Update workflow file to include linting and static security scans #106
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
adhilto
approved these changes
Dec 14, 2023
llwaterhouse
approved these changes
Dec 15, 2023
mitchelbaker-cisa
added a commit
that referenced
this pull request
Dec 20, 2023
* added branch naming conventions to Contributing, fixed typo (#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (#101) (#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
cbaxley
added a commit
that referenced
this pull request
Dec 26, 2023
* added branch naming conventions to Contributing, fixed typo (#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (#101) (#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
cbaxley
added a commit
that referenced
this pull request
Jan 10, 2024
* added branch naming conventions to Contributing, fixed typo (#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (#101) (#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
mitchelbaker-cisa
added a commit
to mitchelbaker-cisa/LME
that referenced
this pull request
Jan 31, 2024
* added branch naming conventions to Contributing, fixed typo (cisagov#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (cisagov#101) (cisagov#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (cisagov#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (cisagov#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (cisagov#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (cisagov#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (cisagov#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (cisagov#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (cisagov#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (cisagov#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (cisagov#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (cisagov#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🗣 Description
I have updated the main.yml to include linting of our code as well as a semgrep static security scan.
As of now the actions are set to run during the following events:
As of now I have set the scans to allow failure. This means they do in fact have findings - but in order to not jam up the pipeline they will just continue. Results should be reviewed and improvements made to ymls, install scripts etc as we see fit. Additionally, I should be able to add ignores for items we think are false positives or not needed.
Here's an example of a pipeline run:
lint job: https://github.com/cisagov/LME/actions/runs/7209632958/job/19640983024
semgrep job: https://github.com/cisagov/LME/actions/runs/7209632958/job/19640982724
You should also be able to see the results of the checks in this PR at the bottom near review required.
The release job will be skipped unless we are actually creating a release with a 'tag'