Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of [NET-2420] security: re-enable security scan release block into release/1.3.x #3650

Merged
merged 2 commits into from
Feb 21, 2024
Merged

Backport of [NET-2420] security: re-enable security scan release block into release/1.3.x #3650

merged 2 commits into from
Feb 21, 2024

Conversation

hc-github-team-consul-core
Copy link
Collaborator

@hc-github-team-consul-core hc-github-team-consul-core commented Feb 17, 2024
edited by zalimeni

Backport

This PR is auto-generated from #3628 to be assessed for backporting due to the inclusion of the label backport/1.3.x.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@zalimeni
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/consul-k8s/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

Follow-up to #3625 to re-enable scans.

Changes proposed in this PR

Scanner config is intentionally aligned w/ changes made in hashicorp/consul#19978 for consistency.

How I've tested this PR

CI continues to pass, scan results are working as expected.

How I expect reviewers to test this PR

👀

Checklist

Overview of commits

@hashicorp-cla
Copy link

hashicorp-cla commented Feb 17, 2024
edited

CLA assistant check
All committers have signed the CLA.

@zalimeni zalimeni force-pushed the backport/zalimeni/net-2420-reenable-security-scans-k8s/nationally-saving-lionfish branch from 36e8b8b to 9777914 Compare February 17, 2024 17:23
@zalimeni
security: re-enable security scan release block
6386099 
This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

Also add security scans on PR and merge to protected branches to allow
proactive triage going forward.

See hashicorp/consul#19978 for similar change in that repo, adapted
here.
@zalimeni
security: add scan triage for CVE-2024-25620 (helm/v3)
af0d217 
Triage this scan result as `consul-k8s` should not be directly
impacted and it is medium severity. Follow-up ticket filed for
remediation.

Also improve formatting of scan config since this change will be
backported.
@zalimeni zalimeni force-pushed the backport/zalimeni/net-2420-reenable-security-scans-k8s/nationally-saving-lionfish branch from c6a8ce9 to af0d217 Compare February 21, 2024 13:20
@zalimeni zalimeni mentioned this pull request Feb 21, 2024
Closed
2 tasks
@zalimeni zalimeni marked this pull request as ready for review February 21, 2024 13:26
@zalimeni zalimeni enabled auto-merge (squash) February 21, 2024 13:26
@zalimeni zalimeni merged commit ea04b4a into release/1.3.x Feb 21, 2024
25 of 50 checks passed
@zalimeni zalimeni deleted the backport/zalimeni/net-2420-reenable-security-scans-k8s/nationally-saving-lionfish branch February 21, 2024 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zalimeni zalimeni zalimeni approved these changes

Assignees

@zalimeni zalimeni

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hc-github-team-consul-core @hashicorp-cla @zalimeni