From e7f1863fe90d1de4e886de451433780ff0299ee6 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 09:37:21 +0530 Subject: [PATCH 01/14] datadog_test --- .github/workflows/codeql.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 763c62d7e..4606eaf43 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -18,9 +18,11 @@ jobs: strategy: fail-fast: false steps: - - uses: hyperwallet/public-security-workflows/codeql@main + - uses: hyperwallet/public-security-workflows/codeql@datadog with: language: java build-mode: 'none' timeout-minutes: 25 + secrets: + DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} From ff14351309eaca4cf677e9b0e26bfce148237664 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 09:38:26 +0530 Subject: [PATCH 02/14] datadog_test --- .github/workflows/codeql.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4606eaf43..7f608d54c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,6 +23,5 @@ jobs: language: java build-mode: 'none' timeout-minutes: 25 - secrets: DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} From 3d04110ef5dbdaf96d0c057d0fa8eacff0eb853e Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 09:46:50 +0530 Subject: [PATCH 03/14] test --- .github/workflows/codeql.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7f608d54c..b43ec5daa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -18,10 +18,11 @@ jobs: strategy: fail-fast: false steps: - - uses: hyperwallet/public-security-workflows/codeql@datadog + - uses: hyperwallet/public-security-workflows/.github/workflows/codeql-java@datadog with: language: java build-mode: 'none' timeout-minutes: 25 + secrets: DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} From 8866f29b6b190b8d5d253f7b55734e19e17704e4 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 09:47:54 +0530 Subject: [PATCH 04/14] test --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b43ec5daa..849e3f089 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,6 +23,6 @@ jobs: language: java build-mode: 'none' timeout-minutes: 25 - secrets: + secrets: DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} From a29cb5fe79940ed3713bae4deeec3faac7afa1a6 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 09:53:41 +0530 Subject: [PATCH 05/14] test --- .github/workflows/codeql.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 849e3f089..2629874dd 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -26,3 +26,5 @@ jobs: secrets: DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} + + From 8665e7cc69a4bea0016701b45664d3f92cd5efc5 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 09:58:52 +0530 Subject: [PATCH 06/14] test --- .github/workflows/codeql.yml | 27 ++++++++------------------- 1 file changed, 8 insertions(+), 19 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2629874dd..667a7697e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -6,25 +6,14 @@ on: workflow_dispatch: jobs: - analyze: - name: Code Scanning - CodeQL - runs-on: ubuntu-latest - timeout-minutes: 25 - permissions: - security-events: write - packages: read - actions: read - contents: read + codeql-java: strategy: fail-fast: false - steps: - - uses: hyperwallet/public-security-workflows/.github/workflows/codeql-java@datadog - with: - language: java - build-mode: 'none' - timeout-minutes: 25 - secrets: - DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} - - + uses: hyperwallet/public-security-workflows/.github/workflows/codeql-java.yml@datadog + with: + language: java + build-mode: 'none' + timeout-minutes: 25 + secrets: + DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} From 6486abaefa68fe3a997a198748bf8b114bdf1cec Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 10:26:38 +0530 Subject: [PATCH 07/14] test --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 667a7697e..b5881d7d1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -12,7 +12,7 @@ jobs: uses: hyperwallet/public-security-workflows/.github/workflows/codeql-java.yml@datadog with: language: java - build-mode: 'none' + build-command: 'none' timeout-minutes: 25 secrets: DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} From 6490573ecda7c1ab06c859e0286020c6631e9802 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 10:36:48 +0530 Subject: [PATCH 08/14] test6 --- .github/workflows/codeql.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b5881d7d1..ded6d6dff 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -14,6 +14,4 @@ jobs: language: java build-command: 'none' timeout-minutes: 25 - secrets: - DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} - + DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} \ No newline at end of file From 1b30ab70192243975a9fa4ce2efa47663e0cceb3 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 10:39:18 +0530 Subject: [PATCH 09/14] test5 --- .github/workflows/codeql.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ded6d6dff..dfd9c3659 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -14,4 +14,5 @@ jobs: language: java build-command: 'none' timeout-minutes: 25 + secrets: DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} \ No newline at end of file From 57aa0e032a38c46547047bf0b7f1ee798496fd2a Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 10:53:36 +0530 Subject: [PATCH 10/14] Dependency review add --- .github/workflows/dependency-review.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 15a228e1f..f23867f4a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,4 +1,4 @@ -name: CodeQL Dependency Review - SCA +name: Dependency Review on: pull_request: @@ -7,4 +7,6 @@ on: jobs: dependency-review: - uses: hyperwallet/public-security-workflows/commit-status@main + uses: hyperwallet/public-security-workflows/.github/workflows/dependency-review.yml@main + secrets: + DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} \ No newline at end of file From 87dcbe91f2728d991e7a5c1dd1ecaa72233fbd7a Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 11:01:34 +0530 Subject: [PATCH 11/14] test dg --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index f23867f4a..a356d030a 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -7,6 +7,6 @@ on: jobs: dependency-review: - uses: hyperwallet/public-security-workflows/.github/workflows/dependency-review.yml@main + uses: hyperwallet/public-security-workflows/.github/workflows/dependency-review.yml@datadog secrets: DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} \ No newline at end of file From bf62c3b57a88b918c6a714eb8362e3050225e15d Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 11:06:38 +0530 Subject: [PATCH 12/14] restructure the sca --- .github/workflows/dependency-review.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index a356d030a..5aa84212d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,8 +1,11 @@ name: Dependency Review on: - pull_request: push: + branches: ['master'] + + pull_request: + branches: [ master ] workflow_dispatch: jobs: From 9bc0154500409dbcdeadd3c68a4d0e3bebc38a58 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 11:10:10 +0530 Subject: [PATCH 13/14] main branch of security workflows --- .github/workflows/codeql.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dfd9c3659..14a4551ef 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -9,7 +9,7 @@ jobs: codeql-java: strategy: fail-fast: false - uses: hyperwallet/public-security-workflows/.github/workflows/codeql-java.yml@datadog + uses: hyperwallet/public-security-workflows/.github/workflows/codeql-java.yml@main with: language: java build-command: 'none' diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 5aa84212d..f27b96b83 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -10,6 +10,6 @@ on: jobs: dependency-review: - uses: hyperwallet/public-security-workflows/.github/workflows/dependency-review.yml@datadog + uses: hyperwallet/public-security-workflows/.github/workflows/dependency-review.yml@main secrets: DATADOG_API_KEY: ${{ secrets.DATADOG_PAYPAL_QA_TOKEN }} \ No newline at end of file From 2ba8a4a2029e2c70bda9b0af85fad15b4f6f9c44 Mon Sep 17 00:00:00 2001 From: sekhara-madduru <123759301+sekhara-madduru@users.noreply.github.com> Date: Sun, 28 Sep 2025 11:19:54 +0530 Subject: [PATCH 14/14] sca-filter review --- .github/workflows/dependency-review.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index f27b96b83..8f2fe9dad 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,12 +1,8 @@ name: Dependency Review on: - push: - branches: ['master'] - pull_request: branches: [ master ] - workflow_dispatch: jobs: dependency-review: