2 December 20, 2023 14:19
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-actions GitHub Actions
Copy link

node-red:3.1.x-main-linux-amd64 scan results

0 tests  ±0   0 ✔️ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   0 ±0 

Results for commit 7602b20. ± Comparison against base commit 721173e.

@github-actions GitHub Actions
Copy link

node-red:2.2.3-main-linux-amd64 scan results

  1 files  ±0  4 suites  ±0   0s ⏱️ ±0s
20 tests ±0  0 ✔️ ±0  0 💤 ±0  20 ±0 
21 runs  ±0  0 ✔️ ±0  0 💤 ±0  21 ±0 

For more details on these failures, see this check.

Results for commit 7602b20. ± Comparison against base commit 721173e.

@github-actions GitHub Actions
Copy link

node-red:3.0.2-main-linux-amd64 scan results

1 files  ±0  4 suites  ±0   0s ⏱️ ±0s
4 tests  - 6  0 ✔️ ±0  0 💤 ±0  4  - 6 
5 runs   - 6  0 ✔️ ±0  0 💤 ±0  5  - 6 

For more details on these failures, see this check.

Results for commit 7602b20. ± Comparison against base commit 721173e.

This pull request removes 6 tests. 
axios-0.27.2 ‑ [MEDIUM] CVE-2023-45857
curl-8.4.0-r0 ‑ [MEDIUM] CVE-2023-46218
libcrypto3-3.1.4-r0 ‑ [MEDIUM] CVE-2023-5678
libcurl-8.4.0-r0 ‑ [MEDIUM] CVE-2023-46218
libssl3-3.1.4-r0 ‑ [MEDIUM] CVE-2023-5678
openssl-3.1.4-r0 ‑ [MEDIUM] CVE-2023-5678

@github-actions GitHub Actions
Copy link

node-red:3.1.x-main-linux-arm64 scan results

0 tests  ±0   0 ✔️ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   0 ±0 

Results for commit 7602b20. ± Comparison against base commit 721173e.

@github-actions GitHub Actions
Copy link

node-red:2.2.3-main-linux-arm64 scan results

  1 files  ±0  4 suites  ±0   0s ⏱️ ±0s
19 tests ±0  0 ✔️ ±0  0 💤 ±0  19 ±0 
20 runs  ±0  0 ✔️ ±0  0 💤 ±0  20 ±0 

For more details on these failures, see this check.

Results for commit 7602b20. ± Comparison against base commit 721173e.

@github-actions GitHub Actions
Copy link

forge-k8s:main-linux-amd64 scan results

1 tests  ±0   0 ✔️ ±0   0s ⏱️ ±0s
4 suites ±0   0 💤 ±0 
1 files   ±0   1 ±0 

For more details on these failures, see this check.

Results for commit 7602b20. ± Comparison against base commit 721173e.

@github-actions GitHub Actions
Copy link

file-server:main-linux-amd64 scan results

0 tests  ±0   0 ✔️ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   0 ±0 

Results for commit 7602b20. ± Comparison against base commit 721173e.

@github-actions GitHub Actions
Copy link

node-red:3.0.2-main-linux-arm64 scan results

1 files  ±0  4 suites  ±0   0s ⏱️ ±0s
4 tests  - 6  0 ✔️ ±0  0 💤 ±0  4  - 6 
5 runs   - 6  0 ✔️ ±0  0 💤 ±0  5  - 6 

For more details on these failures, see this check.

Results for commit 7602b20. ± Comparison against base commit 721173e.

This pull request removes 6 tests. 
axios-0.27.2 ‑ [MEDIUM] CVE-2023-45857
curl-8.4.0-r0 ‑ [MEDIUM] CVE-2023-46218
libcrypto3-3.1.4-r0 ‑ [MEDIUM] CVE-2023-5678
libcurl-8.4.0-r0 ‑ [MEDIUM] CVE-2023-46218
libssl3-3.1.4-r0 ‑ [MEDIUM] CVE-2023-5678
openssl-3.1.4-r0 ‑ [MEDIUM] CVE-2023-5678

@github-actions GitHub Actions
Copy link

file-server:main-linux-arm64 scan results

0 tests  ±0   0 ✔️ ±0   0s ⏱️ ±0s
2 suites ±0   0 💤 ±0 
1 files   ±0   0 ±0 

Results for commit 7602b20. ± Comparison against base commit 721173e.

@github-actions GitHub Actions
Copy link

forge-k8s:main-linux-arm64 scan results

1 tests  ±0   0 ✔️ ±0   0s ⏱️ ±0s
4 suites ±0   0 💤 ±0 
1 files   ±0   1 ±0 

For more details on these failures, see this check.

Results for commit 7602b20. ± Comparison against base commit 721173e.

@hardillb
Copy link
Contributor

Looks like the re-spin of the 3.0.2 removed all the OS level CVEs (only npm left by the look of it)

@ppawlowski ppawlowski marked this pull request as ready for review December 21, 2023 06:37
@hardillb hardillb merged commit 63ee657 into v2 Dec 21, 2023
5 checks passed
@hardillb hardillb deleted the feat-misconfig-scan branch December 21, 2023 09:14
@ppawlowski ppawlowski mentioned this pull request Jan 17, 2024
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hardillb hardillb hardillb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ppawlowski @hardillb