Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: address security concerns #4681

Merged
merged 12 commits into from Nov 29, 2023
Merged

fix: address security concerns #4681

merged 12 commits into from Nov 29, 2023

Conversation

pdabelf5
Copy link
Collaborator

@pdabelf5 pdabelf5 commented Nov 20, 2023
edited

Proposed changes

Add the "Harden Runner" step to all CI jobs, this should help point out
the required rules for egress traffic. This can be changed to block
all egress with a whitelist of allowed domains in future.

Address scope of GITHUB_TOKEN in release Pull request action

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@pdabelf5
fix: address scope of GITHUB_TOKEN in release
bdb1e0e
@pdabelf5
feat: add auditing or runner egress
b2123f2 
Add the "Harden Runner" step to all CI jobs, this should help point out
the required rules for egress traffic.  This can be changed to block
all egress with a whitelist of allowed domains in future.
@pdabelf5 pdabelf5 requested a review from a team as a code owner November 20, 2023 14:13
@pdabelf5 pdabelf5 self-assigned this Nov 20, 2023
@pdabelf5 pdabelf5 added enhancement Pull requests for new features/feature enhancements github_actions Pull requests that update Github_actions code labels Nov 20, 2023
@pdabelf5 pdabelf5 added this to the v3.4.0 milestone Nov 20, 2023
@pdabelf5 pdabelf5 linked an issue Nov 20, 2023 that may be closed by this pull request
Security Review #4657
Closed
@github-actions github-actions bot removed the enhancement Pull requests for new features/feature enhancements label Nov 20, 2023
@codecov Codecov
Copy link

codecov bot commented Nov 21, 2023
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (b2b62ff) 52.08% compared to head (530d51d) 52.10%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4681      +/-   ##
==========================================
+ Coverage   52.08%   52.10%   +0.02%     
==========================================
  Files          59       59              
  Lines       17033    17033              
==========================================
+ Hits         8871     8875       +4     
+ Misses       7862     7860       -2     
+ Partials      300      298       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jjngx
jjngx approved these changes Nov 23, 2023
View reviewed changes
Copy link
Contributor

@jjngx jjngx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻

@jjngx jjngx requested a review from a team November 23, 2023 13:38
@pdabelf5 pdabelf5 merged commit 39f9fa3 into main Nov 29, 2023
62 of 66 checks passed
@pdabelf5 pdabelf5 deleted the address-security-concerns branch November 29, 2023 18:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucacome lucacome lucacome approved these changes

@jjngx jjngx jjngx approved these changes

@shaun-nx shaun-nx Awaiting requested review from shaun-nx

@danielnginx danielnginx Awaiting requested review from danielnginx

Assignees

@pdabelf5 pdabelf5

Labels
github_actions Pull requests that update Github_actions code
Projects
NGINX Ingress Controller
Status: Done 🚀
Milestone
v3.4.0
Development

Successfully merging this pull request may close these issues.

Security Review
3 participants
@pdabelf5 @lucacome @jjngx