Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for code security issue and vulnerabilties #850

Closed
tdruez opened this issue Aug 9, 2023 · 0 comments
Closed

Check for code security issue and vulnerabilties #850

tdruez opened this issue Aug 9, 2023 · 0 comments

Comments

@tdruez
Copy link
Member

tdruez commented Aug 9, 2023

Enforce this check in the CI workflows.
tdruez added a commit that referenced this issue Aug 9, 2023
@tdruez
Add comments for the lxml usage in tests #850
967a2d3 
Signed-off-by: Thomas Druez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Aug 9, 2023
@tdruez
Add a nosec and comment for the sha1 function #850
0ca35a0 
Signed-off-by: Thomas Druez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Aug 11, 2023
@tdruez
Enhance the run_command into in safer run_command_safely #850
372372e 
Signed-off-by: Thomas Druez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Aug 11, 2023
@tdruez
Add bandit analyzer to the check stack #850
3406576 
Signed-off-by: Thomas Druez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Aug 12, 2023
@tdruez
Add Django "check --deploy" to the CI validation stack #850
a408ffb 
Signed-off-by: Thomas Druez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Aug 12, 2023
@tdruez
Add changelog entry #850
57f0c06 
Signed-off-by: Thomas Druez <tdruez@nexb.com>
tdruez added a commit that referenced this issue Aug 12, 2023
@tdruez
Enhance codebase security and add security checks #850 (#851)
a27f565 
* Use the git module in place of subprocess call

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Add gitpython as dependency

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Set timeout for requests call

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Replace assert statements by proper raise exception

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Remove the graph management command

This command pre-date the UI, it is not useful anymore and depend on subprocess calls

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Pin the Ubuntu version in git workflows

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Add comments for the lxml usage in tests #850

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Add a nosec and comment for the sha1 function #850

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Enhance the run_command into in safer run_command_safely #850

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Add bandit analyzer to the check stack #850

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Add Django "check --deploy" to the CI validation stack #850

Signed-off-by: Thomas Druez <tdruez@nexb.com>

* Add changelog entry #850

Signed-off-by: Thomas Druez <tdruez@nexb.com>

---------

Signed-off-by: Thomas Druez <tdruez@nexb.com>
@tdruez tdruez closed this as completed Aug 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tdruez